[mirror_ubuntu-zesty-kernel.git] / net / core / fib_rules.c

/*
 * net/core/fib_rules.c		Generic Routing Rules
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License as
 *	published by the Free Software Foundation, version 2.
 *
 * Authors:	Thomas Graf <tgraf@suug.ch>
 */

#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/list.h>
#include <net/net_namespace.h>
#include <net/fib_rules.h>

static LIST_HEAD(rules_ops);
static DEFINE_SPINLOCK(rules_mod_lock);

static void notify_rule_change(int event, struct fib_rule *rule,
			       struct fib_rules_ops *ops, struct nlmsghdr *nlh,
			       u32 pid);

static struct fib_rules_ops *lookup_rules_ops(int family)
{
	struct fib_rules_ops *ops;

	rcu_read_lock();
	list_for_each_entry_rcu(ops, &rules_ops, list) {
		if (ops->family == family) {
			if (!try_module_get(ops->owner))
				ops = NULL;
			rcu_read_unlock();
			return ops;
		}
	}
	rcu_read_unlock();

	return NULL;
}

static void rules_ops_put(struct fib_rules_ops *ops)
{
	if (ops)
		module_put(ops->owner);
}

static void flush_route_cache(struct fib_rules_ops *ops)
{
	if (ops->flush_cache)
		ops->flush_cache();
}

int fib_rules_register(struct fib_rules_ops *ops)
{
	int err = -EEXIST;
	struct fib_rules_ops *o;

	if (ops->rule_size < sizeof(struct fib_rule))
		return -EINVAL;

	if (ops->match == NULL || ops->configure == NULL ||
	    ops->compare == NULL || ops->fill == NULL ||
	    ops->action == NULL)
		return -EINVAL;

	spin_lock(&rules_mod_lock);
	list_for_each_entry(o, &rules_ops, list)
		if (ops->family == o->family)
			goto errout;

	list_add_tail_rcu(&ops->list, &rules_ops);
	err = 0;
errout:
	spin_unlock(&rules_mod_lock);

	return err;
}

EXPORT_SYMBOL_GPL(fib_rules_register);

static void cleanup_ops(struct fib_rules_ops *ops)
{
	struct fib_rule *rule, *tmp;

	list_for_each_entry_safe(rule, tmp, ops->rules_list, list) {
		list_del_rcu(&rule->list);
		fib_rule_put(rule);
	}
}

int fib_rules_unregister(struct fib_rules_ops *ops)
{
	int err = 0;
	struct fib_rules_ops *o;

	spin_lock(&rules_mod_lock);
	list_for_each_entry(o, &rules_ops, list) {
		if (o == ops) {
			list_del_rcu(&o->list);
			cleanup_ops(ops);
			goto out;
		}
	}

	err = -ENOENT;
out:
	spin_unlock(&rules_mod_lock);

	synchronize_rcu();

	return err;
}

EXPORT_SYMBOL_GPL(fib_rules_unregister);

static int fib_rule_match(struct fib_rule *rule, struct fib_rules_ops *ops,
			  struct flowi *fl, int flags)
{
	int ret = 0;

	if (rule->ifindex && (rule->ifindex != fl->iif))
		goto out;

	if ((rule->mark ^ fl->mark) & rule->mark_mask)
		goto out;

	ret = ops->match(rule, fl, flags);
out:
	return (rule->flags & FIB_RULE_INVERT) ? !ret : ret;
}

int fib_rules_lookup(struct fib_rules_ops *ops, struct flowi *fl,
		     int flags, struct fib_lookup_arg *arg)
{
	struct fib_rule *rule;
	int err;

	rcu_read_lock();

	list_for_each_entry_rcu(rule, ops->rules_list, list) {
jumped:
		if (!fib_rule_match(rule, ops, fl, flags))
			continue;

		if (rule->action == FR_ACT_GOTO) {
			struct fib_rule *target;

			target = rcu_dereference(rule->ctarget);
			if (target == NULL) {
				continue;
			} else {
				rule = target;
				goto jumped;
			}
		} else if (rule->action == FR_ACT_NOP)
			continue;
		else
			err = ops->action(rule, fl, flags, arg);

		if (err != -EAGAIN) {
			fib_rule_get(rule);
			arg->rule = rule;
			goto out;
		}
	}

	err = -ESRCH;
out:
	rcu_read_unlock();

	return err;
}

EXPORT_SYMBOL_GPL(fib_rules_lookup);

static int validate_rulemsg(struct fib_rule_hdr *frh, struct nlattr **tb,
			    struct fib_rules_ops *ops)
{
	int err = -EINVAL;

	if (frh->src_len)
		if (tb[FRA_SRC] == NULL ||
		    frh->src_len > (ops->addr_size * 8) ||
		    nla_len(tb[FRA_SRC]) != ops->addr_size)
			goto errout;

	if (frh->dst_len)
		if (tb[FRA_DST] == NULL ||
		    frh->dst_len > (ops->addr_size * 8) ||
		    nla_len(tb[FRA_DST]) != ops->addr_size)
			goto errout;

	err = 0;
errout:
	return err;
}

static int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
{
	struct fib_rule_hdr *frh = nlmsg_data(nlh);
	struct fib_rules_ops *ops = NULL;
	struct fib_rule *rule, *r, *last = NULL;
	struct nlattr *tb[FRA_MAX+1];
	int err = -EINVAL, unresolved = 0;

