2 * net/sched/cls_flower.c Flower classifier
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
22 #include <net/sch_generic.h>
23 #include <net/pkt_cls.h>
25 #include <net/flow_dissector.h>
28 #include <net/dst_metadata.h>
32 struct flow_dissector_key_control control;
33 struct flow_dissector_key_control enc_control;
34 struct flow_dissector_key_basic basic;
35 struct flow_dissector_key_eth_addrs eth;
36 struct flow_dissector_key_vlan vlan;
38 struct flow_dissector_key_ipv4_addrs ipv4;
39 struct flow_dissector_key_ipv6_addrs ipv6;
41 struct flow_dissector_key_ports tp;
42 struct flow_dissector_key_keyid enc_key_id;
44 struct flow_dissector_key_ipv4_addrs enc_ipv4;
45 struct flow_dissector_key_ipv6_addrs enc_ipv6;
47 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
49 struct fl_flow_mask_range {
50 unsigned short int start;
51 unsigned short int end;
55 struct fl_flow_key key;
56 struct fl_flow_mask_range range;
62 struct fl_flow_mask mask;
63 struct flow_dissector dissector;
66 struct list_head filters;
67 struct rhashtable_params ht_params;
69 struct work_struct work;
74 struct cls_fl_filter {
75 struct rhash_head ht_node;
76 struct fl_flow_key mkey;
78 struct tcf_result res;
79 struct fl_flow_key key;
80 struct list_head list;
86 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
88 return mask->range.end - mask->range.start;
91 static void fl_mask_update_range(struct fl_flow_mask *mask)
93 const u8 *bytes = (const u8 *) &mask->key;
94 size_t size = sizeof(mask->key);
95 size_t i, first = 0, last = size - 1;
97 for (i = 0; i < sizeof(mask->key); i++) {
104 mask->range.start = rounddown(first, sizeof(long));
105 mask->range.end = roundup(last + 1, sizeof(long));
108 static void *fl_key_get_start(struct fl_flow_key *key,
109 const struct fl_flow_mask *mask)
111 return (u8 *) key + mask->range.start;
114 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
115 struct fl_flow_mask *mask)
117 const long *lkey = fl_key_get_start(key, mask);
118 const long *lmask = fl_key_get_start(&mask->key, mask);
119 long *lmkey = fl_key_get_start(mkey, mask);
122 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
123 *lmkey++ = *lkey++ & *lmask++;
126 static void fl_clear_masked_range(struct fl_flow_key *key,
127 struct fl_flow_mask *mask)
129 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
132 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
133 struct tcf_result *res)
135 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
136 struct cls_fl_filter *f;
137 struct fl_flow_key skb_key;
138 struct fl_flow_key skb_mkey;
139 struct ip_tunnel_info *info;
141 if (!atomic_read(&head->ht.nelems))
144 flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
145 fl_clear_masked_range(&skb_key, &head->mask);
147 info = skb_tunnel_info(skb);
149 struct ip_tunnel_key *key = &info->key;
151 switch (ip_tunnel_info_af(info)) {
153 skb_key.enc_control.addr_type =
154 FLOW_DISSECTOR_KEY_IPV4_ADDRS;
155 skb_key.enc_ipv4.src = key->u.ipv4.src;
156 skb_key.enc_ipv4.dst = key->u.ipv4.dst;
159 skb_key.enc_control.addr_type =
160 FLOW_DISSECTOR_KEY_IPV6_ADDRS;
161 skb_key.enc_ipv6.src = key->u.ipv6.src;
162 skb_key.enc_ipv6.dst = key->u.ipv6.dst;
166 skb_key.enc_key_id.keyid = tunnel_id_to_key32(key->tun_id);
169 skb_key.indev_ifindex = skb->skb_iif;
170 /* skb_flow_dissect() does not set n_proto in case an unknown protocol,
171 * so do it rather here.
