2 * net/sched/cls_flower.c Flower classifier
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
21 #include <linux/mpls.h>
23 #include <net/sch_generic.h>
24 #include <net/pkt_cls.h>
26 #include <net/flow_dissector.h>
27 #include <net/geneve.h>
30 #include <net/dst_metadata.h>
34 struct flow_dissector_key_control control;
35 struct flow_dissector_key_control enc_control;
36 struct flow_dissector_key_basic basic;
37 struct flow_dissector_key_eth_addrs eth;
38 struct flow_dissector_key_vlan vlan;
39 struct flow_dissector_key_vlan cvlan;
41 struct flow_dissector_key_ipv4_addrs ipv4;
42 struct flow_dissector_key_ipv6_addrs ipv6;
44 struct flow_dissector_key_ports tp;
45 struct flow_dissector_key_icmp icmp;
46 struct flow_dissector_key_arp arp;
47 struct flow_dissector_key_keyid enc_key_id;
49 struct flow_dissector_key_ipv4_addrs enc_ipv4;
50 struct flow_dissector_key_ipv6_addrs enc_ipv6;
52 struct flow_dissector_key_ports enc_tp;
53 struct flow_dissector_key_mpls mpls;
54 struct flow_dissector_key_tcp tcp;
55 struct flow_dissector_key_ip ip;
56 struct flow_dissector_key_ip enc_ip;
57 struct flow_dissector_key_enc_opts enc_opts;
58 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
60 struct fl_flow_mask_range {
61 unsigned short int start;
62 unsigned short int end;
66 struct fl_flow_key key;
67 struct fl_flow_mask_range range;
68 struct rhash_head ht_node;
70 struct rhashtable_params filter_ht_params;
71 struct flow_dissector dissector;
72 struct list_head filters;
73 struct rcu_work rwork;
74 struct list_head list;
77 struct fl_flow_tmplt {
78 struct fl_flow_key dummy_key;
79 struct fl_flow_key mask;
80 struct flow_dissector dissector;
81 struct tcf_chain *chain;
86 struct list_head masks;
87 struct rcu_work rwork;
88 struct idr handle_idr;
91 struct cls_fl_filter {
92 struct fl_flow_mask *mask;
93 struct rhash_head ht_node;
94 struct fl_flow_key mkey;
96 struct tcf_result res;
97 struct fl_flow_key key;
98 struct list_head list;
101 unsigned int in_hw_count;
102 struct rcu_work rwork;
103 struct net_device *hw_dev;
106 static const struct rhashtable_params mask_ht_params = {
107 .key_offset = offsetof(struct fl_flow_mask, key),
108 .key_len = sizeof(struct fl_flow_key),
109 .head_offset = offsetof(struct fl_flow_mask, ht_node),
110 .automatic_shrinking = true,
113 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
115 return mask->range.end - mask->range.start;
118 static void fl_mask_update_range(struct fl_flow_mask *mask)
120 const u8 *bytes = (const u8 *) &mask->key;
121 size_t size = sizeof(mask->key);
122 size_t i, first = 0, last;
124 for (i = 0; i < size; i++) {
131 for (i = size - 1; i != first; i--) {
137 mask->range.start = rounddown(first, sizeof(long));
138 mask->range.end = roundup(last + 1, sizeof(long));
141 static void *fl_key_get_start(struct fl_flow_key *key,
142 const struct fl_flow_mask *mask)
144 return (u8 *) key + mask->range.start;
147 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
148 struct fl_flow_mask *mask)
150 const long *lkey = fl_key_get_start(key, mask);
151 const long *lmask = fl_key_get_start(&mask->key, mask);
152 long *lmkey = fl_key_get_start(mkey, mask);
155 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
156 *lmkey++ = *lkey++ & *lmask++;
159 static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
160 struct fl_flow_mask *mask)
162 const long *lmask = fl_key_get_start(&mask->key, mask);
168 ltmplt = fl_key_get_start(&tmplt->mask, mask);
169 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
170 if (~*ltmplt++ & *lmask++)
176 static void fl_clear_masked_range(struct fl_flow_key *key,
177 struct fl_flow_mask *mask)
179 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
182 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
183 struct fl_flow_key *mkey)
185 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
186 mask->filter_ht_params);
189 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
190 struct tcf_result *res)
192 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
193 struct cls_fl_filter *f;
194 struct fl_flow_mask *mask;
195 struct fl_flow_key skb_key;
196 struct fl_flow_key skb_mkey;
198 list_for_each_entry_rcu(mask, &head->masks, list) {
199 flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
200 fl_clear_masked_range(&skb_key, mask);
202 skb_key.indev_ifindex = skb->skb_iif;
203 /* skb_flow_dissect() does not set n_proto in case an unknown
204 * protocol, so do it rather here.