	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
		goto errout;

	ops = lookup_rules_ops(frh->family);
	if (ops == NULL) {
		err = EAFNOSUPPORT;
		goto errout;
	}

	err = nlmsg_parse(nlh, sizeof(*frh), tb, FRA_MAX, ops->policy);
	if (err < 0)
		goto errout;

	err = validate_rulemsg(frh, tb, ops);
	if (err < 0)
		goto errout;

	rule = kzalloc(ops->rule_size, GFP_KERNEL);
	if (rule == NULL) {
		err = -ENOMEM;
		goto errout;
	}

	if (tb[FRA_PRIORITY])
		rule->pref = nla_get_u32(tb[FRA_PRIORITY]);

	if (tb[FRA_IFNAME]) {
		struct net_device *dev;

		rule->ifindex = -1;
		nla_strlcpy(rule->ifname, tb[FRA_IFNAME], IFNAMSIZ);
		dev = __dev_get_by_name(rule->ifname);
		if (dev)
			rule->ifindex = dev->ifindex;
	}

	if (tb[FRA_FWMARK]) {
		rule->mark = nla_get_u32(tb[FRA_FWMARK]);
		if (rule->mark)
			/* compatibility: if the mark value is non-zero all bits
			 * are compared unless a mask is explicitly specified.
			 */
			rule->mark_mask = 0xFFFFFFFF;
	}

	if (tb[FRA_FWMASK])
		rule->mark_mask = nla_get_u32(tb[FRA_FWMASK]);

	rule->action = frh->action;
	rule->flags = frh->flags;
	rule->table = frh_get_table(frh, tb);

	if (!rule->pref && ops->default_pref)
		rule->pref = ops->default_pref();

	err = -EINVAL;
	if (tb[FRA_GOTO]) {
		if (rule->action != FR_ACT_GOTO)
			goto errout_free;

		rule->target = nla_get_u32(tb[FRA_GOTO]);
		/* Backward jumps are prohibited to avoid endless loops */
		if (rule->target <= rule->pref)
			goto errout_free;

		list_for_each_entry(r, ops->rules_list, list) {
			if (r->pref == rule->target) {
				rule->ctarget = r;
				break;
			}
		}

		if (rule->ctarget == NULL)
			unresolved = 1;
	} else if (rule->action == FR_ACT_GOTO)
		goto errout_free;

	err = ops->configure(rule, skb, nlh, frh, tb);
	if (err < 0)
		goto errout_free;

	list_for_each_entry(r, ops->rules_list, list) {
		if (r->pref > rule->pref)
			break;
		last = r;
	}

	fib_rule_get(rule);

	if (ops->unresolved_rules) {
		/*
		 * There are unresolved goto rules in the list, check if
		 * any of them are pointing to this new rule.
		 */
		list_for_each_entry(r, ops->rules_list, list) {
			if (r->action == FR_ACT_GOTO &&
			    r->target == rule->pref) {
				BUG_ON(r->ctarget != NULL);
				rcu_assign_pointer(r->ctarget, rule);
				if (--ops->unresolved_rules == 0)
					break;
			}
		}
	}

	if (rule->action == FR_ACT_GOTO)
		ops->nr_goto_rules++;

	if (unresolved)
		ops->unresolved_rules++;

	if (last)
		list_add_rcu(&rule->list, &last->list);
	else
		list_add_rcu(&rule->list, ops->rules_list);

	notify_rule_change(RTM_NEWRULE, rule, ops, nlh, NETLINK_CB(skb).pid);
	flush_route_cache(ops);
	rules_ops_put(ops);
	return 0;

errout_free:
	kfree(rule);
errout:
	rules_ops_put(ops);
	return err;
}

static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
{
	struct fib_rule_hdr *frh = nlmsg_data(nlh);
	struct fib_rules_ops *ops = NULL;
	struct fib_rule *rule, *tmp;
	struct nlattr *tb[FRA_MAX+1];
	int err = -EINVAL;

	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
		goto errout;

	ops = lookup_rules_ops(frh->family);
	if (ops == NULL) {
		err = EAFNOSUPPORT;
		goto errout;
	}

	err = nlmsg_parse(nlh, sizeof(*frh), tb, FRA_MAX, ops->policy);
	if (err < 0)
		goto errout;

	err = validate_rulemsg(frh, tb, ops);
	if (err < 0)
		goto errout;

	list_for_each_entry(rule, ops->rules_list, list) {
		if (frh->action && (frh->action != rule->action))
			continue;

		if (frh->table && (frh_get_table(frh, tb) != rule->table))
			continue;

		if (tb[FRA_PRIORITY] &&
		    (rule->pref != nla_get_u32(tb[FRA_PRIORITY])))
			continue;

		if (tb[FRA_IFNAME] &&
		    nla_strcmp(tb[FRA_IFNAME], rule->ifname))
			continue;

		if (tb[FRA_FWMARK] &&
		    (rule->mark != nla_get_u32(tb[FRA_FWMARK])))
			continue;

		if (tb[FRA_FWMASK] &&
		    (rule->mark_mask != nla_get_u32(tb[FRA_FWMASK])))
			continue;

		if (!ops->compare(rule, frh, tb))
			continue;

		if (rule->flags & FIB_RULE_PERMANENT) {
			err = -EPERM;
			goto errout;
		}

		list_del_rcu(&rule->list);

		if (rule->action == FR_ACT_GOTO)
			ops->nr_goto_rules--;

