1 /* 2 * net/sched/cls_flower.c Flower classifier 3 * 4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 */ 11 12 #include <linux/kernel.h> 13 #include <linux/init.h> 14 #include <linux/module.h> 15 #include <linux/rhashtable.h> 16 #include <linux/workqueue.h> 17 18 #include <linux/if_ether.h> 19 #include <linux/in6.h> 20 #include <linux/ip.h> 21 #include <linux/mpls.h> 22 23 #include <net/sch_generic.h> 24 #include <net/pkt_cls.h> 25 #include <net/ip.h> 26 #include <net/flow_dissector.h> 27 28 #include <net/dst.h> 29 #include <net/dst_metadata.h> 30 31 struct fl_flow_key { 32 int indev_ifindex; 33 struct flow_dissector_key_control control; 34 struct flow_dissector_key_control enc_control; 35 struct flow_dissector_key_basic basic; 36 struct flow_dissector_key_eth_addrs eth; 37 struct flow_dissector_key_vlan vlan; 38 union { 39 struct flow_dissector_key_ipv4_addrs ipv4; 40 struct flow_dissector_key_ipv6_addrs ipv6; 41 }; 42 struct flow_dissector_key_ports tp; 43 struct flow_dissector_key_icmp icmp; 44 struct flow_dissector_key_arp arp; 45 struct flow_dissector_key_keyid enc_key_id; 46 union { 47 struct flow_dissector_key_ipv4_addrs enc_ipv4; 48 struct flow_dissector_key_ipv6_addrs enc_ipv6; 49 }; 50 struct flow_dissector_key_ports enc_tp; 51 struct flow_dissector_key_mpls mpls; 52 struct flow_dissector_key_tcp tcp; 53 struct flow_dissector_key_ip ip; 54 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ 55 56 struct fl_flow_mask_range { 57 unsigned short int start; 58 unsigned short int end; 59 }; 60 61 struct fl_flow_mask { 62 struct fl_flow_key key; 63 struct fl_flow_mask_range range; 64 struct rhash_head ht_node; 65 struct rhashtable ht; 66 struct rhashtable_params filter_ht_params; 67 struct flow_dissector dissector; 68 struct list_head filters; 69 struct rcu_head rcu; 70 struct list_head list; 71 }; 72 73 struct cls_fl_head { 74 struct rhashtable ht; 75 struct list_head masks; 76 struct rcu_work rwork; 77 struct idr handle_idr; 78 }; 79 80 struct cls_fl_filter { 81 struct fl_flow_mask *mask; 82 struct rhash_head ht_node; 83 struct fl_flow_key mkey; 84 struct tcf_exts exts; 85 struct tcf_result res; 86 struct fl_flow_key key; 87 struct list_head list; 88 u32 handle; 89 u32 flags; 90 struct rcu_work rwork; 91 struct net_device *hw_dev; 92 }; 93 94 static const struct rhashtable_params mask_ht_params = { 95 .key_offset = offsetof(struct fl_flow_mask, key), 96 .key_len = sizeof(struct fl_flow_key), 97 .head_offset = offsetof(struct fl_flow_mask, ht_node), 98 .automatic_shrinking = true, 99 }; 100 101 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask) 102 { 103 return mask->range.end - mask->range.start; 104 } 105 106 static void fl_mask_update_range(struct fl_flow_mask *mask) 107 { 108 const u8 *bytes = (const u8 *) &mask->key; 109 size_t size = sizeof(mask->key); 110 size_t i, first = 0, last; 111 112 for (i = 0; i < size; i++) { 113 if (bytes[i]) { 114 first = i; 115 break; 116 } 117 } 118 last = first; 119 for (i = size - 1; i != first; i--) { 120 if (bytes[i]) { 121 last = i; 122 break; 123 } 124 } 125 mask->range.start = rounddown(first, sizeof(long)); 126 mask->range.end = roundup(last + 1, sizeof(long)); 127 } 128 129 static void *fl_key_get_start(struct fl_flow_key *key, 130 const struct fl_flow_mask *mask) 131 { 132 return (u8 *) key + mask->range.start; 133 } 134 135 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key, 136 struct fl_flow_mask *mask) 137 { 138 const long *lkey = fl_key_get_start(key, mask); 139 const long *lmask = fl_key_get_start(&mask->key, mask); 140 long *lmkey = fl_key_get_start(mkey, mask); 141 int i; 142 143 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) 144 *lmkey++ = *lkey++ & *lmask++; 145 } 146 147 static void fl_clear_masked_range(struct fl_flow_key *key, 148 struct fl_flow_mask *mask) 149 { 150 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask)); 151 } 152 153 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask, 154 struct fl_flow_key *mkey) 155 { 156 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask), 157 mask->filter_ht_params); 158 } 159 160 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp, 161 struct tcf_result *res) 162 { 163 struct cls_fl_head *head = rcu_dereference_bh(tp->root); 164 struct cls_fl_filter *f; 165 struct fl_flow_mask *mask; 166 struct fl_flow_key skb_key; 167 struct fl_flow_key skb_mkey; 168 169 list_for_each_entry_rcu(mask, &head->masks, list) { 170 fl_clear_masked_range(&skb_key, mask); 171 172 skb_key.indev_ifindex = skb->skb_iif; 173 /* skb_flow_dissect() does not set n_proto in case an unknown 174 * protocol, so do it rather here. 175 */ 176 skb_key.basic.n_proto = skb->protocol; 177 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key); 178 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0); 179 180 fl_set_masked_key(&skb_mkey, &skb_key, mask); 181 182 f = fl_lookup(mask, &skb_mkey); 183 if (f && !tc_skip_sw(f->flags)) { 184 *res = f->res; 185 return tcf_exts_exec(skb, &f->exts, res); 186 } 187 } 188 return -1; 189 } 190 191 static int fl_init(struct tcf_proto *tp) 192 { 193 struct cls_fl_head *head; 194 195 head = kzalloc(sizeof(*head), GFP_KERNEL); 196 if (!head) 197 return -ENOBUFS; 198 199 INIT_LIST_HEAD_RCU(&head->masks); 200 rcu_assign_pointer(tp->root, head); 201 idr_init(&head->handle_idr); 202 203 return rhashtable_init(&head->ht, &mask_ht_params); 204 } 205 206 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask, 207 bool async) 208 { 209 if (!list_empty(&mask->filters)) 210 return false; 211 212 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params); 213 rhashtable_destroy(&mask->ht); 214 list_del_rcu(&mask->list); 215 if (async) 216 kfree_rcu(mask, rcu); 217 else 218 kfree(mask); 219 220 return true; 221 } 222 223 static void __fl_destroy_filter(struct cls_fl_filter *f) 224 { 225 tcf_exts_destroy(&f->exts); 226 tcf_exts_put_net(&f->exts); 