206 skb_key.basic.n_proto = skb_protocol(skb, false);
207 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
208 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
210 fl_set_masked_key(&skb_mkey, &skb_key, mask);
212 f = fl_lookup(mask, &skb_mkey);
213 if (f && !tc_skip_sw(f->flags)) {
215 return tcf_exts_exec(skb, &f->exts, res);
221 static int fl_init(struct tcf_proto *tp)
223 struct cls_fl_head *head;
225 head = kzalloc(sizeof(*head), GFP_KERNEL);
229 INIT_LIST_HEAD_RCU(&head->masks);
230 rcu_assign_pointer(tp->root, head);
231 idr_init(&head->handle_idr);
233 return rhashtable_init(&head->ht, &mask_ht_params);
236 static void fl_mask_free(struct fl_flow_mask *mask)
238 rhashtable_destroy(&mask->ht);
242 static void fl_mask_free_work(struct work_struct *work)
244 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
245 struct fl_flow_mask, rwork);
250 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask,
253 if (!list_empty(&mask->filters))
256 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
257 list_del_rcu(&mask->list);
259 tcf_queue_work(&mask->rwork, fl_mask_free_work);
266 static void __fl_destroy_filter(struct cls_fl_filter *f)
268 tcf_exts_destroy(&f->exts);
269 tcf_exts_put_net(&f->exts);
273 static void fl_destroy_filter_work(struct work_struct *work)
275 struct cls_fl_filter *f = container_of(to_rcu_work(work),
276 struct cls_fl_filter, rwork);
279 __fl_destroy_filter(f);
283 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
284 struct netlink_ext_ack *extack)
286 struct tc_cls_flower_offload cls_flower = {};
287 struct tcf_block *block = tp->chain->block;
289 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
290 cls_flower.command = TC_CLSFLOWER_DESTROY;
291 cls_flower.cookie = (unsigned long) f;
293 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
295 tcf_block_offload_dec(block, &f->flags);
298 static int fl_hw_replace_filter(struct tcf_proto *tp,
299 struct cls_fl_filter *f,
300 struct netlink_ext_ack *extack)
302 struct tc_cls_flower_offload cls_flower = {};
303 struct tcf_block *block = tp->chain->block;
304 bool skip_sw = tc_skip_sw(f->flags);
307 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
308 cls_flower.command = TC_CLSFLOWER_REPLACE;
309 cls_flower.cookie = (unsigned long) f;
310 cls_flower.dissector = &f->mask->dissector;
311 cls_flower.mask = &f->mask->key;
312 cls_flower.key = &f->mkey;
313 cls_flower.exts = &f->exts;
314 cls_flower.classid = f->res.classid;
316 err = tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
317 &cls_flower, skip_sw);
319 fl_hw_destroy_filter(tp, f, NULL);
321 } else if (err > 0) {
322 f->in_hw_count = err;
323 tcf_block_offload_inc(block, &f->flags);
326 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
332 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
334 struct tc_cls_flower_offload cls_flower = {};
335 struct tcf_block *block = tp->chain->block;
337 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
338 cls_flower.command = TC_CLSFLOWER_STATS;
339 cls_flower.cookie = (unsigned long) f;
340 cls_flower.exts = &f->exts;
341 cls_flower.classid = f->res.classid;
343 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
347 static bool __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
348 struct netlink_ext_ack *extack)
350 struct cls_fl_head *head = rtnl_dereference(tp->root);
351 bool async = tcf_exts_get_net(&f->exts);
354 idr_remove(&head->handle_idr, f->handle);
355 list_del_rcu(&f->list);
356 last = fl_mask_put(head, f->mask, async);
357 if (!tc_skip_hw(f->flags))
358 fl_hw_destroy_filter(tp, f, extack);
359 tcf_unbind_filter(tp, &f->res);
361 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
363 __fl_destroy_filter(f);
368 static void fl_destroy_sleepable(struct work_struct *work)
370 struct cls_fl_head *head = container_of(to_rcu_work(work),
374 rhashtable_destroy(&head->ht);
376 module_put(THIS_MODULE);
379 static void fl_destroy(struct tcf_proto *tp, struct netlink_ext_ack *extack)
381 struct cls_fl_head *head = rtnl_dereference(tp->root);
382 struct fl_flow_mask *mask, *next_mask;
383 struct cls_fl_filter *f, *next;
385 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
386 list_for_each_entry_safe(f, next, &mask->filters, list) {
387 if (__fl_delete(tp, f, extack))
391 idr_destroy(&head->handle_idr);
393 __module_get(THIS_MODULE);
394 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
397 static void *fl_get(struct tcf_proto *tp, u32 handle)
399 struct cls_fl_head *head = rtnl_dereference(tp->root);
401 return idr_find(&head->handle_idr, handle);
404 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
405 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
406 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
407 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
409 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
410 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
411 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
412 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
413 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
414 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
415 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
416 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
417 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
418 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
419 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
420 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
421 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
422 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
423 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
424 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
425 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
426 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
427 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
428 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
429 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
430 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
431 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
432 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
433 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
434 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
435 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
436 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
437 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
438 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
439 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
440 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
441 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
442 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
443 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
444 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
445 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
446 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
447 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
448 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
449 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
450 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
451 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
452 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
453 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
454 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
455 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
456 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
457 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
458 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
459 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
460 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
461 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
462 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
463 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
464 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
465 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
466 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
467 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
468 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
469 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
470 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