		/*
		 * Check if this rule is a target to any of them. If so,
		 * disable them. As this operation is eventually very
		 * expensive, it is only performed if goto rules have
		 * actually been added.
		 */
		if (ops->nr_goto_rules > 0) {
			list_for_each_entry(tmp, ops->rules_list, list) {
				if (tmp->ctarget == rule) {
					rcu_assign_pointer(tmp->ctarget, NULL);
					ops->unresolved_rules++;
				}
			}
		}

		synchronize_rcu();
		notify_rule_change(RTM_DELRULE, rule, ops, nlh,
				   NETLINK_CB(skb).pid);
		fib_rule_put(rule);
		flush_route_cache(ops);
		rules_ops_put(ops);
		return 0;
	}

	err = -ENOENT;
errout:
	rules_ops_put(ops);
	return err;
}

static inline size_t fib_rule_nlmsg_size(struct fib_rules_ops *ops,
					 struct fib_rule *rule)
{
	size_t payload = NLMSG_ALIGN(sizeof(struct fib_rule_hdr))
			 + nla_total_size(IFNAMSIZ) /* FRA_IFNAME */
			 + nla_total_size(4) /* FRA_PRIORITY */
			 + nla_total_size(4) /* FRA_TABLE */
			 + nla_total_size(4) /* FRA_FWMARK */
			 + nla_total_size(4); /* FRA_FWMASK */

	if (ops->nlmsg_payload)
		payload += ops->nlmsg_payload(rule);

	return payload;
}

static int fib_nl_fill_rule(struct sk_buff *skb, struct fib_rule *rule,
			    u32 pid, u32 seq, int type, int flags,
			    struct fib_rules_ops *ops)
{
	struct nlmsghdr *nlh;
	struct fib_rule_hdr *frh;

	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*frh), flags);
	if (nlh == NULL)
		return -EMSGSIZE;

	frh = nlmsg_data(nlh);
	frh->table = rule->table;
	NLA_PUT_U32(skb, FRA_TABLE, rule->table);
	frh->res1 = 0;
	frh->res2 = 0;
	frh->action = rule->action;
	frh->flags = rule->flags;

	if (rule->action == FR_ACT_GOTO && rule->ctarget == NULL)
		frh->flags |= FIB_RULE_UNRESOLVED;

	if (rule->ifname[0]) {
		NLA_PUT_STRING(skb, FRA_IFNAME, rule->ifname);

		if (rule->ifindex == -1)
			frh->flags |= FIB_RULE_DEV_DETACHED;
	}

	if (rule->pref)
		NLA_PUT_U32(skb, FRA_PRIORITY, rule->pref);

	if (rule->mark)
		NLA_PUT_U32(skb, FRA_FWMARK, rule->mark);

	if (rule->mark_mask || rule->mark)
		NLA_PUT_U32(skb, FRA_FWMASK, rule->mark_mask);

	if (rule->target)
		NLA_PUT_U32(skb, FRA_GOTO, rule->target);

	if (ops->fill(rule, skb, nlh, frh) < 0)
		goto nla_put_failure;

	return nlmsg_end(skb, nlh);

nla_put_failure:
	nlmsg_cancel(skb, nlh);
	return -EMSGSIZE;
}

static int dump_rules(struct sk_buff *skb, struct netlink_callback *cb,
		      struct fib_rules_ops *ops)
{
	int idx = 0;
	struct fib_rule *rule;

	list_for_each_entry(rule, ops->rules_list, list) {
		if (idx < cb->args[1])
			goto skip;

		if (fib_nl_fill_rule(skb, rule, NETLINK_CB(cb->skb).pid,
				     cb->nlh->nlmsg_seq, RTM_NEWRULE,
				     NLM_F_MULTI, ops) < 0)
			break;
skip:
		idx++;
	}
	cb->args[1] = idx;
	rules_ops_put(ops);

	return skb->len;
}

static int fib_nl_dumprule(struct sk_buff *skb, struct netlink_callback *cb)
{
	struct fib_rules_ops *ops;
	int idx = 0, family;

	family = rtnl_msg_family(cb->nlh);
	if (family != AF_UNSPEC) {
		/* Protocol specific dump request */
		ops = lookup_rules_ops(family);
		if (ops == NULL)
			return -EAFNOSUPPORT;

		return dump_rules(skb, cb, ops);
	}

	rcu_read_lock();
	list_for_each_entry_rcu(ops, &rules_ops, list) {
		if (idx < cb->args[0] || !try_module_get(ops->owner))
			goto skip;

		if (dump_rules(skb, cb, ops) < 0)
			break;

		cb->args[1] = 0;
	skip:
		idx++;
	}
	rcu_read_unlock();
	cb->args[0] = idx;

	return skb->len;
}

static void notify_rule_change(int event, struct fib_rule *rule,
			       struct fib_rules_ops *ops, struct nlmsghdr *nlh,
			       u32 pid)
{
	struct sk_buff *skb;
	int err = -ENOBUFS;

	skb = nlmsg_new(fib_rule_nlmsg_size(ops, rule), GFP_KERNEL);
	if (skb == NULL)
		goto errout;

