projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net_sched: flower: Avoid dissection of unmasked keys
[deliverable/linux.git] / net / sched / cls_flower.c
1 /*
2 * net/sched/cls_flower.c Flower classifier
3 *
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16
17 #include <linux/if_ether.h>
18 #include <linux/in6.h>
19 #include <linux/ip.h>
20
21 #include <net/sch_generic.h>
22 #include <net/pkt_cls.h>
23 #include <net/ip.h>
24 #include <net/flow_dissector.h>
25
26 struct fl_flow_key {
27 int indev_ifindex;
28 struct flow_dissector_key_control control;
29 struct flow_dissector_key_basic basic;
30 struct flow_dissector_key_eth_addrs eth;
31 struct flow_dissector_key_addrs ipaddrs;
32 union {
33 struct flow_dissector_key_ipv4_addrs ipv4;
34 struct flow_dissector_key_ipv6_addrs ipv6;
35 };
36 struct flow_dissector_key_ports tp;
37 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
38
39 struct fl_flow_mask_range {
40 unsigned short int start;
41 unsigned short int end;
42 };
43
44 struct fl_flow_mask {
45 struct fl_flow_key key;
46 struct fl_flow_mask_range range;
47 struct rcu_head rcu;
48 };
49
50 struct cls_fl_head {
51 struct rhashtable ht;
52 struct fl_flow_mask mask;
53 struct flow_dissector dissector;
54 u32 hgen;
55 bool mask_assigned;
56 struct list_head filters;
57 struct rhashtable_params ht_params;
58 struct rcu_head rcu;
59 };
60
61 struct cls_fl_filter {
62 struct rhash_head ht_node;
63 struct fl_flow_key mkey;
64 struct tcf_exts exts;
65 struct tcf_result res;
66 struct fl_flow_key key;
67 struct list_head list;
68 u32 handle;
69 u32 flags;
70 struct rcu_head rcu;
71 };
72
73 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
74 {
75 return mask->range.end - mask->range.start;
76 }
77
78 static void fl_mask_update_range(struct fl_flow_mask *mask)
79 {
80 const u8 *bytes = (const u8 *) &mask->key;
81 size_t size = sizeof(mask->key);
82 size_t i, first = 0, last = size - 1;
83
84 for (i = 0; i < sizeof(mask->key); i++) {
85 if (bytes[i]) {
86 if (!first && i)
87 first = i;
88 last = i;
89 }
90 }
91 mask->range.start = rounddown(first, sizeof(long));
92 mask->range.end = roundup(last + 1, sizeof(long));
93 }
94
95 static void *fl_key_get_start(struct fl_flow_key *key,
96 const struct fl_flow_mask *mask)
97 {
98 return (u8 *) key + mask->range.start;
99 }
100
101 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
102 struct fl_flow_mask *mask)
103 {
104 const long *lkey = fl_key_get_start(key, mask);
105 const long *lmask = fl_key_get_start(&mask->key, mask);
106 long *lmkey = fl_key_get_start(mkey, mask);
107 int i;
108
109 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
110 *lmkey++ = *lkey++ & *lmask++;
111 }
112
113 static void fl_clear_masked_range(struct fl_flow_key *key,
114 struct fl_flow_mask *mask)
115 {
116 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
117 }
118
119 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
120 struct tcf_result *res)
121 {
122 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
123 struct cls_fl_filter *f;
124 struct fl_flow_key skb_key;
125 struct fl_flow_key skb_mkey;
126
127 if (!atomic_read(&head->ht.nelems))
128 return -1;
129
130 fl_clear_masked_range(&skb_key, &head->mask);
131 skb_key.indev_ifindex = skb->skb_iif;
132 /* skb_flow_dissect() does not set n_proto in case an unknown protocol,
133 * so do it rather here.