471 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
472 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
473 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
474 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
475 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
476 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
477 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
478 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
479 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
480 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
481 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
482 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
483 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
484 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
485 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
486 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
487 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
488 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
489 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
490 [TCA_FLOWER_FLAGS] = { .type = NLA_U32 },
493 static const struct nla_policy
494 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
495 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
498 static const struct nla_policy
499 geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
500 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
501 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
502 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
506 static void fl_set_key_val(struct nlattr **tb,
507 void *val, int val_type,
508 void *mask, int mask_type, int len)
512 memcpy(val, nla_data(tb[val_type]), len);
513 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
514 memset(mask, 0xff, len);
516 memcpy(mask, nla_data(tb[mask_type]), len);
519 static int fl_set_key_mpls(struct nlattr **tb,
520 struct flow_dissector_key_mpls *key_val,
521 struct flow_dissector_key_mpls *key_mask)
523 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
524 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
525 key_mask->mpls_ttl = MPLS_TTL_MASK;
527 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
528 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
530 if (bos & ~MPLS_BOS_MASK)
532 key_val->mpls_bos = bos;
533 key_mask->mpls_bos = MPLS_BOS_MASK;
535 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
536 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
538 if (tc & ~MPLS_TC_MASK)
540 key_val->mpls_tc = tc;
541 key_mask->mpls_tc = MPLS_TC_MASK;
543 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
544 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
546 if (label & ~MPLS_LABEL_MASK)
548 key_val->mpls_label = label;
549 key_mask->mpls_label = MPLS_LABEL_MASK;
554 static void fl_set_key_vlan(struct nlattr **tb,
556 int vlan_id_key, int vlan_prio_key,
557 int vlan_next_eth_type_key,
558 struct flow_dissector_key_vlan *key_val,
559 struct flow_dissector_key_vlan *key_mask)
561 #define VLAN_PRIORITY_MASK 0x7
563 if (tb[vlan_id_key]) {
565 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
566 key_mask->vlan_id = VLAN_VID_MASK;
568 if (tb[vlan_prio_key]) {
569 key_val->vlan_priority =
570 nla_get_u8(tb[vlan_prio_key]) &
572 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
574 key_val->vlan_tpid = ethertype;
575 key_mask->vlan_tpid = cpu_to_be16(~0);
576 if (tb[vlan_next_eth_type_key]) {
577 key_val->vlan_eth_type =
578 nla_get_be16(tb[vlan_next_eth_type_key]);
579 key_mask->vlan_eth_type = cpu_to_be16(~0);
583 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
584 u32 *dissector_key, u32 *dissector_mask,
585 u32 flower_flag_bit, u32 dissector_flag_bit)
587 if (flower_mask & flower_flag_bit) {
588 *dissector_mask |= dissector_flag_bit;
589 if (flower_key & flower_flag_bit)
590 *dissector_key |= dissector_flag_bit;
594 static int fl_set_key_flags(struct nlattr **tb,
595 u32 *flags_key, u32 *flags_mask)
599 /* mask is mandatory for flags */
600 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
603 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
604 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
609 fl_set_key_flag(key, mask, flags_key, flags_mask,
610 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
611 fl_set_key_flag(key, mask, flags_key, flags_mask,
612 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
613 FLOW_DIS_FIRST_FRAG);
618 static void fl_set_key_ip(struct nlattr **tb, bool encap,
619 struct flow_dissector_key_ip *key,
620 struct flow_dissector_key_ip *mask)
622 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
623 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
624 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
625 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
627 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
628 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
631 static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
632 int depth, int option_len,
633 struct netlink_ext_ack *extack)
635 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
636 struct nlattr *class = NULL, *type = NULL, *data = NULL;
637 struct geneve_opt *opt;
638 int err, data_len = 0;
640 if (option_len > sizeof(struct geneve_opt))
641 data_len = option_len - sizeof(struct geneve_opt);
643 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
644 memset(opt, 0xff, option_len);
645 opt->length = data_len / 4;
650 /* If no mask has been prodived we assume an exact match. */
652 return sizeof(struct geneve_opt) + data_len;
654 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
655 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
659 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
660 nla, geneve_opt_policy, extack);
664 /* We are not allowed to omit any of CLASS, TYPE or DATA
665 * fields from the key.
668 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
669 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
670 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
671 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
675 /* Omitting any of CLASS, TYPE or DATA fields is allowed
678 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
679 int new_len = key->enc_opts.len;
681 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
682 data_len = nla_len(data);
684 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
688 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
692 new_len += sizeof(struct geneve_opt) + data_len;
693 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
694 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
695 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
698 opt->length = data_len / 4;
699 memcpy(opt->opt_data, nla_data(data), data_len);
702 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
703 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
704 opt->opt_class = nla_get_be16(class);
707 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
708 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
709 opt->type = nla_get_u8(type);
712 return sizeof(struct geneve_opt) + data_len;
715 static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
716 struct fl_flow_key *mask,
717 struct netlink_ext_ack *extack)
719 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
720 int err, option_len, key_depth, msk_depth = 0;
722 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS],
723 TCA_FLOWER_KEY_ENC_OPTS_MAX,
724 enc_opts_policy, extack);
728 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
730 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
731 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
732 TCA_FLOWER_KEY_ENC_OPTS_MAX,
733 enc_opts_policy, extack);
737 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
738 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
741 nla_for_each_attr(nla_opt_key, nla_enc_key,
742 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
743 switch (nla_type(nla_opt_key)) {
744 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
746 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
747 option_len = fl_set_geneve_opt(nla_opt_key, key,
748 key_depth, option_len,
753 key->enc_opts.len += option_len;
754 /* At the same time we need to parse through the mask
755 * in order to verify exact and mask attribute lengths.