227 kfree(f); 228 } 229 230 static void fl_destroy_filter_work(struct work_struct *work) 231 { 232 struct cls_fl_filter *f = container_of(to_rcu_work(work), 233 struct cls_fl_filter, rwork); 234 235 rtnl_lock(); 236 __fl_destroy_filter(f); 237 rtnl_unlock(); 238 } 239 240 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f, 241 struct netlink_ext_ack *extack) 242 { 243 struct tc_cls_flower_offload cls_flower = {}; 244 struct tcf_block *block = tp->chain->block; 245 246 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack); 247 cls_flower.command = TC_CLSFLOWER_DESTROY; 248 cls_flower.cookie = (unsigned long) f; 249 250 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER, 251 &cls_flower, false); 252 tcf_block_offload_dec(block, &f->flags); 253 } 254 255 static int fl_hw_replace_filter(struct tcf_proto *tp, 256 struct cls_fl_filter *f, 257 struct netlink_ext_ack *extack) 258 { 259 struct tc_cls_flower_offload cls_flower = {}; 260 struct tcf_block *block = tp->chain->block; 261 bool skip_sw = tc_skip_sw(f->flags); 262 int err; 263 264 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack); 265 cls_flower.command = TC_CLSFLOWER_REPLACE; 266 cls_flower.cookie = (unsigned long) f; 267 cls_flower.dissector = &f->mask->dissector; 268 cls_flower.mask = &f->mask->key; 269 cls_flower.key = &f->mkey; 270 cls_flower.exts = &f->exts; 271 cls_flower.classid = f->res.classid; 272 273 err = tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER, 274 &cls_flower, skip_sw); 275 if (err < 0) { 276 fl_hw_destroy_filter(tp, f, NULL); 277 return err; 278 } else if (err > 0) { 279 tcf_block_offload_inc(block, &f->flags); 280 } 281 282 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW)) 283 return -EINVAL; 284 285 return 0; 286 } 287 288 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f) 289 { 290 struct tc_cls_flower_offload cls_flower = {}; 291 struct tcf_block *block = tp->chain->block; 292 293 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL); 294 cls_flower.command = TC_CLSFLOWER_STATS; 295 cls_flower.cookie = (unsigned long) f; 296 cls_flower.exts = &f->exts; 297 cls_flower.classid = f->res.classid; 298 299 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER, 300 &cls_flower, false); 301 } 302 303 static bool __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f, 304 struct netlink_ext_ack *extack) 305 { 306 struct cls_fl_head *head = rtnl_dereference(tp->root); 307 bool async = tcf_exts_get_net(&f->exts); 308 bool last; 309 310 idr_remove(&head->handle_idr, f->handle); 311 list_del_rcu(&f->list); 312 last = fl_mask_put(head, f->mask, async); 313 if (!tc_skip_hw(f->flags)) 314 fl_hw_destroy_filter(tp, f, extack); 315 tcf_unbind_filter(tp, &f->res); 316 if (async) 317 tcf_queue_work(&f->rwork, fl_destroy_filter_work); 318 else 319 __fl_destroy_filter(f); 320 321 return last; 322 } 323 324 static void fl_destroy_sleepable(struct work_struct *work) 325 { 326 struct cls_fl_head *head = container_of(to_rcu_work(work), 327 struct cls_fl_head, 328 rwork); 329 kfree(head); 330 module_put(THIS_MODULE); 331 } 332 333 static void fl_destroy(struct tcf_proto *tp, struct netlink_ext_ack *extack) 334 { 335 struct cls_fl_head *head = rtnl_dereference(tp->root); 336 struct fl_flow_mask *mask, *next_mask; 337 struct cls_fl_filter *f, *next; 338 339 list_for_each_entry_safe(mask, next_mask, &head->masks, list) { 340 list_for_each_entry_safe(f, next, &mask->filters, list) { 341 if (__fl_delete(tp, f, extack)) 342 break; 343 } 344 } 345 idr_destroy(&head->handle_idr); 346 347 __module_get(THIS_MODULE); 348 tcf_queue_work(&head->rwork, fl_destroy_sleepable); 349 } 350 351 static void *fl_get(struct tcf_proto *tp, u32 handle) 352 { 353 struct cls_fl_head *head = rtnl_dereference(tp->root); 354 355 return idr_find(&head->handle_idr, handle); 356 } 357 358 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = { 359 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC }, 360 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 }, 361 [TCA_FLOWER_INDEV] = { .type = NLA_STRING, 362 .len = IFNAMSIZ }, 363 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN }, 364 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN }, 365 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN }, 366 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN }, 367 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 }, 368 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 }, 369 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 }, 370 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 }, 371 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 }, 372 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 }, 373 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, 374 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, 375 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) }, 376 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, 377 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 }, 378 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 }, 379 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 }, 380 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 }, 381 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 }, 382 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 }, 383 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 }, 384 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 }, 385 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 }, 386 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 }, 387 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 }, 388 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 }, 389 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, 390 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, 391 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) }, 392 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, 