	err = fib_nl_fill_rule(skb, rule, pid, nlh->nlmsg_seq, event, 0, ops);
	if (err < 0) {
		/* -EMSGSIZE implies BUG in fib_rule_nlmsg_size() */
		WARN_ON(err == -EMSGSIZE);
		kfree_skb(skb);
		goto errout;
	}
	err = rtnl_notify(skb, pid, ops->nlgroup, nlh, GFP_KERNEL);
errout:
	if (err < 0)
		rtnl_set_sk_err(ops->nlgroup, err);
}

static void attach_rules(struct list_head *rules, struct net_device *dev)
{
	struct fib_rule *rule;

	list_for_each_entry(rule, rules, list) {
		if (rule->ifindex == -1 &&
		    strcmp(dev->name, rule->ifname) == 0)
			rule->ifindex = dev->ifindex;
	}
}

static void detach_rules(struct list_head *rules, struct net_device *dev)
{
	struct fib_rule *rule;

	list_for_each_entry(rule, rules, list)
		if (rule->ifindex == dev->ifindex)
			rule->ifindex = -1;
}


static int fib_rules_event(struct notifier_block *this, unsigned long event,
			    void *ptr)
{
	struct net_device *dev = ptr;
	struct fib_rules_ops *ops;

	if (dev->nd_net != &init_net)
		return NOTIFY_DONE;

	ASSERT_RTNL();
	rcu_read_lock();

	switch (event) {
	case NETDEV_REGISTER:
		list_for_each_entry(ops, &rules_ops, list)
			attach_rules(ops->rules_list, dev);
		break;

	case NETDEV_UNREGISTER:
		list_for_each_entry(ops, &rules_ops, list)
			detach_rules(ops->rules_list, dev);
		break;
	}

	rcu_read_unlock();

	return NOTIFY_DONE;
}

static struct notifier_block fib_rules_notifier = {
	.notifier_call = fib_rules_event,
};

static int __init fib_rules_init(void)
{
	rtnl_register(PF_UNSPEC, RTM_NEWRULE, fib_nl_newrule, NULL);
	rtnl_register(PF_UNSPEC, RTM_DELRULE, fib_nl_delrule, NULL);
	rtnl_register(PF_UNSPEC, RTM_GETRULE, NULL, fib_nl_dumprule);