757 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
758 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
759 msk_depth, option_len,
764 mask->enc_opts.len += option_len;
765 if (key->enc_opts.len != mask->enc_opts.len) {
766 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
771 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
774 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
782 static int fl_set_key(struct net *net, struct nlattr **tb,
783 struct fl_flow_key *key, struct fl_flow_key *mask,
784 struct netlink_ext_ack *extack)
788 #ifdef CONFIG_NET_CLS_IND
789 if (tb[TCA_FLOWER_INDEV]) {
790 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
793 key->indev_ifindex = err;
794 mask->indev_ifindex = 0xffffffff;
798 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
799 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
800 sizeof(key->eth.dst));
801 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
802 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
803 sizeof(key->eth.src));
805 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
806 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
808 if (eth_type_vlan(ethertype)) {
809 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
810 TCA_FLOWER_KEY_VLAN_PRIO,
811 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
812 &key->vlan, &mask->vlan);
814 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
815 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
816 if (eth_type_vlan(ethertype)) {
817 fl_set_key_vlan(tb, ethertype,
818 TCA_FLOWER_KEY_CVLAN_ID,
819 TCA_FLOWER_KEY_CVLAN_PRIO,
820 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
821 &key->cvlan, &mask->cvlan);
822 fl_set_key_val(tb, &key->basic.n_proto,
823 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
824 &mask->basic.n_proto,
826 sizeof(key->basic.n_proto));
828 key->basic.n_proto = ethertype;
829 mask->basic.n_proto = cpu_to_be16(~0);
833 key->basic.n_proto = ethertype;
834 mask->basic.n_proto = cpu_to_be16(~0);
838 if (key->basic.n_proto == htons(ETH_P_IP) ||
839 key->basic.n_proto == htons(ETH_P_IPV6)) {
840 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
841 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
842 sizeof(key->basic.ip_proto));
843 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
846 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
847 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
848 mask->control.addr_type = ~0;
849 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
850 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
851 sizeof(key->ipv4.src));
852 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
853 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
854 sizeof(key->ipv4.dst));
855 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
856 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
857 mask->control.addr_type = ~0;
858 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
859 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
860 sizeof(key->ipv6.src));
861 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
862 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
863 sizeof(key->ipv6.dst));
866 if (key->basic.ip_proto == IPPROTO_TCP) {
867 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
868 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
869 sizeof(key->tp.src));
870 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
871 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
872 sizeof(key->tp.dst));
873 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
874 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
875 sizeof(key->tcp.flags));
876 } else if (key->basic.ip_proto == IPPROTO_UDP) {
877 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
878 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
879 sizeof(key->tp.src));
880 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
881 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
882 sizeof(key->tp.dst));
883 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
884 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
885 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
886 sizeof(key->tp.src));
887 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
888 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
889 sizeof(key->tp.dst));
890 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
891 key->basic.ip_proto == IPPROTO_ICMP) {
892 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
894 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
895 sizeof(key->icmp.type));
896 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
898 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
899 sizeof(key->icmp.code));
900 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
901 key->basic.ip_proto == IPPROTO_ICMPV6) {
902 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
904 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
905 sizeof(key->icmp.type));
906 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
908 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
909 sizeof(key->icmp.code));
910 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
911 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
912 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
915 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
916 key->basic.n_proto == htons(ETH_P_RARP)) {
917 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
918 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
919 sizeof(key->arp.sip));
920 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
921 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
922 sizeof(key->arp.tip));
923 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
924 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
925 sizeof(key->arp.op));
926 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
927 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
928 sizeof(key->arp.sha));
929 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
930 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
931 sizeof(key->arp.tha));
934 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
935 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
936 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
937 mask->enc_control.addr_type = ~0;
938 fl_set_key_val(tb, &key->enc_ipv4.src,
939 TCA_FLOWER_KEY_ENC_IPV4_SRC,
941 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
942 sizeof(key->enc_ipv4.src));
943 fl_set_key_val(tb, &key->enc_ipv4.dst,
944 TCA_FLOWER_KEY_ENC_IPV4_DST,
946 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
947 sizeof(key->enc_ipv4.dst));
950 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
951 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
952 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
953 mask->enc_control.addr_type = ~0;
954 fl_set_key_val(tb, &key->enc_ipv6.src,
955 TCA_FLOWER_KEY_ENC_IPV6_SRC,
957 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
958 sizeof(key->enc_ipv6.src));
959 fl_set_key_val(tb, &key->enc_ipv6.dst,
960 TCA_FLOWER_KEY_ENC_IPV6_DST,
962 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
963 sizeof(key->enc_ipv6.dst));
966 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
967 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
968 sizeof(key->enc_key_id.keyid));
970 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
971 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
972 sizeof(key->enc_tp.src));
974 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
975 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
976 sizeof(key->enc_tp.dst));
978 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
980 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
981 ret = fl_set_enc_opt(tb, key, mask, extack);
986 if (tb[TCA_FLOWER_KEY_FLAGS])
987 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
992 static void fl_mask_copy(struct fl_flow_mask *dst,
993 struct fl_flow_mask *src)
995 const void *psrc = fl_key_get_start(&src->key, src);
996 void *pdst = fl_key_get_start(&dst->key, src);
998 memcpy(pdst, psrc, fl_mask_range(src));
999 dst->range = src->range;
1002 static const struct rhashtable_params fl_ht_params = {
1003 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
1004 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1005 .automatic_shrinking = true,
1008 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1010 mask->filter_ht_params = fl_ht_params;