393 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 }, 394 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 }, 395 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 }, 396 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 }, 397 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 }, 398 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 }, 399 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 }, 400 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 }, 401 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 }, 402 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 }, 403 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 }, 404 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 }, 405 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 }, 406 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 }, 407 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 }, 408 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 }, 409 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 }, 410 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 }, 411 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 }, 412 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 }, 413 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 }, 414 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 }, 415 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 }, 416 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 }, 417 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 }, 418 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 }, 419 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 }, 420 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 }, 421 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN }, 422 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN }, 423 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN }, 424 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN }, 425 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 }, 426 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 }, 427 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 }, 428 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 }, 429 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 }, 430 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 }, 431 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 }, 432 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 }, 433 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 }, 434 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 }, 435 }; 436 437 static void fl_set_key_val(struct nlattr **tb, 438 void *val, int val_type, 439 void *mask, int mask_type, int len) 440 { 441 if (!tb[val_type]) 442 return; 443 memcpy(val, nla_data(tb[val_type]), len); 444 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type]) 445 memset(mask, 0xff, len); 446 else 447 memcpy(mask, nla_data(tb[mask_type]), len); 448 } 449 450 static int fl_set_key_mpls(struct nlattr **tb, 451 struct flow_dissector_key_mpls *key_val, 452 struct flow_dissector_key_mpls *key_mask) 453 { 454 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) { 455 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]); 456 key_mask->mpls_ttl = MPLS_TTL_MASK; 457 } 458 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) { 459 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]); 460 461 if (bos & ~MPLS_BOS_MASK) 462 return -EINVAL; 463 key_val->mpls_bos = bos; 464 key_mask->mpls_bos = MPLS_BOS_MASK; 465 } 466 if (tb[TCA_FLOWER_KEY_MPLS_TC]) { 467 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]); 468 469 if (tc & ~MPLS_TC_MASK) 470 return -EINVAL; 471 key_val->mpls_tc = tc; 472 key_mask->mpls_tc = MPLS_TC_MASK; 473 } 474 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) { 475 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]); 476 477 if (label & ~MPLS_LABEL_MASK) 478 return -EINVAL; 479 key_val->mpls_label = label; 480 key_mask->mpls_label = MPLS_LABEL_MASK; 481 } 482 return 0; 483 } 484 485 static void fl_set_key_vlan(struct nlattr **tb, 486 struct flow_dissector_key_vlan *key_val, 487 struct flow_dissector_key_vlan *key_mask) 488 { 489 #define VLAN_PRIORITY_MASK 0x7 490 491 if (tb[TCA_FLOWER_KEY_VLAN_ID]) { 492 key_val->vlan_id = 493 nla_get_u16(tb[TCA_FLOWER_KEY_VLAN_ID]) & VLAN_VID_MASK; 494 key_mask->vlan_id = VLAN_VID_MASK; 495 } 496 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) { 497 key_val->vlan_priority = 498 nla_get_u8(tb[TCA_FLOWER_KEY_VLAN_PRIO]) & 499 VLAN_PRIORITY_MASK; 500 key_mask->vlan_priority = VLAN_PRIORITY_MASK; 501 } 502 } 503 504 static void fl_set_key_flag(u32 flower_key, u32 flower_mask, 505 u32 *dissector_key, u32 *dissector_mask, 506 u32 flower_flag_bit, u32 dissector_flag_bit) 507 { 508 if (flower_mask & flower_flag_bit) { 509 *dissector_mask |= dissector_flag_bit; 510 if (flower_key & flower_flag_bit) 511 *dissector_key |= dissector_flag_bit; 512 } 513 } 514 515 static int fl_set_key_flags(struct nlattr **tb, 516 u32 *flags_key, u32 *flags_mask) 517 { 518 u32 key, mask; 519 520 /* mask is mandatory for flags */ 521 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) 522 return -EINVAL; 523 524 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS])); 525 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK])); 526 527 *flags_key = 0; 528 *flags_mask = 0; 529 530 fl_set_key_flag(key, mask, flags_key, flags_mask, 531 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); 532 fl_set_key_flag(key, mask, flags_key, flags_mask, 533 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, 534 FLOW_DIS_FIRST_FRAG); 535 536 return 0; 537 } 538 539 static void fl_set_key_ip(struct nlattr **tb, 540 struct flow_dissector_key_ip *key, 541 struct flow_dissector_key_ip *mask) 542 { 543 fl_set_key_val(tb, &key->tos, TCA_FLOWER_KEY_IP_TOS, 544 &mask->tos, TCA_FLOWER_KEY_IP_TOS_MASK, 545 sizeof(key->tos)); 