134 */
135 skb_key.basic.n_proto = skb->protocol;
136 skb_flow_dissect(skb, &head->dissector, &skb_key, 0);
137
138 fl_set_masked_key(&skb_mkey, &skb_key, &head->mask);
139
140 f = rhashtable_lookup_fast(&head->ht,
141 fl_key_get_start(&skb_mkey, &head->mask),
142 head->ht_params);
143 if (f && !tc_skip_sw(f->flags)) {
144 *res = f->res;
145 return tcf_exts_exec(skb, &f->exts, res);
146 }
147 return -1;
148 }
149
150 static int fl_init(struct tcf_proto *tp)
151 {
152 struct cls_fl_head *head;
153
154 head = kzalloc(sizeof(*head), GFP_KERNEL);
155 if (!head)
156 return -ENOBUFS;
157
158 INIT_LIST_HEAD_RCU(&head->filters);
159 rcu_assign_pointer(tp->root, head);
160
161 return 0;
162 }
163
164 static void fl_destroy_filter(struct rcu_head *head)
165 {
166 struct cls_fl_filter *f = container_of(head, struct cls_fl_filter, rcu);
167
168 tcf_exts_destroy(&f->exts);
169 kfree(f);
170 }
171
172 static void fl_hw_destroy_filter(struct tcf_proto *tp, unsigned long cookie)
173 {
174 struct net_device *dev = tp->q->dev_queue->dev;
175 struct tc_cls_flower_offload offload = {0};
176 struct tc_to_netdev tc;
177
178 if (!tc_should_offload(dev, tp, 0))
179 return;
180
181 offload.command = TC_CLSFLOWER_DESTROY;
182 offload.cookie = cookie;
183
184 tc.type = TC_SETUP_CLSFLOWER;
185 tc.cls_flower = &offload;
186
187 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc);
188 }
189
190 static int fl_hw_replace_filter(struct tcf_proto *tp,
191 struct flow_dissector *dissector,
192 struct fl_flow_key *mask,
193 struct fl_flow_key *key,
194 struct tcf_exts *actions,
195 unsigned long cookie, u32 flags)
196 {
197 struct net_device *dev = tp->q->dev_queue->dev;
198 struct tc_cls_flower_offload offload = {0};
199 struct tc_to_netdev tc;
200 int err;
201
202 if (!tc_should_offload(dev, tp, flags))
203 return tc_skip_sw(flags) ? -EINVAL : 0;
204
205 offload.command = TC_CLSFLOWER_REPLACE;
206 offload.cookie = cookie;
207 offload.dissector = dissector;
208 offload.mask = mask;
209 offload.key = key;
210 offload.exts = actions;
211
212 tc.type = TC_SETUP_CLSFLOWER;
213 tc.cls_flower = &offload;
214
215 err = dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc);
216
217 if (tc_skip_sw(flags))
218 return err;
219
220 return 0;
221 }
222
223 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
224 {
225 struct net_device *dev = tp->q->dev_queue->dev;
226 struct tc_cls_flower_offload offload = {0};
227 struct tc_to_netdev tc;
228
229 if (!tc_should_offload(dev, tp, 0))
230 return;
231
232 offload.command = TC_CLSFLOWER_STATS;
233 offload.cookie = (unsigned long)f;
234 offload.exts = &f->exts;
235
236 tc.type = TC_SETUP_CLSFLOWER;
237 tc.cls_flower = &offload;
238
239 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc);
240 }
241
242 static bool fl_destroy(struct tcf_proto *tp, bool force)
243 {
244 struct cls_fl_head *head = rtnl_dereference(tp->root);
245 struct cls_fl_filter *f, *next;
246
247 if (!force && !list_empty(&head->filters))
248 return false;
249
250 list_for_each_entry_safe(f, next, &head->filters, list) {
251 fl_hw_destroy_filter(tp, (unsigned long)f);
252 list_del_rcu(&f->list);
253 call_rcu(&f->rcu, fl_destroy_filter);
254 }
255 RCU_INIT_POINTER(tp->root, NULL);
256 if (head->mask_assigned)
257 rhashtable_destroy(&head->ht);
258 kfree_rcu(head, rcu);
259 return true;
260 }
261
262 static unsigned long fl_get(struct tcf_proto *tp, u32 handle)
263 {
264 struct cls_fl_head *head = rtnl_dereference(tp->root);
265 struct cls_fl_filter *f;
266
267 list_for_each_entry(f, &head->filters, list)
268 if (f->handle == handle)
269 return (unsigned long) f;
270 return 0;
271 }
272
273 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
274 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
275 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
276 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
277 .len = IFNAMSIZ },