1011 mask->filter_ht_params.key_len = fl_mask_range(mask);
1012 mask->filter_ht_params.key_offset += mask->range.start;
1014 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1017 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1018 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
1020 #define FL_KEY_IS_MASKED(mask, member) \
1021 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1022 0, FL_KEY_MEMBER_SIZE(member)) \
1024 #define FL_KEY_SET(keys, cnt, id, member) \
1026 keys[cnt].key_id = id; \
1027 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1031 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1033 if (FL_KEY_IS_MASKED(mask, member)) \
1034 FL_KEY_SET(keys, cnt, id, member); \
1037 static void fl_init_dissector(struct flow_dissector *dissector,
1038 struct fl_flow_key *mask)
1040 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1043 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1044 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1045 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1046 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1047 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1048 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1049 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1050 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1051 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1052 FLOW_DISSECTOR_KEY_PORTS, tp);
1053 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1054 FLOW_DISSECTOR_KEY_IP, ip);
1055 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1056 FLOW_DISSECTOR_KEY_TCP, tcp);
1057 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1058 FLOW_DISSECTOR_KEY_ICMP, icmp);
1059 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1060 FLOW_DISSECTOR_KEY_ARP, arp);
1061 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1062 FLOW_DISSECTOR_KEY_MPLS, mpls);
1063 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1064 FLOW_DISSECTOR_KEY_VLAN, vlan);
1065 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1066 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1067 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1068 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1069 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1070 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1071 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1072 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1073 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1074 FL_KEY_IS_MASKED(mask, enc_ipv6))
1075 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1077 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1078 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1079 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1080 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1081 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1082 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1084 skb_flow_dissector_init(dissector, keys, cnt);
1087 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1088 struct fl_flow_mask *mask)
1090 struct fl_flow_mask *newmask;
1093 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1095 return ERR_PTR(-ENOMEM);
1097 fl_mask_copy(newmask, mask);
1099 err = fl_init_mask_hashtable(newmask);
1103 fl_init_dissector(&newmask->dissector, &newmask->key);
1105 INIT_LIST_HEAD_RCU(&newmask->filters);
1107 err = rhashtable_insert_fast(&head->ht, &newmask->ht_node,
1110 goto errout_destroy;
1112 list_add_tail_rcu(&newmask->list, &head->masks);
1117 rhashtable_destroy(&newmask->ht);
1121 return ERR_PTR(err);
1124 static int fl_check_assign_mask(struct cls_fl_head *head,
1125 struct cls_fl_filter *fnew,
1126 struct cls_fl_filter *fold,
1127 struct fl_flow_mask *mask)
1129 struct fl_flow_mask *newmask;
1131 fnew->mask = rhashtable_lookup_fast(&head->ht, mask, mask_ht_params);
1136 newmask = fl_create_new_mask(head, mask);
1137 if (IS_ERR(newmask))
1138 return PTR_ERR(newmask);
1140 fnew->mask = newmask;
1141 } else if (fold && fold->mask != fnew->mask) {
1148 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1149 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1150 unsigned long base, struct nlattr **tb,
1151 struct nlattr *est, bool ovr,
1152 struct fl_flow_tmplt *tmplt,
1153 struct netlink_ext_ack *extack)
1157 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, extack);
1161 if (tb[TCA_FLOWER_CLASSID]) {
1162 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1163 tcf_bind_filter(tp, &f->res, base);
1166 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1170 fl_mask_update_range(mask);
1171 fl_set_masked_key(&f->mkey, &f->key, mask);
1173 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1174 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1181 static int fl_change(struct net *net, struct sk_buff *in_skb,
1182 struct tcf_proto *tp, unsigned long base,
1183 u32 handle, struct nlattr **tca,
1184 void **arg, bool ovr, struct netlink_ext_ack *extack)
1186 struct cls_fl_head *head = rtnl_dereference(tp->root);
1187 struct cls_fl_filter *fold = *arg;
1188 struct cls_fl_filter *fnew;
1189 struct fl_flow_mask *mask;
1193 if (!tca[TCA_OPTIONS])
1196 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
1200 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1203 goto errout_mask_alloc;
1206 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1211 if (fold && handle && fold->handle != handle) {
1216 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1222 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
1226 if (tb[TCA_FLOWER_FLAGS]) {
1227 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1229 if (!tc_flags_valid(fnew->flags)) {
1235 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
1236 tp->chain->tmplt_priv, extack);
1240 err = fl_check_assign_mask(head, fnew, fold, mask);
1246 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1247 INT_MAX, GFP_KERNEL);
1249 /* user specifies a handle and it doesn't exist */
1250 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1251 handle, GFP_KERNEL);
1255 fnew->handle = handle;
1257 if (!tc_skip_sw(fnew->flags)) {
1258 if (!fold && fl_lookup(fnew->mask, &fnew->mkey)) {
1263 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
1264 fnew->mask->filter_ht_params);
1269 if (!tc_skip_hw(fnew->flags)) {
1270 err = fl_hw_replace_filter(tp, fnew, extack);
1275 if (!tc_in_hw(fnew->flags))
1276 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1279 if (!tc_skip_sw(fold->flags))
1280 rhashtable_remove_fast(&fold->mask->ht,
1282 fold->mask->filter_ht_params);
1283 if (!tc_skip_hw(fold->flags))
1284 fl_hw_destroy_filter(tp, fold, NULL);
1290 idr_replace(&head->handle_idr, fnew, fnew->handle);
1291 list_replace_rcu(&fold->list, &fnew->list);
1292 tcf_unbind_filter(tp, &fold->res);
1293 tcf_exts_get_net(&fold->exts);
1294 tcf_queue_work(&fold->rwork, fl_destroy_filter_work);
1296 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1305 idr_remove(&head->handle_idr, fnew->handle);
1308 fl_mask_put(head, fnew->mask, false);
1311 tcf_exts_destroy(&fnew->exts);
1320 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1321 struct netlink_ext_ack *extack)
1323 struct cls_fl_head *head = rtnl_dereference(tp->root);
1324 struct cls_fl_filter *f = arg;
1326 if (!tc_skip_sw(f->flags))
1327 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
1328 f->mask->filter_ht_params);
1329 __fl_delete(tp, f, extack);
1330 *last = list_empty(&head->masks);
1334 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
1336 struct cls_fl_head *head = rtnl_dereference(tp->root);
1337 struct cls_fl_filter *f;
1339 arg->count = arg->skip;
1341 while ((f = idr_get_next_ul(&head->handle_idr,
1342 &arg->cookie)) != NULL) {
1343 if (arg->fn(tp, f, arg) < 0) {
1347 arg->cookie = f->handle + 1;
1352 static int fl_reoffload(struct tcf_proto *tp, bool add, tc_setup_cb_t *cb,
1353 void *cb_priv, struct netlink_ext_ack *extack)
1355 struct cls_fl_head *head = rtnl_dereference(tp->root);
1356 struct tc_cls_flower_offload cls_flower = {};
1357 struct tcf_block *block = tp->chain->block;
1358 struct fl_flow_mask *mask;
1359 struct cls_fl_filter *f;
1362 list_for_each_entry(mask, &head->masks, list) {
1363 list_for_each_entry(f, &mask->filters, list) {
1364 if (tc_skip_hw(f->flags))
1367 tc_cls_common_offload_init(&cls_flower.common, tp,
1369 cls_flower.command = add ?