546 547 fl_set_key_val(tb, &key->ttl, TCA_FLOWER_KEY_IP_TTL, 548 &mask->ttl, TCA_FLOWER_KEY_IP_TTL_MASK, 549 sizeof(key->ttl)); 550 } 551 552 static int fl_set_key(struct net *net, struct nlattr **tb, 553 struct fl_flow_key *key, struct fl_flow_key *mask, 554 struct netlink_ext_ack *extack) 555 { 556 __be16 ethertype; 557 int ret = 0; 558 #ifdef CONFIG_NET_CLS_IND 559 if (tb[TCA_FLOWER_INDEV]) { 560 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack); 561 if (err < 0) 562 return err; 563 key->indev_ifindex = err; 564 mask->indev_ifindex = 0xffffffff; 565 } 566 #endif 567 568 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, 569 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, 570 sizeof(key->eth.dst)); 571 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, 572 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, 573 sizeof(key->eth.src)); 574 575 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) { 576 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]); 577 578 if (ethertype == htons(ETH_P_8021Q)) { 579 fl_set_key_vlan(tb, &key->vlan, &mask->vlan); 580 fl_set_key_val(tb, &key->basic.n_proto, 581 TCA_FLOWER_KEY_VLAN_ETH_TYPE, 582 &mask->basic.n_proto, TCA_FLOWER_UNSPEC, 583 sizeof(key->basic.n_proto)); 584 } else { 585 key->basic.n_proto = ethertype; 586 mask->basic.n_proto = cpu_to_be16(~0); 587 } 588 } 589 590 if (key->basic.n_proto == htons(ETH_P_IP) || 591 key->basic.n_proto == htons(ETH_P_IPV6)) { 592 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, 593 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, 594 sizeof(key->basic.ip_proto)); 595 fl_set_key_ip(tb, &key->ip, &mask->ip); 596 } 597 598 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) { 599 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 600 mask->control.addr_type = ~0; 601 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, 602 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, 603 sizeof(key->ipv4.src)); 604 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, 605 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, 606 sizeof(key->ipv4.dst)); 607 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) { 608 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 609 mask->control.addr_type = ~0; 610 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, 611 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, 612 sizeof(key->ipv6.src)); 613 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, 614 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, 615 sizeof(key->ipv6.dst)); 616 } 617 618 if (key->basic.ip_proto == IPPROTO_TCP) { 619 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, 620 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, 621 sizeof(key->tp.src)); 622 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, 623 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, 624 sizeof(key->tp.dst)); 625 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, 626 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, 627 sizeof(key->tcp.flags)); 628 } else if (key->basic.ip_proto == IPPROTO_UDP) { 629 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, 630 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, 631 sizeof(key->tp.src)); 632 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, 633 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, 634 sizeof(key->tp.dst)); 635 } else if (key->basic.ip_proto == IPPROTO_SCTP) { 636 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, 637 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, 638 sizeof(key->tp.src)); 639 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, 640 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, 641 sizeof(key->tp.dst)); 642 } else if (key->basic.n_proto == htons(ETH_P_IP) && 643 key->basic.ip_proto == IPPROTO_ICMP) { 644 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE, 645 &mask->icmp.type, 646 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, 647 sizeof(key->icmp.type)); 648 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE, 649 &mask->icmp.code, 650 TCA_FLOWER_KEY_ICMPV4_CODE_MASK, 651 sizeof(key->icmp.code)); 652 } else if (key->basic.n_proto == htons(ETH_P_IPV6) && 653 key->basic.ip_proto == IPPROTO_ICMPV6) { 654 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE, 655 &mask->icmp.type, 656 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, 657 sizeof(key->icmp.type)); 658 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE, 659 &mask->icmp.code, 660 TCA_FLOWER_KEY_ICMPV6_CODE_MASK, 661 sizeof(key->icmp.code)); 662 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) || 663 key->basic.n_proto == htons(ETH_P_MPLS_MC)) { 664 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls); 665 if (ret) 666 return ret; 667 } else if (key->basic.n_proto == htons(ETH_P_ARP) || 668 key->basic.n_proto == htons(ETH_P_RARP)) { 669 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP, 670 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK, 671 sizeof(key->arp.sip)); 672 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP, 673 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK, 674 sizeof(key->arp.tip)); 675 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP, 676 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK, 677 sizeof(key->arp.op)); 678 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, 679 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, 680 sizeof(key->arp.sha)); 681 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, 682 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, 683 sizeof(key->arp.tha)); 684 } 685 686 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] || 687 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) { 688 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 689 mask->enc_control.addr_type = ~0; 690 fl_set_key_val(tb, &key->enc_ipv4.src, 691 TCA_FLOWER_KEY_ENC_IPV4_SRC, 