173 skb_key.basic.n_proto = skb->protocol;
174 skb_flow_dissect(skb, &head->dissector, &skb_key, 0);
176 fl_set_masked_key(&skb_mkey, &skb_key, &head->mask);
178 f = rhashtable_lookup_fast(&head->ht,
179 fl_key_get_start(&skb_mkey, &head->mask),
181 if (f && !tc_skip_sw(f->flags)) {
183 return tcf_exts_exec(skb, &f->exts, res);
188 static int fl_init(struct tcf_proto *tp)
190 struct cls_fl_head *head;
192 head = kzalloc(sizeof(*head), GFP_KERNEL);
196 INIT_LIST_HEAD_RCU(&head->filters);
197 rcu_assign_pointer(tp->root, head);
202 static void fl_destroy_filter(struct rcu_head *head)
204 struct cls_fl_filter *f = container_of(head, struct cls_fl_filter, rcu);
206 tcf_exts_destroy(&f->exts);
210 static void fl_hw_destroy_filter(struct tcf_proto *tp, unsigned long cookie)
212 struct net_device *dev = tp->q->dev_queue->dev;
213 struct tc_cls_flower_offload offload = {0};
214 struct tc_to_netdev tc;
216 if (!tc_should_offload(dev, tp, 0))
219 offload.command = TC_CLSFLOWER_DESTROY;
220 offload.cookie = cookie;
222 tc.type = TC_SETUP_CLSFLOWER;
223 tc.cls_flower = &offload;
225 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc);
228 static int fl_hw_replace_filter(struct tcf_proto *tp,
229 struct flow_dissector *dissector,
230 struct fl_flow_key *mask,
231 struct fl_flow_key *key,
232 struct tcf_exts *actions,
233 unsigned long cookie, u32 flags)
235 struct net_device *dev = tp->q->dev_queue->dev;
236 struct tc_cls_flower_offload offload = {0};
237 struct tc_to_netdev tc;
240 if (!tc_should_offload(dev, tp, flags))
241 return tc_skip_sw(flags) ? -EINVAL : 0;
243 offload.command = TC_CLSFLOWER_REPLACE;
244 offload.cookie = cookie;
245 offload.dissector = dissector;
248 offload.exts = actions;
250 tc.type = TC_SETUP_CLSFLOWER;
251 tc.cls_flower = &offload;
253 err = dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol,
256 if (tc_skip_sw(flags))
262 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
264 struct net_device *dev = tp->q->dev_queue->dev;
265 struct tc_cls_flower_offload offload = {0};
266 struct tc_to_netdev tc;
268 if (!tc_should_offload(dev, tp, 0))
271 offload.command = TC_CLSFLOWER_STATS;
272 offload.cookie = (unsigned long)f;
273 offload.exts = &f->exts;
275 tc.type = TC_SETUP_CLSFLOWER;
276 tc.cls_flower = &offload;
278 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc);
281 static void fl_destroy_sleepable(struct work_struct *work)
283 struct cls_fl_head *head = container_of(work, struct cls_fl_head,
285 if (head->mask_assigned)
286 rhashtable_destroy(&head->ht);
288 module_put(THIS_MODULE);
291 static void fl_destroy_rcu(struct rcu_head *rcu)
293 struct cls_fl_head *head = container_of(rcu, struct cls_fl_head, rcu);
295 INIT_WORK(&head->work, fl_destroy_sleepable);
296 schedule_work(&head->work);
299 static bool fl_destroy(struct tcf_proto *tp, bool force)
301 struct cls_fl_head *head = rtnl_dereference(tp->root);
302 struct cls_fl_filter *f, *next;
304 if (!force && !list_empty(&head->filters))
307 list_for_each_entry_safe(f, next, &head->filters, list) {
308 fl_hw_destroy_filter(tp, (unsigned long)f);
309 list_del_rcu(&f->list);
310 call_rcu(&f->rcu, fl_destroy_filter);
313 __module_get(THIS_MODULE);
314 call_rcu(&head->rcu, fl_destroy_rcu);
318 static unsigned long fl_get(struct tcf_proto *tp, u32 handle)
320 struct cls_fl_head *head = rtnl_dereference(tp->root);
321 struct cls_fl_filter *f;
323 list_for_each_entry(f, &head->filters, list)
324 if (f->handle == handle)
325 return (unsigned long) f;
329 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
330 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
331 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
332 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
334 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
335 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
336 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
337 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
338 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
339 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
340 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
341 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
342 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
343 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
344 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
345 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