278 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
279 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
280 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
281 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
282 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
283 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
284 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
285 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
286 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
287 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
288 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
289 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
290 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
291 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
292 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
293 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
294 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
295 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
296 };
297
298 static void fl_set_key_val(struct nlattr **tb,
299 void *val, int val_type,
300 void *mask, int mask_type, int len)
301 {
302 if (!tb[val_type])
303 return;
304 memcpy(val, nla_data(tb[val_type]), len);
305 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
306 memset(mask, 0xff, len);
307 else
308 memcpy(mask, nla_data(tb[mask_type]), len);
309 }
310
311 static int fl_set_key(struct net *net, struct nlattr **tb,
312 struct fl_flow_key *key, struct fl_flow_key *mask)
313 {
314 #ifdef CONFIG_NET_CLS_IND
315 if (tb[TCA_FLOWER_INDEV]) {
316 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV]);
317 if (err < 0)
318 return err;
319 key->indev_ifindex = err;
320 mask->indev_ifindex = 0xffffffff;
321 }
322 #endif
323
324 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
325 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
326 sizeof(key->eth.dst));
327 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
328 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
329 sizeof(key->eth.src));
330
331 fl_set_key_val(tb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
332 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
333 sizeof(key->basic.n_proto));
334
335 if (key->basic.n_proto == htons(ETH_P_IP) ||
336 key->basic.n_proto == htons(ETH_P_IPV6)) {
337 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
338 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
339 sizeof(key->basic.ip_proto));
340 }
341
342 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
343 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
344 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
345 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
346 sizeof(key->ipv4.src));
347 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
348 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
349 sizeof(key->ipv4.dst));
350 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
351 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
352 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
353 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
354 sizeof(key->ipv6.src));
355 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
356 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
357 sizeof(key->ipv6.dst));
358 }
359
360 if (key->basic.ip_proto == IPPROTO_TCP) {
361 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
362 &mask->tp.src, TCA_FLOWER_UNSPEC,
363 sizeof(key->tp.src));
364 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
365 &mask->tp.dst, TCA_FLOWER_UNSPEC,
366 sizeof(key->tp.dst));
367 } else if (key->basic.ip_proto == IPPROTO_UDP) {
368 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
369 &mask->tp.src, TCA_FLOWER_UNSPEC,
370 sizeof(key->tp.src));
371 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
372 &mask->tp.dst, TCA_FLOWER_UNSPEC,
373 sizeof(key->tp.dst));
374 }
375
376 return 0;