1370 TC_CLSFLOWER_REPLACE : TC_CLSFLOWER_DESTROY;
1371 cls_flower.cookie = (unsigned long)f;
1372 cls_flower.dissector = &mask->dissector;
1373 cls_flower.mask = &mask->key;
1374 cls_flower.key = &f->mkey;
1375 cls_flower.exts = &f->exts;
1376 cls_flower.classid = f->res.classid;
1378 err = cb(TC_SETUP_CLSFLOWER, &cls_flower, cb_priv);
1380 if (add && tc_skip_sw(f->flags))
1385 tc_cls_offload_cnt_update(block, &f->in_hw_count,
1393 static void fl_hw_create_tmplt(struct tcf_chain *chain,
1394 struct fl_flow_tmplt *tmplt)
1396 struct tc_cls_flower_offload cls_flower = {};
1397 struct tcf_block *block = chain->block;
1398 struct tcf_exts dummy_exts = { 0, };
1400 cls_flower.common.chain_index = chain->index;
1401 cls_flower.command = TC_CLSFLOWER_TMPLT_CREATE;
1402 cls_flower.cookie = (unsigned long) tmplt;
1403 cls_flower.dissector = &tmplt->dissector;
1404 cls_flower.mask = &tmplt->mask;
1405 cls_flower.key = &tmplt->dummy_key;
1406 cls_flower.exts = &dummy_exts;
1408 /* We don't care if driver (any of them) fails to handle this
1409 * call. It serves just as a hint for it.
1411 tc_setup_cb_call(block, NULL, TC_SETUP_CLSFLOWER,
1412 &cls_flower, false);
1415 static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
1416 struct fl_flow_tmplt *tmplt)
1418 struct tc_cls_flower_offload cls_flower = {};
1419 struct tcf_block *block = chain->block;
1421 cls_flower.common.chain_index = chain->index;
1422 cls_flower.command = TC_CLSFLOWER_TMPLT_DESTROY;
1423 cls_flower.cookie = (unsigned long) tmplt;
1425 tc_setup_cb_call(block, NULL, TC_SETUP_CLSFLOWER,
1426 &cls_flower, false);
1429 static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
1430 struct nlattr **tca,
1431 struct netlink_ext_ack *extack)
1433 struct fl_flow_tmplt *tmplt;
1437 if (!tca[TCA_OPTIONS])
1438 return ERR_PTR(-EINVAL);
1440 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1442 return ERR_PTR(-ENOBUFS);
1443 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1448 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
1453 tmplt->chain = chain;
1454 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
1459 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
1461 fl_hw_create_tmplt(chain, tmplt);
1469 return ERR_PTR(err);
1472 static void fl_tmplt_destroy(void *tmplt_priv)
1474 struct fl_flow_tmplt *tmplt = tmplt_priv;
1476 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
1480 static int fl_dump_key_val(struct sk_buff *skb,
1481 void *val, int val_type,
1482 void *mask, int mask_type, int len)
1486 if (!memchr_inv(mask, 0, len))
1488 err = nla_put(skb, val_type, len, val);
1491 if (mask_type != TCA_FLOWER_UNSPEC) {
1492 err = nla_put(skb, mask_type, len, mask);
1499 static int fl_dump_key_mpls(struct sk_buff *skb,
1500 struct flow_dissector_key_mpls *mpls_key,
1501 struct flow_dissector_key_mpls *mpls_mask)
1505 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1507 if (mpls_mask->mpls_ttl) {
1508 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1509 mpls_key->mpls_ttl);
1513 if (mpls_mask->mpls_tc) {
1514 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1519 if (mpls_mask->mpls_label) {
1520 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1521 mpls_key->mpls_label);
1525 if (mpls_mask->mpls_bos) {
1526 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1527 mpls_key->mpls_bos);
1534 static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
1535 struct flow_dissector_key_ip *key,
1536 struct flow_dissector_key_ip *mask)
1538 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
1539 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
1540 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
1541 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
1543 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
1544 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
1550 static int fl_dump_key_vlan(struct sk_buff *skb,
1551 int vlan_id_key, int vlan_prio_key,
1552 struct flow_dissector_key_vlan *vlan_key,
1553 struct flow_dissector_key_vlan *vlan_mask)
1557 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1559 if (vlan_mask->vlan_id) {
1560 err = nla_put_u16(skb, vlan_id_key,
1565 if (vlan_mask->vlan_priority) {
1566 err = nla_put_u8(skb, vlan_prio_key,
1567 vlan_key->vlan_priority);
1574 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
1575 u32 *flower_key, u32 *flower_mask,
1576 u32 flower_flag_bit, u32 dissector_flag_bit)
1578 if (dissector_mask & dissector_flag_bit) {
1579 *flower_mask |= flower_flag_bit;
1580 if (dissector_key & dissector_flag_bit)
1581 *flower_key |= flower_flag_bit;
1585 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
1591 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
1597 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1598 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
1599 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1600 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
1601 FLOW_DIS_FIRST_FRAG);
1603 _key = cpu_to_be32(key);
1604 _mask = cpu_to_be32(mask);
1606 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
1610 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
1613 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
1614 struct flow_dissector_key_enc_opts *enc_opts)
1616 struct geneve_opt *opt;
1617 struct nlattr *nest;
1620 nest = nla_nest_start(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
1622 goto nla_put_failure;
1624 while (enc_opts->len > opt_off) {
1625 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
1627 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