346 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
347 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
348 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
349 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
350 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
351 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
352 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
353 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
354 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
355 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
356 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
357 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
358 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
359 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
360 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
361 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
362 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
363 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
364 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
365 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
366 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
367 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
368 [TCA_FLOWER_FLAGS] = { .type = NLA_U32 },
371 static void fl_set_key_val(struct nlattr **tb,
372 void *val, int val_type,
373 void *mask, int mask_type, int len)
377 memcpy(val, nla_data(tb[val_type]), len);
378 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
379 memset(mask, 0xff, len);
381 memcpy(mask, nla_data(tb[mask_type]), len);
384 static void fl_set_key_vlan(struct nlattr **tb,
385 struct flow_dissector_key_vlan *key_val,
386 struct flow_dissector_key_vlan *key_mask)
388 #define VLAN_PRIORITY_MASK 0x7
390 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
392 nla_get_u16(tb[TCA_FLOWER_KEY_VLAN_ID]) & VLAN_VID_MASK;
393 key_mask->vlan_id = VLAN_VID_MASK;
395 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
396 key_val->vlan_priority =
397 nla_get_u8(tb[TCA_FLOWER_KEY_VLAN_PRIO]) &
399 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
403 static int fl_set_key(struct net *net, struct nlattr **tb,
404 struct fl_flow_key *key, struct fl_flow_key *mask)
407 #ifdef CONFIG_NET_CLS_IND
408 if (tb[TCA_FLOWER_INDEV]) {
409 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV]);
412 key->indev_ifindex = err;
413 mask->indev_ifindex = 0xffffffff;
417 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
418 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
419 sizeof(key->eth.dst));
420 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
421 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
422 sizeof(key->eth.src));
424 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
425 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
427 if (ethertype == htons(ETH_P_8021Q)) {
428 fl_set_key_vlan(tb, &key->vlan, &mask->vlan);
429 fl_set_key_val(tb, &key->basic.n_proto,
430 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
431 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
432 sizeof(key->basic.n_proto));
434 key->basic.n_proto = ethertype;
435 mask->basic.n_proto = cpu_to_be16(~0);
439 if (key->basic.n_proto == htons(ETH_P_IP) ||
440 key->basic.n_proto == htons(ETH_P_IPV6)) {
441 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
442 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
443 sizeof(key->basic.ip_proto));
446 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
447 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
448 mask->control.addr_type = ~0;
449 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
450 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
451 sizeof(key->ipv4.src));
452 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
453 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
454 sizeof(key->ipv4.dst));
455 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
456 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
457 mask->control.addr_type = ~0;
458 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
459 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
460 sizeof(key->ipv6.src));
461 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
462 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
463 sizeof(key->ipv6.dst));
466 if (key->basic.ip_proto == IPPROTO_TCP) {