377 }
378
379 static bool fl_mask_eq(struct fl_flow_mask *mask1,
380 struct fl_flow_mask *mask2)
381 {
382 const long *lmask1 = fl_key_get_start(&mask1->key, mask1);
383 const long *lmask2 = fl_key_get_start(&mask2->key, mask2);
384
385 return !memcmp(&mask1->range, &mask2->range, sizeof(mask1->range)) &&
386 !memcmp(lmask1, lmask2, fl_mask_range(mask1));
387 }
388
389 static const struct rhashtable_params fl_ht_params = {
390 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
391 .head_offset = offsetof(struct cls_fl_filter, ht_node),
392 .automatic_shrinking = true,
393 };
394
395 static int fl_init_hashtable(struct cls_fl_head *head,
396 struct fl_flow_mask *mask)
397 {
398 head->ht_params = fl_ht_params;
399 head->ht_params.key_len = fl_mask_range(mask);
400 head->ht_params.key_offset += mask->range.start;
401
402 return rhashtable_init(&head->ht, &head->ht_params);
403 }
404
405 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
406 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
407
408 #define FL_KEY_IS_MASKED(mask, member) \
409 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
410 0, FL_KEY_MEMBER_SIZE(member)) \
411
412 #define FL_KEY_SET(keys, cnt, id, member) \
413 do { \
414 keys[cnt].key_id = id; \
415 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
416 cnt++; \
417 } while(0);
418
419 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
420 do { \
421 if (FL_KEY_IS_MASKED(mask, member)) \
422 FL_KEY_SET(keys, cnt, id, member); \
423 } while(0);
424
425 static void fl_init_dissector(struct cls_fl_head *head,
426 struct fl_flow_mask *mask)
427 {
428 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
429 size_t cnt = 0;
430
431 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
432 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
433 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
434 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
435 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
436 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
437 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
438 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
439 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
440 FLOW_DISSECTOR_KEY_PORTS, tp);
441
442 skb_flow_dissector_init(&head->dissector, keys, cnt);
443 }
444
445 static int fl_check_assign_mask(struct cls_fl_head *head,
446 struct fl_flow_mask *mask)
447 {
448 int err;
449
450 if (head->mask_assigned) {
451 if (!fl_mask_eq(&head->mask, mask))
452 return -EINVAL;
453 else
454 return 0;
455 }
456
457 /* Mask is not assigned yet. So assign it and init hashtable
458 * according to that.
459 */
460 err = fl_init_hashtable(head, mask);
461 if (err)
462 return err;
463 memcpy(&head->mask, mask, sizeof(head->mask));
464 head->mask_assigned = true;
465
466 fl_init_dissector(head, mask);
467
468 return 0;
469 }
470
471 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
472 struct cls_fl_filter *f, struct fl_flow_mask *mask,
473 unsigned long base, struct nlattr **tb,
474 struct nlattr *est, bool ovr)
475 {
476 struct tcf_exts e;
477 int err;
478
479 tcf_exts_init(&e, TCA_FLOWER_ACT, 0);
480 err = tcf_exts_validate(net, tp, tb, est, &e, ovr);
481 if (err < 0)
482 return err;
483
484 if (tb[TCA_FLOWER_CLASSID]) {
485 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
486 tcf_bind_filter(tp, &f->res, base);
487 }
488
489 err = fl_set_key(net, tb, &f->key, &mask->key);
490 if (err)
491 goto errout;
492
493 fl_mask_update_range(mask);
494 fl_set_masked_key(&f->mkey, &f->key, mask);
495
496 tcf_exts_change(tp, &f->exts, &e);
497
498 return 0;
499 errout:
500 tcf_exts_destroy(&e);
501 return err;
502 }
503
504 static u32 fl_grab_new_handle(struct tcf_proto *tp,
505 struct cls_fl_head *head)
506 {
507 unsigned int i = 0x80000000;
508 u32 handle;
509
510 do {
511 if (++head->hgen == 0x7FFFFFFF)
512 head->hgen = 1;