	return register_netdevice_notifier(&fib_rules_notifier);
}

subsys_initcall(fib_rules_init);
Commit	Line	Data
14c0b97d TG	1	/*
	2	* net/core/fib_rules.c Generic Routing Rules
	3	*
	4	* This program is free software; you can redistribute it and/or
	5	* modify it under the terms of the GNU General Public License as
	6	* published by the Free Software Foundation, version 2.
	7	*
	8	* Authors: Thomas Graf <tgraf@suug.ch>
	9	*/
	10
14c0b97d TG	11	#include <linux/types.h>
	12	#include <linux/kernel.h>
	13	#include <linux/list.h>
e9dc8653	14	#include <net/net_namespace.h>
14c0b97d TG	15	#include <net/fib_rules.h>
	16
	17	static LIST_HEAD(rules_ops);
	18	static DEFINE_SPINLOCK(rules_mod_lock);
	19
	20	static void notify_rule_change(int event, struct fib_rule *rule,
c17084d2 TG	21	struct fib_rules_ops ops, struct nlmsghdr nlh,
c17084d2 TG	22	u32 pid);
14c0b97d TG	23
	24	static struct fib_rules_ops *lookup_rules_ops(int family)
	25	{
	26	struct fib_rules_ops *ops;
	27
	28	rcu_read_lock();
	29	list_for_each_entry_rcu(ops, &rules_ops, list) {
	30	if (ops->family == family) {
	31	if (!try_module_get(ops->owner))
	32	ops = NULL;
	33	rcu_read_unlock();
	34	return ops;
	35	}
	36	}
	37	rcu_read_unlock();
	38
	39	return NULL;
	40	}
	41
	42	static void rules_ops_put(struct fib_rules_ops *ops)
	43	{
	44	if (ops)
	45	module_put(ops->owner);
	46	}
	47
73417f61 TG	48	static void flush_route_cache(struct fib_rules_ops *ops)
	49	{
	50	if (ops->flush_cache)
	51	ops->flush_cache();
	52	}
	53
14c0b97d TG	54	int fib_rules_register(struct fib_rules_ops *ops)
	55	{
	56	int err = -EEXIST;
	57	struct fib_rules_ops *o;
	58
	59	if (ops->rule_size < sizeof(struct fib_rule))
	60	return -EINVAL;
	61
	62	if (ops->match == NULL \|\| ops->configure == NULL \|\|
	63	ops->compare == NULL \|\| ops->fill == NULL \|\|
	64	ops->action == NULL)
	65	return -EINVAL;
	66
	67	spin_lock(&rules_mod_lock);
	68	list_for_each_entry(o, &rules_ops, list)
	69	if (ops->family == o->family)
	70	goto errout;
	71
	72	list_add_tail_rcu(&ops->list, &rules_ops);
	73	err = 0;
	74	errout:
	75	spin_unlock(&rules_mod_lock);
	76
	77	return err;
	78	}
	79
	80	EXPORT_SYMBOL_GPL(fib_rules_register);
	81
	82	static void cleanup_ops(struct fib_rules_ops *ops)
	83	{
	84	struct fib_rule rule, tmp;
	85
	86	list_for_each_entry_safe(rule, tmp, ops->rules_list, list) {
	87	list_del_rcu(&rule->list);
	88	fib_rule_put(rule);
	89	}
	90	}
	91
	92	int fib_rules_unregister(struct fib_rules_ops *ops)
	93	{
	94	int err = 0;
	95	struct fib_rules_ops *o;
	96
	97	spin_lock(&rules_mod_lock);
	98	list_for_each_entry(o, &rules_ops, list) {
	99	if (o == ops) {
	100	list_del_rcu(&o->list);
	101	cleanup_ops(ops);
	102	goto out;
	103	}
	104	}
	105
	106	err = -ENOENT;
	107	out:
	108	spin_unlock(&rules_mod_lock);
	109
	110	synchronize_rcu();
	111
	112	return err;
	113	}
	114
	115	EXPORT_SYMBOL_GPL(fib_rules_unregister);
	116
3dfbcc41 TG	117	static int fib_rule_match(struct fib_rule rule, struct fib_rules_ops ops,
	118	struct flowi *fl, int flags)
	119	{
	120	int ret = 0;
	121
	122	if (rule->ifindex && (rule->ifindex != fl->iif))
	123	goto out;
	124
	125	if ((rule->mark ^ fl->mark) & rule->mark_mask)
	126	goto out;
	127
	128	ret = ops->match(rule, fl, flags);
	129	out:
	130	return (rule->flags & FIB_RULE_INVERT) ? !ret : ret;
	131	}
	132
14c0b97d TG	133	int fib_rules_lookup(struct fib_rules_ops ops, struct flowi fl,
	134	int flags, struct fib_lookup_arg *arg)
	135	{
	136	struct fib_rule *rule;
	137	int err;
	138
	139	rcu_read_lock();
	140
	141	list_for_each_entry_rcu(rule, ops->rules_list, list) {
0947c9fe	142	jumped:
3dfbcc41	143	if (!fib_rule_match(rule, ops, fl, flags))
14c0b97d TG	144	continue;
14c0b97d TG	145
0947c9fe TG	146	if (rule->action == FR_ACT_GOTO) {
	147	struct fib_rule *target;
	148
	149	target = rcu_dereference(rule->ctarget);
	150	if (target == NULL) {
	151	continue;
	152	} else {
	153	rule = target;
	154	goto jumped;
	155	}
fa0b2d1d TG	156	} else if (rule->action == FR_ACT_NOP)
	157	continue;
	158	else
0947c9fe TG	159	err = ops->action(rule, fl, flags, arg);
0947c9fe TG	160
14c0b97d TG	161	if (err != -EAGAIN) {
	162	fib_rule_get(rule);
	163	arg->rule = rule;
	164	goto out;
	165	}
	166	}
	167
83886b6b	168	err = -ESRCH;
14c0b97d TG	169	out:
	170	rcu_read_unlock();