467 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
468 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
469 sizeof(key->tp.src));
470 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
471 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
472 sizeof(key->tp.dst));
473 } else if (key->basic.ip_proto == IPPROTO_UDP) {
474 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
475 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
476 sizeof(key->tp.src));
477 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
478 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
479 sizeof(key->tp.dst));
482 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
483 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
484 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
485 mask->enc_control.addr_type = ~0;
486 fl_set_key_val(tb, &key->enc_ipv4.src,
487 TCA_FLOWER_KEY_ENC_IPV4_SRC,
489 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
490 sizeof(key->enc_ipv4.src));
491 fl_set_key_val(tb, &key->enc_ipv4.dst,
492 TCA_FLOWER_KEY_ENC_IPV4_DST,
494 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
495 sizeof(key->enc_ipv4.dst));
498 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
499 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
500 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
501 mask->enc_control.addr_type = ~0;
502 fl_set_key_val(tb, &key->enc_ipv6.src,
503 TCA_FLOWER_KEY_ENC_IPV6_SRC,
505 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
506 sizeof(key->enc_ipv6.src));
507 fl_set_key_val(tb, &key->enc_ipv6.dst,
508 TCA_FLOWER_KEY_ENC_IPV6_DST,
510 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
511 sizeof(key->enc_ipv6.dst));
514 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
515 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
516 sizeof(key->enc_key_id.keyid));
521 static bool fl_mask_eq(struct fl_flow_mask *mask1,
522 struct fl_flow_mask *mask2)
524 const long *lmask1 = fl_key_get_start(&mask1->key, mask1);
525 const long *lmask2 = fl_key_get_start(&mask2->key, mask2);
527 return !memcmp(&mask1->range, &mask2->range, sizeof(mask1->range)) &&
528 !memcmp(lmask1, lmask2, fl_mask_range(mask1));
531 static const struct rhashtable_params fl_ht_params = {
532 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
533 .head_offset = offsetof(struct cls_fl_filter, ht_node),
534 .automatic_shrinking = true,
537 static int fl_init_hashtable(struct cls_fl_head *head,
538 struct fl_flow_mask *mask)
540 head->ht_params = fl_ht_params;
541 head->ht_params.key_len = fl_mask_range(mask);
542 head->ht_params.key_offset += mask->range.start;
544 return rhashtable_init(&head->ht, &head->ht_params);
547 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
548 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
550 #define FL_KEY_IS_MASKED(mask, member) \
551 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
552 0, FL_KEY_MEMBER_SIZE(member)) \
554 #define FL_KEY_SET(keys, cnt, id, member) \
556 keys[cnt].key_id = id; \
557 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
561 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
563 if (FL_KEY_IS_MASKED(mask, member)) \
564 FL_KEY_SET(keys, cnt, id, member); \
567 static void fl_init_dissector(struct cls_fl_head *head,
568 struct fl_flow_mask *mask)
570 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
573 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
574 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
575 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
576 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
577 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
578 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
579 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
580 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
581 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
582 FLOW_DISSECTOR_KEY_PORTS, tp);
583 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
584 FLOW_DISSECTOR_KEY_VLAN, vlan);
586 skb_flow_dissector_init(&head->dissector, keys, cnt);
589 static int fl_check_assign_mask(struct cls_fl_head *head,
590 struct fl_flow_mask *mask)
594 if (head->mask_assigned) {
595 if (!fl_mask_eq(&head->mask, mask))
601 /* Mask is not assigned yet. So assign it and init hashtable
604 err = fl_init_hashtable(head, mask);
607 memcpy(&head->mask, mask, sizeof(head->mask));