692 &mask->enc_ipv4.src, 693 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, 694 sizeof(key->enc_ipv4.src)); 695 fl_set_key_val(tb, &key->enc_ipv4.dst, 696 TCA_FLOWER_KEY_ENC_IPV4_DST, 697 &mask->enc_ipv4.dst, 698 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, 699 sizeof(key->enc_ipv4.dst)); 700 } 701 702 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] || 703 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) { 704 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 705 mask->enc_control.addr_type = ~0; 706 fl_set_key_val(tb, &key->enc_ipv6.src, 707 TCA_FLOWER_KEY_ENC_IPV6_SRC, 708 &mask->enc_ipv6.src, 709 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, 710 sizeof(key->enc_ipv6.src)); 711 fl_set_key_val(tb, &key->enc_ipv6.dst, 712 TCA_FLOWER_KEY_ENC_IPV6_DST, 713 &mask->enc_ipv6.dst, 714 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, 715 sizeof(key->enc_ipv6.dst)); 716 } 717 718 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID, 719 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC, 720 sizeof(key->enc_key_id.keyid)); 721 722 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, 723 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, 724 sizeof(key->enc_tp.src)); 725 726 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, 727 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, 728 sizeof(key->enc_tp.dst)); 729 730 if (tb[TCA_FLOWER_KEY_FLAGS]) 731 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags); 732 733 return ret; 734 } 735 736 static void fl_mask_copy(struct fl_flow_mask *dst, 737 struct fl_flow_mask *src) 738 { 739 const void *psrc = fl_key_get_start(&src->key, src); 740 void *pdst = fl_key_get_start(&dst->key, src); 741 742 memcpy(pdst, psrc, fl_mask_range(src)); 743 dst->range = src->range; 744 } 745 746 static const struct rhashtable_params fl_ht_params = { 747 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */ 748 .head_offset = offsetof(struct cls_fl_filter, ht_node), 749 .automatic_shrinking = true, 750 }; 751 752 static int fl_init_mask_hashtable(struct fl_flow_mask *mask) 753 { 754 mask->filter_ht_params = fl_ht_params; 755 mask->filter_ht_params.key_len = fl_mask_range(mask); 756 mask->filter_ht_params.key_offset += mask->range.start; 757 758 return rhashtable_init(&mask->ht, &mask->filter_ht_params); 759 } 760 761 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member) 762 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member)) 763 764 #define FL_KEY_IS_MASKED(mask, member) \ 765 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \ 766 0, FL_KEY_MEMBER_SIZE(member)) \ 767 768 #define FL_KEY_SET(keys, cnt, id, member) \ 769 do { \ 770 keys[cnt].key_id = id; \ 771 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \ 772 cnt++; \ 773 } while(0); 774 775 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \ 776 do { \ 777 if (FL_KEY_IS_MASKED(mask, member)) \ 778 FL_KEY_SET(keys, cnt, id, member); \ 779 } while(0); 780 781 static void fl_init_dissector(struct fl_flow_mask *mask) 782 { 783 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX]; 784 size_t cnt = 0; 785 786 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control); 787 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic); 788 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 789 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth); 790 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 791 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4); 792 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 793 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6); 794 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 795 FLOW_DISSECTOR_KEY_PORTS, tp); 796 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 797 FLOW_DISSECTOR_KEY_IP, ip); 798 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 799 FLOW_DISSECTOR_KEY_TCP, tcp); 800 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 801 FLOW_DISSECTOR_KEY_ICMP, icmp); 802 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 803 FLOW_DISSECTOR_KEY_ARP, arp); 804 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 805 FLOW_DISSECTOR_KEY_MPLS, mpls); 806 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 807 FLOW_DISSECTOR_KEY_VLAN, vlan); 808 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 809 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id); 810 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 811 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4); 812 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 813 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6); 814 if (FL_KEY_IS_MASKED(&mask->key, enc_ipv4) || 815 FL_KEY_IS_MASKED(&mask->key, enc_ipv6)) 816 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL, 817 enc_control); 818 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 819 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp); 820 821 skb_flow_dissector_init(&mask->dissector, keys, cnt); 822 } 823 824 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head, 825 struct fl_flow_mask *mask) 826 { 827 struct fl_flow_mask *newmask; 828 int err; 829 830 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL); 831 if (!newmask) 832 return ERR_PTR(-ENOMEM); 833 834 fl_mask_copy(newmask, mask); 835 836 err = fl_init_mask_hashtable(newmask); 837 if (err) 838 goto errout_free; 839 840 fl_init_dissector(newmask); 841 842 INIT_LIST_HEAD_RCU(&newmask->filters); 843 844 err = rhashtable_insert_fast(&head->ht, &newmask->ht_node, 845 mask_ht_params); 846 if (err) 847 goto errout_destroy; 848 849 list_add_tail_rcu(&newmask->list, &head->masks); 850 851 return newmask; 852 853 errout_destroy: 854 rhashtable_destroy(&newmask->ht); 855 errout_free: 856 kfree(newmask); 857 858 return ERR_PTR(err); 859 } 860 861 static int fl_check_assign_mask(struct cls_fl_head *head, 862 struct cls_fl_filter *fnew, 863 