	171
	172	return err;
	173	}
	174
	175	EXPORT_SYMBOL_GPL(fib_rules_lookup);
	176
e1701c68 TG	177	static int validate_rulemsg(struct fib_rule_hdr frh, struct nlattr *tb,
	178	struct fib_rules_ops *ops)
	179	{
	180	int err = -EINVAL;
	181
	182	if (frh->src_len)
	183	if (tb[FRA_SRC] == NULL \|\|
	184	frh->src_len > (ops->addr_size * 8) \|\|
	185	nla_len(tb[FRA_SRC]) != ops->addr_size)
	186	goto errout;
	187
	188	if (frh->dst_len)
	189	if (tb[FRA_DST] == NULL \|\|
	190	frh->dst_len > (ops->addr_size * 8) \|\|
	191	nla_len(tb[FRA_DST]) != ops->addr_size)
	192	goto errout;
	193
	194	err = 0;
	195	errout:
	196	return err;
	197	}
	198
9d9e6a58	199	static int fib_nl_newrule(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
14c0b97d TG	200	{
	201	struct fib_rule_hdr *frh = nlmsg_data(nlh);
	202	struct fib_rules_ops *ops = NULL;
	203	struct fib_rule rule, r, *last = NULL;
	204	struct nlattr *tb[FRA_MAX+1];
0947c9fe	205	int err = -EINVAL, unresolved = 0;
14c0b97d TG	206
	207	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
	208	goto errout;
	209
	210	ops = lookup_rules_ops(frh->family);
	211	if (ops == NULL) {
	212	err = EAFNOSUPPORT;
	213	goto errout;
	214	}
	215
	216	err = nlmsg_parse(nlh, sizeof(*frh), tb, FRA_MAX, ops->policy);
	217	if (err < 0)
	218	goto errout;
	219
e1701c68 TG	220	err = validate_rulemsg(frh, tb, ops);
	221	if (err < 0)
	222	goto errout;
	223
14c0b97d TG	224	rule = kzalloc(ops->rule_size, GFP_KERNEL);
	225	if (rule == NULL) {
	226	err = -ENOMEM;
	227	goto errout;
	228	}
	229
	230	if (tb[FRA_PRIORITY])
	231	rule->pref = nla_get_u32(tb[FRA_PRIORITY]);
	232
	233	if (tb[FRA_IFNAME]) {
	234	struct net_device *dev;
	235
	236	rule->ifindex = -1;
5176f91e	237	nla_strlcpy(rule->ifname, tb[FRA_IFNAME], IFNAMSIZ);
14c0b97d TG	238	dev = __dev_get_by_name(rule->ifname);
	239	if (dev)
	240	rule->ifindex = dev->ifindex;
	241	}
	242
b8964ed9 TG	243	if (tb[FRA_FWMARK]) {
	244	rule->mark = nla_get_u32(tb[FRA_FWMARK]);
	245	if (rule->mark)
	246	/* compatibility: if the mark value is non-zero all bits
	247	* are compared unless a mask is explicitly specified.
	248	*/
	249	rule->mark_mask = 0xFFFFFFFF;
	250	}
	251
	252	if (tb[FRA_FWMASK])
	253	rule->mark_mask = nla_get_u32(tb[FRA_FWMASK]);
	254
14c0b97d TG	255	rule->action = frh->action;
14c0b97d TG	256	rule->flags = frh->flags;
9e762a4a	257	rule->table = frh_get_table(frh, tb);
14c0b97d TG	258
	259	if (!rule->pref && ops->default_pref)
	260	rule->pref = ops->default_pref();
	261
0947c9fe TG	262	err = -EINVAL;
	263	if (tb[FRA_GOTO]) {
	264	if (rule->action != FR_ACT_GOTO)
	265	goto errout_free;
	266
	267	rule->target = nla_get_u32(tb[FRA_GOTO]);
	268	/* Backward jumps are prohibited to avoid endless loops */
	269	if (rule->target <= rule->pref)
	270	goto errout_free;
	271
	272	list_for_each_entry(r, ops->rules_list, list) {
	273	if (r->pref == rule->target) {
	274	rule->ctarget = r;
	275	break;
	276	}
	277	}
	278
	279	if (rule->ctarget == NULL)
	280	unresolved = 1;
	281	} else if (rule->action == FR_ACT_GOTO)
	282	goto errout_free;
	283
14c0b97d TG	284	err = ops->configure(rule, skb, nlh, frh, tb);
	285	if (err < 0)
	286	goto errout_free;
	287
	288	list_for_each_entry(r, ops->rules_list, list) {
	289	if (r->pref > rule->pref)
	290	break;
	291	last = r;
	292	}
	293
	294	fib_rule_get(rule);
	295
0947c9fe TG	296	if (ops->unresolved_rules) {
	297	/*
	298	* There are unresolved goto rules in the list, check if
	299	* any of them are pointing to this new rule.
	300	*/
	301	list_for_each_entry(r, ops->rules_list, list) {
	302	if (r->action == FR_ACT_GOTO &&
	303	r->target == rule->pref) {
	304	BUG_ON(r->ctarget != NULL);
	305	rcu_assign_pointer(r->ctarget, rule);
	306	if (--ops->unresolved_rules == 0)
	307	break;
	308	}
	309	}
	310	}
	311
	312	if (rule->action == FR_ACT_GOTO)
	313	ops->nr_goto_rules++;
	314
	315	if (unresolved)
	316	ops->unresolved_rules++;
	317
14c0b97d TG	318	if (last)
	319	list_add_rcu(&rule->list, &last->list);
	320	else
	321	list_add_rcu(&rule->list, ops->rules_list);
	322
c17084d2	323	notify_rule_change(RTM_NEWRULE, rule, ops, nlh, NETLINK_CB(skb).pid);
73417f61	324	flush_route_cache(ops);
14c0b97d TG	325	rules_ops_put(ops);
	326	return 0;
	327
	328	errout_free:
	329	kfree(rule);
	330	errout:
	331	rules_ops_put(ops);