608 head->mask_assigned = true;
610 fl_init_dissector(head, mask);
615 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
616 struct cls_fl_filter *f, struct fl_flow_mask *mask,
617 unsigned long base, struct nlattr **tb,
618 struct nlattr *est, bool ovr)
623 err = tcf_exts_init(&e, TCA_FLOWER_ACT, 0);
626 err = tcf_exts_validate(net, tp, tb, est, &e, ovr);
630 if (tb[TCA_FLOWER_CLASSID]) {
631 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
632 tcf_bind_filter(tp, &f->res, base);
635 err = fl_set_key(net, tb, &f->key, &mask->key);
639 fl_mask_update_range(mask);
640 fl_set_masked_key(&f->mkey, &f->key, mask);
642 tcf_exts_change(tp, &f->exts, &e);
646 tcf_exts_destroy(&e);
650 static u32 fl_grab_new_handle(struct tcf_proto *tp,
651 struct cls_fl_head *head)
653 unsigned int i = 0x80000000;
657 if (++head->hgen == 0x7FFFFFFF)
659 } while (--i > 0 && fl_get(tp, head->hgen));
661 if (unlikely(i == 0)) {
662 pr_err("Insufficient number of handles\n");
671 static int fl_change(struct net *net, struct sk_buff *in_skb,
672 struct tcf_proto *tp, unsigned long base,
673 u32 handle, struct nlattr **tca,
674 unsigned long *arg, bool ovr)
676 struct cls_fl_head *head = rtnl_dereference(tp->root);
677 struct cls_fl_filter *fold = (struct cls_fl_filter *) *arg;
678 struct cls_fl_filter *fnew;
679 struct nlattr *tb[TCA_FLOWER_MAX + 1];
680 struct fl_flow_mask mask = {};
683 if (!tca[TCA_OPTIONS])
686 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS], fl_policy);
690 if (fold && handle && fold->handle != handle)
693 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
697 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
702 handle = fl_grab_new_handle(tp, head);
708 fnew->handle = handle;
710 if (tb[TCA_FLOWER_FLAGS]) {
711 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
713 if (!tc_flags_valid(fnew->flags)) {
719 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr);
723 err = fl_check_assign_mask(head, &mask);
727 if (!tc_skip_sw(fnew->flags)) {
728 err = rhashtable_insert_fast(&head->ht, &fnew->ht_node,
734 err = fl_hw_replace_filter(tp,
745 if (!tc_skip_sw(fold->flags))
746 rhashtable_remove_fast(&head->ht, &fold->ht_node,
748 fl_hw_destroy_filter(tp, (unsigned long)fold);
751 *arg = (unsigned long) fnew;
754 list_replace_rcu(&fold->list, &fnew->list);
755 tcf_unbind_filter(tp, &fold->res);
756 call_rcu(&fold->rcu, fl_destroy_filter);
758 list_add_tail_rcu(&fnew->list, &head->filters);
764 tcf_exts_destroy(&fnew->exts);
769 static int fl_delete(struct tcf_proto *tp, unsigned long arg)
771 struct cls_fl_head *head = rtnl_dereference(tp->root);
772 struct cls_fl_filter *f = (struct cls_fl_filter *) arg;
774 if (!tc_skip_sw(f->flags))
775 rhashtable_remove_fast(&head->ht, &f->ht_node,
777 list_del_rcu(&f->list);
778 fl_hw_destroy_filter(tp, (unsigned long)f);
779 tcf_unbind_filter(tp, &f->res);
780 call_rcu(&f->rcu, fl_destroy_filter);
784 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
786 struct cls_fl_head *head = rtnl_dereference(tp->root);
787 struct cls_fl_filter *f;
789 list_for_each_entry_rcu(f, &head->filters, list) {
790 if (arg->count < arg->skip)
792 if (arg->fn(tp, (unsigned long) f, arg) < 0) {
801 static int fl_dump_key_val(struct sk_buff *skb,
802 void *val, int val_type,
803 void *mask, int mask_type, int len)
807 if (!memchr_inv(mask, 0, len))
809 err = nla_put(skb, val_type, len, val);
812 if (mask_type != TCA_FLOWER_UNSPEC) {
813 err = nla_put(skb, mask_type, len, mask);
820 static int fl_dump_key_vlan(struct sk_buff *skb,
821 struct flow_dissector_key_vlan *vlan_key,
822 struct flow_dissector_key_vlan *vlan_mask)
826 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
828 if (vlan_mask->vlan_id) {
829 err = nla_put_u16(skb, TCA_FLOWER_KEY_VLAN_ID,
834 if (vlan_mask->vlan_priority) {
835 err = nla_put_u8(skb, TCA_FLOWER_KEY_VLAN_PRIO,
836 vlan_key->vlan_priority);
843 static int fl_dump(struct net *net, struct tcf_proto *tp, unsigned long fh,
844 struct sk_buff *skb, struct tcmsg *t)
846 struct cls_fl_head *head = rtnl_dereference(tp->root);
847 struct cls_fl_filter *f = (struct cls_fl_filter *) fh;
849 struct fl_flow_key *key, *mask;
854 t->tcm_handle = f->handle;
856 nest = nla_nest_start(skb, TCA_OPTIONS);
858 goto nla_put_failure;
860 if (f->res.classid &&
861 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
862 goto nla_put_failure;
865 mask = &head->mask.key;
867 if (mask->indev_ifindex) {