513 } while (--i > 0 && fl_get(tp, head->hgen));
514
515 if (unlikely(i == 0)) {
516 pr_err("Insufficient number of handles\n");
517 handle = 0;
518 } else {
519 handle = head->hgen;
520 }
521
522 return handle;
523 }
524
525 static int fl_change(struct net *net, struct sk_buff *in_skb,
526 struct tcf_proto *tp, unsigned long base,
527 u32 handle, struct nlattr **tca,
528 unsigned long *arg, bool ovr)
529 {
530 struct cls_fl_head *head = rtnl_dereference(tp->root);
531 struct cls_fl_filter *fold = (struct cls_fl_filter *) *arg;
532 struct cls_fl_filter *fnew;
533 struct nlattr *tb[TCA_FLOWER_MAX + 1];
534 struct fl_flow_mask mask = {};
535 int err;
536
537 if (!tca[TCA_OPTIONS])
538 return -EINVAL;
539
540 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS], fl_policy);
541 if (err < 0)
542 return err;
543
544 if (fold && handle && fold->handle != handle)
545 return -EINVAL;
546
547 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
548 if (!fnew)
549 return -ENOBUFS;
550
551 tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
552
553 if (!handle) {
554 handle = fl_grab_new_handle(tp, head);
555 if (!handle) {
556 err = -EINVAL;
557 goto errout;
558 }
559 }
560 fnew->handle = handle;
561
562 if (tb[TCA_FLOWER_FLAGS]) {
563 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
564
565 if (!tc_flags_valid(fnew->flags)) {
566 err = -EINVAL;
567 goto errout;
568 }
569 }
570
571 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr);
572 if (err)
573 goto errout;
574
575 err = fl_check_assign_mask(head, &mask);
576 if (err)
577 goto errout;
578
579 if (!tc_skip_sw(fnew->flags)) {
580 err = rhashtable_insert_fast(&head->ht, &fnew->ht_node,
581 head->ht_params);
582 if (err)
583 goto errout;
584 }
585
586 err = fl_hw_replace_filter(tp,
587 &head->dissector,
588 &mask.key,
589 &fnew->key,
590 &fnew->exts,
591 (unsigned long)fnew,
592 fnew->flags);
593 if (err)
594 goto errout;
595
596 if (fold) {
597 rhashtable_remove_fast(&head->ht, &fold->ht_node,
598 head->ht_params);
599 fl_hw_destroy_filter(tp, (unsigned long)fold);
600 }
601
602 *arg = (unsigned long) fnew;
603
604 if (fold) {
605 list_replace_rcu(&fold->list, &fnew->list);
606 tcf_unbind_filter(tp, &fold->res);
607 call_rcu(&fold->rcu, fl_destroy_filter);
608 } else {
609 list_add_tail_rcu(&fnew->list, &head->filters);
610 }
611
612 return 0;
613
614 errout:
615 kfree(fnew);
616 return err;
617 }
618
619 static int fl_delete(struct tcf_proto *tp, unsigned long arg)
620 {
621 struct cls_fl_head *head = rtnl_dereference(tp->root);
622 struct cls_fl_filter *f = (struct cls_fl_filter *) arg;
623
624 rhashtable_remove_fast(&head->ht, &f->ht_node,
625 head->ht_params);
626 list_del_rcu(&f->list);
627 fl_hw_destroy_filter(tp, (unsigned long)f);
628 tcf_unbind_filter(tp, &f->res);
629 call_rcu(&f->rcu, fl_destroy_filter);
630 return 0;
631 }
632
633 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
634 {
635 struct cls_fl_head *head = rtnl_dereference(tp->root);
636 struct cls_fl_filter *f;
637
638 list_for_each_entry_rcu(f, &head->filters, list) {
639 if (arg->count < arg->skip)
640 goto skip;
641 if (arg->fn(tp, (unsigned long) f, arg) < 0) {
642 arg->stop = 1;
643 break;
644 }
645 skip:
646 arg->count++;
647 }
648 }
649
650 static int fl_dump_key_val(struct sk_buff *skb,
651 void *val, int val_type,
652 void *mask, int mask_type, int len)
653 {
654 int err;
655
656 if (!memchr_inv(mask, 0, len))
657 return 0;
658 err = nla_put(skb, val_type, len, val);
659 if (err)
660 return err;
661 if (mask_type != TCA_FLOWER_UNSPEC) {
662 err = nla_put(skb, mask_type, len, mask);
663 if (err)
664 return err;
665 }
666 return 0;
667 }
668
669 static int fl_dump(struct net *net, struct tcf_proto *tp, unsigned long fh,
670 struct sk_buff *skb, struct tcmsg *t)
671 {
672 struct cls_fl_head *head = rtnl_dereference(tp->root);
673 struct cls_fl_filter *f = (struct cls_fl_filter *) fh;
674 struct nlattr *nest;