	332	return err;
	333	}
	334
9d9e6a58	335	static int fib_nl_delrule(struct sk_buff skb, struct nlmsghdr nlh, void *arg)
14c0b97d TG	336	{
	337	struct fib_rule_hdr *frh = nlmsg_data(nlh);
	338	struct fib_rules_ops *ops = NULL;
0947c9fe	339	struct fib_rule rule, tmp;
14c0b97d TG	340	struct nlattr *tb[FRA_MAX+1];
	341	int err = -EINVAL;
	342
	343	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*frh)))
	344	goto errout;
	345
	346	ops = lookup_rules_ops(frh->family);
	347	if (ops == NULL) {
	348	err = EAFNOSUPPORT;
	349	goto errout;
	350	}
	351
	352	err = nlmsg_parse(nlh, sizeof(*frh), tb, FRA_MAX, ops->policy);
	353	if (err < 0)
	354	goto errout;
	355
e1701c68 TG	356	err = validate_rulemsg(frh, tb, ops);
	357	if (err < 0)
	358	goto errout;
	359
14c0b97d TG	360	list_for_each_entry(rule, ops->rules_list, list) {
	361	if (frh->action && (frh->action != rule->action))
	362	continue;
	363
9e762a4a	364	if (frh->table && (frh_get_table(frh, tb) != rule->table))
14c0b97d TG	365	continue;
	366
	367	if (tb[FRA_PRIORITY] &&
	368	(rule->pref != nla_get_u32(tb[FRA_PRIORITY])))
	369	continue;
	370
	371	if (tb[FRA_IFNAME] &&
	372	nla_strcmp(tb[FRA_IFNAME], rule->ifname))
	373	continue;
	374
b8964ed9 TG	375	if (tb[FRA_FWMARK] &&
	376	(rule->mark != nla_get_u32(tb[FRA_FWMARK])))
	377	continue;
	378
	379	if (tb[FRA_FWMASK] &&
	380	(rule->mark_mask != nla_get_u32(tb[FRA_FWMASK])))
	381	continue;
	382
14c0b97d TG	383	if (!ops->compare(rule, frh, tb))
	384	continue;
	385
	386	if (rule->flags & FIB_RULE_PERMANENT) {
	387	err = -EPERM;
	388	goto errout;
	389	}
	390
	391	list_del_rcu(&rule->list);
0947c9fe TG	392
	393	if (rule->action == FR_ACT_GOTO)
	394	ops->nr_goto_rules--;
	395
	396	/*
	397	* Check if this rule is a target to any of them. If so,
	398	* disable them. As this operation is eventually very
	399	* expensive, it is only performed if goto rules have
	400	* actually been added.
	401	*/
	402	if (ops->nr_goto_rules > 0) {
	403	list_for_each_entry(tmp, ops->rules_list, list) {
	404	if (tmp->ctarget == rule) {
	405	rcu_assign_pointer(tmp->ctarget, NULL);
	406	ops->unresolved_rules++;
	407	}
	408	}
	409	}
	410
14c0b97d	411	synchronize_rcu();
c17084d2 TG	412	notify_rule_change(RTM_DELRULE, rule, ops, nlh,
c17084d2 TG	413	NETLINK_CB(skb).pid);
14c0b97d	414	fib_rule_put(rule);
73417f61	415	flush_route_cache(ops);
14c0b97d TG	416	rules_ops_put(ops);
	417	return 0;
	418	}
	419
	420	err = -ENOENT;
	421	errout:
	422	rules_ops_put(ops);
	423	return err;
	424	}
	425
339bf98f TG	426	static inline size_t fib_rule_nlmsg_size(struct fib_rules_ops *ops,
	427	struct fib_rule *rule)
	428	{
	429	size_t payload = NLMSG_ALIGN(sizeof(struct fib_rule_hdr))
	430	+ nla_total_size(IFNAMSIZ) /* FRA_IFNAME */
	431	+ nla_total_size(4) /* FRA_PRIORITY */
	432	+ nla_total_size(4) /* FRA_TABLE */
	433	+ nla_total_size(4) /* FRA_FWMARK */
	434	+ nla_total_size(4); /* FRA_FWMASK */
	435
	436	if (ops->nlmsg_payload)
	437	payload += ops->nlmsg_payload(rule);
	438
	439	return payload;
	440	}
	441
14c0b97d TG	442	static int fib_nl_fill_rule(struct sk_buff skb, struct fib_rule rule,
	443	u32 pid, u32 seq, int type, int flags,
	444	struct fib_rules_ops *ops)
	445	{
	446	struct nlmsghdr *nlh;
	447	struct fib_rule_hdr *frh;
	448
	449	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*frh), flags);
	450	if (nlh == NULL)
26932566	451	return -EMSGSIZE;
14c0b97d TG	452
	453	frh = nlmsg_data(nlh);
	454	frh->table = rule->table;
9e762a4a	455	NLA_PUT_U32(skb, FRA_TABLE, rule->table);
14c0b97d TG	456	frh->res1 = 0;
	457	frh->res2 = 0;
	458	frh->action = rule->action;
	459	frh->flags = rule->flags;
	460
0947c9fe TG	461	if (rule->action == FR_ACT_GOTO && rule->ctarget == NULL)
	462	frh->flags \|= FIB_RULE_UNRESOLVED;
	463
2b443683	464	if (rule->ifname[0]) {
14c0b97d TG	465	NLA_PUT_STRING(skb, FRA_IFNAME, rule->ifname);
14c0b97d TG	466
2b443683 TG	467	if (rule->ifindex == -1)
	468	frh->flags \|= FIB_RULE_DEV_DETACHED;
	469	}
	470
14c0b97d TG	471	if (rule->pref)
	472	NLA_PUT_U32(skb, FRA_PRIORITY, rule->pref);
	473
b8964ed9 TG	474	if (rule->mark)
	475	NLA_PUT_U32(skb, FRA_FWMARK, rule->mark);
	476
	477	if (rule->mark_mask \|\| rule->mark)
	478	NLA_PUT_U32(skb, FRA_FWMASK, rule->mark_mask);
	479
0947c9fe TG	480	if (rule->target)