1629 goto nla_put_failure;
1630 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
1632 goto nla_put_failure;
1633 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
1634 opt->length * 4, opt->opt_data))
1635 goto nla_put_failure;
1637 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
1639 nla_nest_end(skb, nest);
1643 nla_nest_cancel(skb, nest);
1647 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
1648 struct flow_dissector_key_enc_opts *enc_opts)
1650 struct nlattr *nest;
1656 nest = nla_nest_start(skb, enc_opt_type);
1658 goto nla_put_failure;
1660 switch (enc_opts->dst_opt_type) {
1661 case TUNNEL_GENEVE_OPT:
1662 err = fl_dump_key_geneve_opt(skb, enc_opts);
1664 goto nla_put_failure;
1667 goto nla_put_failure;
1669 nla_nest_end(skb, nest);
1673 nla_nest_cancel(skb, nest);
1677 static int fl_dump_key_enc_opt(struct sk_buff *skb,
1678 struct flow_dissector_key_enc_opts *key_opts,
1679 struct flow_dissector_key_enc_opts *msk_opts)
1683 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
1687 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
1690 static int fl_dump_key(struct sk_buff *skb, struct net *net,
1691 struct fl_flow_key *key, struct fl_flow_key *mask)
1693 if (mask->indev_ifindex) {
1694 struct net_device *dev;
1696 dev = __dev_get_by_index(net, key->indev_ifindex);
1697 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1698 goto nla_put_failure;
1701 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1702 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1703 sizeof(key->eth.dst)) ||
1704 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1705 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1706 sizeof(key->eth.src)) ||
1707 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1708 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1709 sizeof(key->basic.n_proto)))
1710 goto nla_put_failure;
1712 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
1713 goto nla_put_failure;
1715 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
1716 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
1717 goto nla_put_failure;
1719 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
1720 TCA_FLOWER_KEY_CVLAN_PRIO,
1721 &key->cvlan, &mask->cvlan) ||
1722 (mask->cvlan.vlan_tpid &&
1723 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1724 key->cvlan.vlan_tpid)))
1725 goto nla_put_failure;
1727 if (mask->basic.n_proto) {
1728 if (mask->cvlan.vlan_eth_type) {
1729 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1730 key->basic.n_proto))
1731 goto nla_put_failure;
1732 } else if (mask->vlan.vlan_eth_type) {
1733 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1734 key->vlan.vlan_eth_type))
1735 goto nla_put_failure;
1739 if ((key->basic.n_proto == htons(ETH_P_IP) ||
1740 key->basic.n_proto == htons(ETH_P_IPV6)) &&
1741 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1742 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1743 sizeof(key->basic.ip_proto)) ||
1744 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
1745 goto nla_put_failure;
1747 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1748 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1749 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1750 sizeof(key->ipv4.src)) ||
1751 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1752 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1753 sizeof(key->ipv4.dst))))
1754 goto nla_put_failure;
1755 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1756 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1757 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1758 sizeof(key->ipv6.src)) ||
1759 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1760 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1761 sizeof(key->ipv6.dst))))
1762 goto nla_put_failure;
1764 if (key->basic.ip_proto == IPPROTO_TCP &&
1765 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1766 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1767 sizeof(key->tp.src)) ||
1768 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1769 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1770 sizeof(key->tp.dst)) ||
1771 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1772 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1773 sizeof(key->tcp.flags))))
1774 goto nla_put_failure;
1775 else if (key->basic.ip_proto == IPPROTO_UDP &&
1776 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1777 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1778 sizeof(key->tp.src)) ||
1779 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1780 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1781 sizeof(key->tp.dst))))
1782 goto nla_put_failure;
1783 else if (key->basic.ip_proto == IPPROTO_SCTP &&
1784 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1785 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1786 sizeof(key->tp.src)) ||
1787 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1788 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1789 sizeof(key->tp.dst))))
1790 goto nla_put_failure;
1791 else if (key->basic.n_proto == htons(ETH_P_IP) &&
1792 key->basic.ip_proto == IPPROTO_ICMP &&
1793 (fl_dump_key_val(skb, &key->icmp.type,
1794 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
1795 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1796 sizeof(key->icmp.type)) ||
1797 fl_dump_key_val(skb, &key->icmp.code,
1798 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
1799 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1800 sizeof(key->icmp.code))))