struct cls_fl_filter *fold, 864 struct fl_flow_mask *mask) 865 { 866 struct fl_flow_mask *newmask; 867 868 fnew->mask = rhashtable_lookup_fast(&head->ht, mask, mask_ht_params); 869 if (!fnew->mask) { 870 if (fold) 871 return -EINVAL; 872 873 newmask = fl_create_new_mask(head, mask); 874 if (IS_ERR(newmask)) 875 return PTR_ERR(newmask); 876 877 fnew->mask = newmask; 878 } else if (fold && fold->mask == fnew->mask) { 879 return -EINVAL; 880 } 881 882 return 0; 883 } 884 885 static int fl_set_parms(struct net *net, struct tcf_proto *tp, 886 struct cls_fl_filter *f, struct fl_flow_mask *mask, 887 unsigned long base, struct nlattr **tb, 888 struct nlattr *est, bool ovr, 889 struct netlink_ext_ack *extack) 890 { 891 int err; 892 893 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, extack); 894 if (err < 0) 895 return err; 896 897 if (tb[TCA_FLOWER_CLASSID]) { 898 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]); 899 tcf_bind_filter(tp, &f->res, base); 900 } 901 902 err = fl_set_key(net, tb, &f->key, &mask->key, extack); 903 if (err) 904 return err; 905 906 fl_mask_update_range(mask); 907 fl_set_masked_key(&f->mkey, &f->key, mask); 908 909 return 0; 910 } 911 912 static int fl_change(struct net *net, struct sk_buff *in_skb, 913 struct tcf_proto *tp, unsigned long base, 914 u32 handle, struct nlattr **tca, 915 void **arg, bool ovr, struct netlink_ext_ack *extack) 916 { 917 struct cls_fl_head *head = rtnl_dereference(tp->root); 918 struct cls_fl_filter *fold = *arg; 919 struct cls_fl_filter *fnew; 920 struct nlattr **tb; 921 struct fl_flow_mask mask = {}; 922 int err; 923 924 if (!tca[TCA_OPTIONS]) 925 return -EINVAL; 926 927 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL); 928 if (!tb) 929 return -ENOBUFS; 930 931 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS], 932 fl_policy, NULL); 933 if (err < 0) 934 goto errout_tb; 935 936 if (fold && handle && fold->handle != handle) { 937 err = -EINVAL; 938 goto errout_tb; 939 } 940 941 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL); 942 if (!fnew) { 943 err = -ENOBUFS; 944 goto errout_tb; 945 } 946 947 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0); 948 if (err < 0) 949 goto errout; 950 951 if (!handle) { 952 handle = 1; 953 err = idr_alloc_u32(&head->handle_idr, fnew, &handle, 954 INT_MAX, GFP_KERNEL); 955 } else if (!fold) { 956 /* user specifies a handle and it doesn't exist */ 957 err = idr_alloc_u32(&head->handle_idr, fnew, &handle, 958 handle, GFP_KERNEL); 959 } 960 if (err) 961 goto errout; 962 fnew->handle = handle; 963 964 if (tb[TCA_FLOWER_FLAGS]) { 965 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]); 966 967 if (!tc_flags_valid(fnew->flags)) { 968 err = -EINVAL; 969 goto errout_idr; 970 } 971 } 972 973 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr, 974 extack); 975 if (err) 976 goto errout_idr; 977 978 err = fl_check_assign_mask(head, fnew, fold, &mask); 979 if (err) 980 goto errout_idr; 981 982 if (!tc_skip_sw(fnew->flags)) { 983 if (!fold && fl_lookup(fnew->mask, &fnew->mkey)) { 984 err = -EEXIST; 985 goto errout_mask; 986 } 987 988 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node, 989 fnew->mask->filter_ht_params); 990 if (err) 991 goto errout_mask; 992 } 993 994 if (!tc_skip_hw(fnew->flags)) { 995 err = fl_hw_replace_filter(tp, fnew, extack); 996 if (err) 997 goto errout_mask; 998 } 999 1000 if (!tc_in_hw(fnew->flags)) 1001 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW; 1002 1003 if (fold) { 1004 if (!tc_skip_sw(fold->flags)) 1005 rhashtable_remove_fast(&fold->mask->ht, 1006 &fold->ht_node, 1007 fold->mask->filter_ht_params); 1008 if (!tc_skip_hw(fold->flags)) 1009 fl_hw_destroy_filter(tp, fold, NULL); 1010 } 1011 1012 *arg = fnew; 1013 1014 if (fold) { 1015 idr_replace(&head->handle_idr, fnew, fnew->handle); 1016 list_replace_rcu(&fold->list, &fnew->list); 1017 tcf_unbind_filter(tp, &fold->res); 1018 tcf_exts_get_net(&fold->exts); 1019 tcf_queue_work(&fold->rwork, fl_destroy_filter_work); 1020 } else { 1021 list_add_tail_rcu(&fnew->list, &fnew->mask->filters); 1022 } 1023 1024 kfree(tb); 1025 return 0; 1026 1027 errout_mask: 1028 fl_mask_put(head, fnew->mask, false); 1029 1030 errout_idr: 1031 if (fnew->handle) 1032 idr_remove(&head->handle_idr, fnew->handle); 1033 errout: 1034 tcf_exts_destroy(&fnew->exts); 1035 kfree(fnew); 1036 errout_tb: 1037 kfree(tb); 1038 return err; 1039 } 1040 1041 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last, 1042 struct netlink_ext_ack *extack) 1043 { 1044 struct cls_fl_head *head = rtnl_dereference(tp->root); 1045 struct cls_fl_filter *f = arg; 1046 1047 if (!tc_skip_sw(f->flags)) 1048 rhashtable_remove_fast(&f->mask->ht, &f->ht_node, 1049 f->mask->filter_ht_params); 1050 __fl_delete(tp, f, extack); 1051 *last = list_empty(&head->masks); 1052 return 0; 1053 } 1054 1055 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg) 1056 { 1057 struct cls_fl_head *head = rtnl_dereference(tp->root); 1058 struct cls_fl_filter *f; 1059 struct fl_flow_mask *mask; 1060 1061 list_for_each_entry_rcu(mask, &head->masks, list) { 1062 list_for_each_entry_rcu(f, &mask->filters, list) { 1063 if (arg->count < arg->skip) 1064 goto skip; 1065 if (arg->fn(tp, f, arg) < 0) { 1066 arg->stop = 1; 1067 break; 1068 } 1069 skip: 1070 arg->count++; 1071 } 1072 } 1073 } 1074 1075 static int fl_dump_key_val(struct sk_buff *skb, 1076 void *val, int val_type, 1077 void *mask, int mask_type, int len) 1078 { 1079 int err; 1080 1081 if (!memchr_inv(mask, 0, len)) 1082 return 0; 1083 err = nla_put(skb, val_type, len, val); 1084 if (err) 1085 return err; 1086 if (mask_type != TCA_FLOWER_UNSPEC) { 1087 err = nla_put(skb, mask_type, len, mask); 1088 if (err) 1089 return err; 1090 } 1091 return 0; 1092 } 1093 1094 static int fl_dump_key_mpls(struct sk_buff *skb, 1095 struct flow_dissector_key_mpls *mpls_key, 1096 struct flow_dissector_key_mpls *mpls_mask) 1097 { 1098 int err; 1099 1100 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask))) 1101 return 0; 1102 if (mpls_mask->mpls_ttl) { 1103 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL, 1104 mpls_key->mpls_ttl); 1105 if (err) 1106 return err; 1107 } 1108 if (mpls_mask->mpls_tc) { 1109 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC, 1110 mpls_key->mpls_tc); 1111 if (err) 1112 return err; 1113 } 1114 if (mpls_mask->mpls_label) { 1115 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL, 1116 mpls_key->mpls_label); 1117 if (err) 1118 return err; 1119 } 1120 if (mpls_mask->mpls_bos) { 1121 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS, 1122 mpls_key->mpls_bos); 1123 if (err) 1124 return err; 1125 } 1126 return 0; 1127 } 1128 1129 static int fl_dump_key_ip(struct sk_buff *skb, 1130 struct flow_dissector_key_ip *key, 1131 struct flow_dissector_key_ip *mask) 1132 { 1133 if (fl_dump_key_val(skb, &key->tos, TCA_FLOWER_KEY_IP_TOS, &mask->tos, 1134 TCA_FLOWER_KEY_IP_TOS_MASK, sizeof(key->tos)) || 1135 fl_dump_key_val(skb, &key->ttl, TCA_FLOWER_KEY_IP_TTL, &mask->ttl, 1136 TCA_FLOWER_KEY_IP_TTL_MASK, sizeof(key->ttl))) 1137 return -1; 1138 1139 return 0; 1140 } 1141 1142 static int fl_dump_key_vlan(struct sk_buff *skb, 1143 struct flow_dissector_key_vlan *vlan_key, 1144 struct flow_dissector_key_vlan *vlan_mask) 1145 { 1146 int err; 1147 1148 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask))) 1149 return 0; 1150 if (vlan_mask->vlan_id) { 1151 err = nla_put_u16(skb, TCA_FLOWER_KEY_VLAN_ID, 1152 vlan_key->vlan_id); 1153 if (err) 1154 return err; 1155 } 1156 if (vlan_mask->vlan_priority) { 1157 err = nla_put_u8(skb, TCA_FLOWER_KEY_VLAN_PRIO, 1158 vlan_key->vlan_priority); 1159 if (err) 1160 return err; 1161 } 1162 return 0; 1163 } 1164 1165 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask, 1166 u32 *flower_key, u32 *flower_mask, 1167 u32 flower_flag_bit, u32 dissector_flag_bit) 1168 { 1169 if (dissector_mask & dissector_flag_bit) { 1170 *flower_mask |= flower_flag_bit; 1171 if (dissector_key & dissector_flag_bit) 1172 *flower_key |= flower_flag_bit; 1173 } 1174 } 1175 1176 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask) 1177 { 1178 u32 key, mask; 1179 __be32 _key, _mask; 1180 int err; 1181 1182 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask))) 1183 return 0; 1184 1185 key = 0; 1186 mask = 0; 1187 1188 fl_get_key_flag(flags_key, flags_mask, &key, &mask, 1189 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); 1190 fl_get_key_flag(flags_key, flags_mask, &key, &mask, 1191 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, 1192 FLOW_DIS_FIRST_FRAG); 1193 1194 _key = cpu_to_be32(key); 1195 _mask = cpu_to_be32(mask); 1196 1197 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key); 1198 if (err) 1199 return err; 1200 1201 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask); 1202 } 1203 1204 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh, 1205 struct sk_buff *skb, struct tcmsg *t) 1206 { 1207 struct cls_fl_filter *f = fh; 1208 struct nlattr *nest; 1209 struct fl_flow_key *key, *mask; 1210 1211 if (!f) 1212 return skb->len; 1213 1214 t->tcm_handle = f->handle; 1215 1216 nest = nla_nest_start(skb, TCA_OPTIONS); 1217 if (!nest) 1218 goto nla_put_failure; 1219 1220 if (f->res.classid && 1221 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid)) 1222 goto nla_put_failure; 1223 1224 key = &f->key; 1225 mask = &f->mask->key; 1226 1227 if (mask->indev_ifindex) { 1228 struct net_device *dev; 1229 1230 dev = __dev_get_by_index(net, key->indev_ifindex); 1231 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name)) 1232 goto nla_put_failure; 1233 } 1234 1235 if (!tc_skip_hw(f->flags)) 1236 fl_hw_update_stats(tp, f); 1237 1238 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, 1239 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, 1240 sizeof(key->eth.dst)) || 1241 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, 1242 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, 1243 sizeof(key->eth.src)) || 1244 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE, 1245 &mask->basic.n_proto, TCA_FLOWER_UNSPEC, 1246 sizeof(key->basic.n_proto))) 1247 goto nla_put_failure; 1248 1249 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls)) 1250 goto nla_put_failure; 1251 1252 if (fl_dump_key_vlan(skb, &key->vlan, &mask->vlan)) 1253 goto nla_put_failure; 1254 1255 if ((key->basic.n_proto == htons(ETH_P_IP) || 1256 key->basic.n_proto == htons(ETH_P_IPV6)) && 1257 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, 1258 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, 1259 sizeof(key->basic.ip_proto)) || 1260 fl_dump_key_ip(skb, &key->ip, &mask->ip))) 1261 goto nla_put_failure; 1262 1263 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && 1264 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, 1265 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, 1266 sizeof(key->ipv4.src)) || 1267 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, 1268 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, 1269 sizeof(key->ipv4.dst)))) 1270 goto nla_put_failure; 1271 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && 1272 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, 1273 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, 1274 sizeof(key->ipv6.src)) || 1275 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, 1276 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, 1277 sizeof(key->ipv6.dst)))) 1278 goto nla_put_failure; 1279 1280 if (key->basic.ip_proto == IPPROTO_TCP && 1281 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, 1282 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, 1283 sizeof(key->tp.src)) || 1284 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, 1285 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, 1286 sizeof(key->tp.dst)) || 1287 