	481	NLA_PUT_U32(skb, FRA_GOTO, rule->target);
	482
14c0b97d TG	483	if (ops->fill(rule, skb, nlh, frh) < 0)
	484	goto nla_put_failure;
	485
	486	return nlmsg_end(skb, nlh);
	487
	488	nla_put_failure:
26932566 PM	489	nlmsg_cancel(skb, nlh);
26932566 PM	490	return -EMSGSIZE;
14c0b97d TG	491	}
14c0b97d TG	492
c454673d TG	493	static int dump_rules(struct sk_buff skb, struct netlink_callback cb,
c454673d TG	494	struct fib_rules_ops *ops)
14c0b97d TG	495	{
	496	int idx = 0;
	497	struct fib_rule *rule;
14c0b97d	498
6313c1e0	499	list_for_each_entry(rule, ops->rules_list, list) {
c454673d	500	if (idx < cb->args[1])
14c0b97d TG	501	goto skip;
	502
	503	if (fib_nl_fill_rule(skb, rule, NETLINK_CB(cb->skb).pid,
	504	cb->nlh->nlmsg_seq, RTM_NEWRULE,
	505	NLM_F_MULTI, ops) < 0)
	506	break;
	507	skip:
	508	idx++;
	509	}
c454673d	510	cb->args[1] = idx;
14c0b97d TG	511	rules_ops_put(ops);
	512
	513	return skb->len;
	514	}
	515
c454673d TG	516	static int fib_nl_dumprule(struct sk_buff skb, struct netlink_callback cb)
	517	{
	518	struct fib_rules_ops *ops;
	519	int idx = 0, family;
	520
	521	family = rtnl_msg_family(cb->nlh);
	522	if (family != AF_UNSPEC) {
	523	/* Protocol specific dump request */
	524	ops = lookup_rules_ops(family);
	525	if (ops == NULL)
	526	return -EAFNOSUPPORT;
	527
	528	return dump_rules(skb, cb, ops);
	529	}
	530
	531	rcu_read_lock();
	532	list_for_each_entry_rcu(ops, &rules_ops, list) {
	533	if (idx < cb->args[0] \|\| !try_module_get(ops->owner))
	534	goto skip;
	535
	536	if (dump_rules(skb, cb, ops) < 0)
	537	break;
	538
	539	cb->args[1] = 0;
	540	skip:
	541	idx++;
	542	}
	543	rcu_read_unlock();
	544	cb->args[0] = idx;
	545
	546	return skb->len;
	547	}
14c0b97d TG	548
14c0b97d TG	549	static void notify_rule_change(int event, struct fib_rule *rule,
c17084d2 TG	550	struct fib_rules_ops ops, struct nlmsghdr nlh,
c17084d2 TG	551	u32 pid)
14c0b97d	552	{
c17084d2 TG	553	struct sk_buff *skb;
c17084d2 TG	554	int err = -ENOBUFS;
14c0b97d	555
339bf98f	556	skb = nlmsg_new(fib_rule_nlmsg_size(ops, rule), GFP_KERNEL);
14c0b97d	557	if (skb == NULL)
c17084d2 TG	558	goto errout;
	559
	560	err = fib_nl_fill_rule(skb, rule, pid, nlh->nlmsg_seq, event, 0, ops);
26932566 PM	561	if (err < 0) {
	562	/* -EMSGSIZE implies BUG in fib_rule_nlmsg_size() */
	563	WARN_ON(err == -EMSGSIZE);
	564	kfree_skb(skb);
	565	goto errout;
	566	}
c17084d2 TG	567	err = rtnl_notify(skb, pid, ops->nlgroup, nlh, GFP_KERNEL);
	568	errout:
	569	if (err < 0)
	570	rtnl_set_sk_err(ops->nlgroup, err);
14c0b97d TG	571	}
	572
	573	static void attach_rules(struct list_head rules, struct net_device dev)
	574	{
	575	struct fib_rule *rule;
	576
	577	list_for_each_entry(rule, rules, list) {
	578	if (rule->ifindex == -1 &&
	579	strcmp(dev->name, rule->ifname) == 0)
	580	rule->ifindex = dev->ifindex;
	581	}
	582	}
	583
	584	static void detach_rules(struct list_head rules, struct net_device dev)
	585	{
	586	struct fib_rule *rule;
	587
	588	list_for_each_entry(rule, rules, list)
	589	if (rule->ifindex == dev->ifindex)
	590	rule->ifindex = -1;
	591	}
	592
	593
	594	static int fib_rules_event(struct notifier_block *this, unsigned long event,
	595	void *ptr)
	596	{
	597	struct net_device *dev = ptr;
	598	struct fib_rules_ops *ops;
	599
e9dc8653 EB	600	if (dev->nd_net != &init_net)
	601	return NOTIFY_DONE;
	602
14c0b97d TG	603	ASSERT_RTNL();
	604	rcu_read_lock();
	605
	606	switch (event) {
	607	case NETDEV_REGISTER:
	608	list_for_each_entry(ops, &rules_ops, list)
	609	attach_rules(ops->rules_list, dev);
	610	break;
	611
	612	case NETDEV_UNREGISTER:
	613	list_for_each_entry(ops, &rules_ops, list)
	614	detach_rules(ops->rules_list, dev);
	615	break;
	616	}
	617
	618	rcu_read_unlock();
	619
	620	return NOTIFY_DONE;
	621	}
	622
	623	static struct notifier_block fib_rules_notifier = {
	624	.notifier_call = fib_rules_event,
	625	};
	626
	627	static int __init fib_rules_init(void)
	628	{
9d9e6a58 TG	629	rtnl_register(PF_UNSPEC, RTM_NEWRULE, fib_nl_newrule, NULL);
9d9e6a58 TG	630	rtnl_register(PF_UNSPEC, RTM_DELRULE, fib_nl_delrule, NULL);
c454673d	631	rtnl_register(PF_UNSPEC, RTM_GETRULE, NULL, fib_nl_dumprule);
9d9e6a58	632
14c0b97d TG	633	return register_netdevice_notifier(&fib_rules_notifier);
	634	}
	635
	636	subsys_initcall(fib_rules_init);