868 struct net_device *dev;
870 dev = __dev_get_by_index(net, key->indev_ifindex);
871 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
872 goto nla_put_failure;
875 fl_hw_update_stats(tp, f);
877 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
878 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
879 sizeof(key->eth.dst)) ||
880 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
881 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
882 sizeof(key->eth.src)) ||
883 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
884 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
885 sizeof(key->basic.n_proto)))
886 goto nla_put_failure;
888 if (fl_dump_key_vlan(skb, &key->vlan, &mask->vlan))
889 goto nla_put_failure;
891 if ((key->basic.n_proto == htons(ETH_P_IP) ||
892 key->basic.n_proto == htons(ETH_P_IPV6)) &&
893 fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
894 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
895 sizeof(key->basic.ip_proto)))
896 goto nla_put_failure;
898 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
899 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
900 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
901 sizeof(key->ipv4.src)) ||
902 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
903 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
904 sizeof(key->ipv4.dst))))
905 goto nla_put_failure;
906 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
907 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
908 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
909 sizeof(key->ipv6.src)) ||
910 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
911 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
912 sizeof(key->ipv6.dst))))
913 goto nla_put_failure;
915 if (key->basic.ip_proto == IPPROTO_TCP &&
916 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
917 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
918 sizeof(key->tp.src)) ||
919 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
920 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
921 sizeof(key->tp.dst))))
922 goto nla_put_failure;
923 else if (key->basic.ip_proto == IPPROTO_UDP &&
924 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
925 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
926 sizeof(key->tp.src)) ||
927 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
928 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
929 sizeof(key->tp.dst))))
930 goto nla_put_failure;
932 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
933 (fl_dump_key_val(skb, &key->enc_ipv4.src,
934 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
935 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
936 sizeof(key->enc_ipv4.src)) ||
937 fl_dump_key_val(skb, &key->enc_ipv4.dst,
938 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
939 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
940 sizeof(key->enc_ipv4.dst))))
941 goto nla_put_failure;
942 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
943 (fl_dump_key_val(skb, &key->enc_ipv6.src,
944 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
945 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
946 sizeof(key->enc_ipv6.src)) ||
947 fl_dump_key_val(skb, &key->enc_ipv6.dst,
948 TCA_FLOWER_KEY_ENC_IPV6_DST,
950 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
951 sizeof(key->enc_ipv6.dst))))
952 goto nla_put_failure;
954 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
955 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
956 sizeof(key->enc_key_id)))
957 goto nla_put_failure;
959 nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags);
961 if (tcf_exts_dump(skb, &f->exts))
962 goto nla_put_failure;
964 nla_nest_end(skb, nest);
966 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
967 goto nla_put_failure;
972 nla_nest_cancel(skb, nest);
976 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
978 .classify = fl_classify,
980 .destroy = fl_destroy,
986 .owner = THIS_MODULE,
989 static int __init cls_fl_init(void)
991 return register_tcf_proto_ops(&cls_fl_ops);
994 static void __exit cls_fl_exit(void)
996 unregister_tcf_proto_ops(&cls_fl_ops);
999 module_init(cls_fl_init);
1000 module_exit(cls_fl_exit);
1002 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
1003 MODULE_DESCRIPTION("Flower classifier");
1004 MODULE_LICENSE("GPL v2");
projects / releases.git / blob