675 struct fl_flow_key *key, *mask;
676
677 if (!f)
678 return skb->len;
679
680 t->tcm_handle = f->handle;
681
682 nest = nla_nest_start(skb, TCA_OPTIONS);
683 if (!nest)
684 goto nla_put_failure;
685
686 if (f->res.classid &&
687 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
688 goto nla_put_failure;
689
690 key = &f->key;
691 mask = &head->mask.key;
692
693 if (mask->indev_ifindex) {
694 struct net_device *dev;
695
696 dev = __dev_get_by_index(net, key->indev_ifindex);
697 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
698 goto nla_put_failure;
699 }
700
701 fl_hw_update_stats(tp, f);
702
703 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
704 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
705 sizeof(key->eth.dst)) ||
706 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
707 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
708 sizeof(key->eth.src)) ||
709 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
710 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
711 sizeof(key->basic.n_proto)))
712 goto nla_put_failure;
713 if ((key->basic.n_proto == htons(ETH_P_IP) ||
714 key->basic.n_proto == htons(ETH_P_IPV6)) &&
715 fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
716 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
717 sizeof(key->basic.ip_proto)))
718 goto nla_put_failure;
719
720 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
721 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
722 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
723 sizeof(key->ipv4.src)) ||
724 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
725 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
726 sizeof(key->ipv4.dst))))
727 goto nla_put_failure;
728 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
729 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
730 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
731 sizeof(key->ipv6.src)) ||
732 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
733 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
734 sizeof(key->ipv6.dst))))
735 goto nla_put_failure;
736
737 if (key->basic.ip_proto == IPPROTO_TCP &&
738 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
739 &mask->tp.src, TCA_FLOWER_UNSPEC,
740 sizeof(key->tp.src)) ||
741 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
742 &mask->tp.dst, TCA_FLOWER_UNSPEC,
743 sizeof(key->tp.dst))))
744 goto nla_put_failure;
745 else if (key->basic.ip_proto == IPPROTO_UDP &&
746 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
747 &mask->tp.src, TCA_FLOWER_UNSPEC,
748 sizeof(key->tp.src)) ||
749 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
750 &mask->tp.dst, TCA_FLOWER_UNSPEC,
751 sizeof(key->tp.dst))))
752 goto nla_put_failure;
753
754 nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags);
755
756 if (tcf_exts_dump(skb, &f->exts))
757 goto nla_put_failure;
758
759 nla_nest_end(skb, nest);
760
761 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
762 goto nla_put_failure;
763
764 return skb->len;
765
766 nla_put_failure:
767 nla_nest_cancel(skb, nest);
768 return -1;
769 }
770
771 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
772 .kind = "flower",
773 .classify = fl_classify,
774 .init = fl_init,
775 .destroy = fl_destroy,
776 .get = fl_get,
777 .change = fl_change,
778 .delete = fl_delete,
779 .walk = fl_walk,
780 .dump = fl_dump,
781 .owner = THIS_MODULE,
782 };
783
784 static int __init cls_fl_init(void)
785 {
786 return register_tcf_proto_ops(&cls_fl_ops);
787 }
788
789 static void __exit cls_fl_exit(void)
790 {
791 unregister_tcf_proto_ops(&cls_fl_ops);
792 }
793
794 module_init(cls_fl_init);
795 module_exit(cls_fl_exit);
796
797 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
798 MODULE_DESCRIPTION("Flower classifier");
799 MODULE_LICENSE("GPL v2");
Linux kernel - Deliverables
This page took 0.092987 seconds and 6 git commands to generate.