1801 goto nla_put_failure;
1802 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1803 key->basic.ip_proto == IPPROTO_ICMPV6 &&
1804 (fl_dump_key_val(skb, &key->icmp.type,
1805 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
1806 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1807 sizeof(key->icmp.type)) ||
1808 fl_dump_key_val(skb, &key->icmp.code,
1809 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
1810 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1811 sizeof(key->icmp.code))))
1812 goto nla_put_failure;
1813 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
1814 key->basic.n_proto == htons(ETH_P_RARP)) &&
1815 (fl_dump_key_val(skb, &key->arp.sip,
1816 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
1817 TCA_FLOWER_KEY_ARP_SIP_MASK,
1818 sizeof(key->arp.sip)) ||
1819 fl_dump_key_val(skb, &key->arp.tip,
1820 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
1821 TCA_FLOWER_KEY_ARP_TIP_MASK,
1822 sizeof(key->arp.tip)) ||
1823 fl_dump_key_val(skb, &key->arp.op,
1824 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
1825 TCA_FLOWER_KEY_ARP_OP_MASK,
1826 sizeof(key->arp.op)) ||
1827 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1828 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1829 sizeof(key->arp.sha)) ||
1830 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1831 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1832 sizeof(key->arp.tha))))
1833 goto nla_put_failure;
1835 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1836 (fl_dump_key_val(skb, &key->enc_ipv4.src,
1837 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
1838 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1839 sizeof(key->enc_ipv4.src)) ||
1840 fl_dump_key_val(skb, &key->enc_ipv4.dst,
1841 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
1842 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1843 sizeof(key->enc_ipv4.dst))))
1844 goto nla_put_failure;
1845 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1846 (fl_dump_key_val(skb, &key->enc_ipv6.src,
1847 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
1848 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1849 sizeof(key->enc_ipv6.src)) ||
1850 fl_dump_key_val(skb, &key->enc_ipv6.dst,
1851 TCA_FLOWER_KEY_ENC_IPV6_DST,
1852 &mask->enc_ipv6.dst,
1853 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1854 sizeof(key->enc_ipv6.dst))))
1855 goto nla_put_failure;
1857 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
1858 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
1859 sizeof(key->enc_key_id)) ||
1860 fl_dump_key_val(skb, &key->enc_tp.src,
1861 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1863 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1864 sizeof(key->enc_tp.src)) ||
1865 fl_dump_key_val(skb, &key->enc_tp.dst,
1866 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1868 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1869 sizeof(key->enc_tp.dst)) ||
1870 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
1871 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
1872 goto nla_put_failure;
1874 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
1875 goto nla_put_failure;
1883 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
1884 struct sk_buff *skb, struct tcmsg *t)
1886 struct cls_fl_filter *f = fh;
1887 struct nlattr *nest;
1888 struct fl_flow_key *key, *mask;
1893 t->tcm_handle = f->handle;
1895 nest = nla_nest_start(skb, TCA_OPTIONS);
1897 goto nla_put_failure;
1899 if (f->res.classid &&
1900 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
1901 goto nla_put_failure;
1904 mask = &f->mask->key;
1906 if (fl_dump_key(skb, net, key, mask))
1907 goto nla_put_failure;
1909 if (!tc_skip_hw(f->flags))
1910 fl_hw_update_stats(tp, f);
1912 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
1913 goto nla_put_failure;
1915 if (tcf_exts_dump(skb, &f->exts))
1916 goto nla_put_failure;
1918 nla_nest_end(skb, nest);
1920 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
1921 goto nla_put_failure;
1926 nla_nest_cancel(skb, nest);
1930 static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
1932 struct fl_flow_tmplt *tmplt = tmplt_priv;
1933 struct fl_flow_key *key, *mask;
1934 struct nlattr *nest;
1936 nest = nla_nest_start(skb, TCA_OPTIONS);
1938 goto nla_put_failure;
1940 key = &tmplt->dummy_key;
1941 mask = &tmplt->mask;
1943 if (fl_dump_key(skb, net, key, mask))
1944 goto nla_put_failure;
1946 nla_nest_end(skb, nest);
1951 nla_nest_cancel(skb, nest);
1955 static void fl_bind_class(void *fh, u32 classid, unsigned long cl, void *q,
1958 struct cls_fl_filter *f = fh;
1960 if (f && f->res.classid == classid) {
1962 __tcf_bind_filter(q, &f->res, base);
1964 __tcf_unbind_filter(q, &f->res);
1968 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
1970 .classify = fl_classify,
1972 .destroy = fl_destroy,
1974 .change = fl_change,
1975 .delete = fl_delete,
1977 .reoffload = fl_reoffload,
1979 .bind_class = fl_bind_class,
1980 .tmplt_create = fl_tmplt_create,
1981 .tmplt_destroy = fl_tmplt_destroy,
1982 .tmplt_dump = fl_tmplt_dump,
1983 .owner = THIS_MODULE,
1986 static int __init cls_fl_init(void)
1988 return register_tcf_proto_ops(&cls_fl_ops);
1991 static void __exit cls_fl_exit(void)
1993 unregister_tcf_proto_ops(&cls_fl_ops);
1996 module_init(cls_fl_init);
1997 module_exit(cls_fl_exit);
1999 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2000 MODULE_DESCRIPTION("Flower classifier");
2001 MODULE_LICENSE("GPL v2");
projects / releases.git / blob