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, 1288 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, 1289 sizeof(key->tcp.flags)))) 1290 goto nla_put_failure; 1291 else if (key->basic.ip_proto == IPPROTO_UDP && 1292 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, 1293 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, 1294 sizeof(key->tp.src)) || 1295 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, 1296 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, 1297 sizeof(key->tp.dst)))) 1298 goto nla_put_failure; 1299 else if (key->basic.ip_proto == IPPROTO_SCTP && 1300 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, 1301 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, 1302 sizeof(key->tp.src)) || 1303 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, 1304 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, 1305 sizeof(key->tp.dst)))) 1306 goto nla_put_failure; 1307 else if (key->basic.n_proto == htons(ETH_P_IP) && 1308 key->basic.ip_proto == IPPROTO_ICMP && 1309 (fl_dump_key_val(skb, &key->icmp.type, 1310 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type, 1311 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, 1312 sizeof(key->icmp.type)) || 1313 fl_dump_key_val(skb, &key->icmp.code, 1314 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code, 1315 TCA_FLOWER_KEY_ICMPV4_CODE_MASK, 1316 sizeof(key->icmp.code)))) 1317 goto nla_put_failure; 1318 else if (key->basic.n_proto == htons(ETH_P_IPV6) && 1319 key->basic.ip_proto == IPPROTO_ICMPV6 && 1320 (fl_dump_key_val(skb, &key->icmp.type, 1321 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type, 1322 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, 1323 sizeof(key->icmp.type)) || 1324 fl_dump_key_val(skb, &key->icmp.code, 1325 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code, 1326 TCA_FLOWER_KEY_ICMPV6_CODE_MASK, 1327 sizeof(key->icmp.code)))) 1328 goto nla_put_failure; 1329 else if ((key->basic.n_proto == htons(ETH_P_ARP) || 1330 key->basic.n_proto == htons(ETH_P_RARP)) && 1331 (fl_dump_key_val(skb, &key->arp.sip, 1332 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip, 1333 TCA_FLOWER_KEY_ARP_SIP_MASK, 1334 sizeof(key->arp.sip)) || 1335 fl_dump_key_val(skb, &key->arp.tip, 1336 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip, 1337 TCA_FLOWER_KEY_ARP_TIP_MASK, 1338 sizeof(key->arp.tip)) || 1339 fl_dump_key_val(skb, &key->arp.op, 1340 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op, 1341 TCA_FLOWER_KEY_ARP_OP_MASK, 1342 sizeof(key->arp.op)) || 1343 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, 1344 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, 1345 sizeof(key->arp.sha)) || 1346 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, 1347 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, 1348 sizeof(key->arp.tha)))) 1349 goto nla_put_failure; 1350 1351 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && 1352 (fl_dump_key_val(skb, &key->enc_ipv4.src, 1353 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src, 1354 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, 1355 sizeof(key->enc_ipv4.src)) || 1356 fl_dump_key_val(skb, &key->enc_ipv4.dst, 1357 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst, 1358 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, 1359 sizeof(key->enc_ipv4.dst)))) 1360 goto nla_put_failure; 1361 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && 1362 (fl_dump_key_val(skb, &key->enc_ipv6.src, 1363 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src, 1364 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, 1365 sizeof(key->enc_ipv6.src)) || 1366 fl_dump_key_val(skb, &key->enc_ipv6.dst, 1367 TCA_FLOWER_KEY_ENC_IPV6_DST, 1368 &mask->enc_ipv6.dst, 1369 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, 1370 sizeof(key->enc_ipv6.dst)))) 1371 goto nla_put_failure; 1372 1373 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID, 1374 &mask->enc_key_id, TCA_FLOWER_UNSPEC, 1375 sizeof(key->enc_key_id)) || 1376 fl_dump_key_val(skb, &key->enc_tp.src, 1377 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, 1378 &mask->enc_tp.src, 1379 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, 1380 sizeof(key->enc_tp.src)) || 1381 fl_dump_key_val(skb, &key->enc_tp.dst, 1382 TCA_FLOWER_KEY_ENC_UDP_DST_PORT, 1383 &mask->enc_tp.dst, 1384 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, 1385 sizeof(key->enc_tp.dst))) 1386 goto nla_put_failure; 1387 1388 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags)) 1389 goto nla_put_failure; 1390 1391 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags)) 1392 goto nla_put_failure; 1393 1394 if (tcf_exts_dump(skb, &f->exts)) 1395 goto nla_put_failure; 1396 1397 nla_nest_end(skb, nest); 1398 1399 if (tcf_exts_dump_stats(skb, &f->exts) < 0) 1400 goto nla_put_failure; 1401 1402 return skb->len; 1403 1404 nla_put_failure: 1405 nla_nest_cancel(skb, nest); 1406 return -1; 1407 } 1408 1409 static void fl_bind_class(void *fh, u32 classid, unsigned long cl) 1410 { 1411 struct cls_fl_filter *f = fh; 1412 1413 if (f && f->res.classid == classid) 1414 f->res.class = cl; 1415 } 1416 1417 static struct tcf_proto_ops cls_fl_ops __read_mostly = { 1418 .kind = "flower", 1419 .classify = fl_classify, 1420 .init = fl_init, 1421 .destroy = fl_destroy, 1422 .get = fl_get, 1423 .change = fl_change, 1424 .delete = fl_delete, 1425 .walk = fl_walk, 1426 .dump = fl_dump, 1427 .bind_class = fl_bind_class, 1428 .owner = THIS_MODULE, 1429 }; 1430 1431 static int __init cls_fl_init(void) 1432 { 1433 return register_tcf_proto_ops(&cls_fl_ops); 1434 } 1435 1436 static void __exit cls_fl_exit(void) 1437 { 1438 unregister_tcf_proto_ops(&cls_fl_ops); 1439 } 1440 1441 module_init(cls_fl_init); 1442 module_exit(cls_fl_exit); 1443 1444 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>"); 1445 MODULE_DESCRIPTION("Flower classifier"); 1446 MODULE_LICENSE("GPL v2"); 1447