projects / mirror_ubuntu-hirsute-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
| 77b9900e JP |
2 | /* |
| 3 | * net/sched/cls_flower.c Flower classifier | |
| 4 | * | |
| 5 | * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us> | |
| 77b9900e JP |
6 | */ |
| 7 | ||
| 8 | #include <linux/kernel.h> | |
| 9 | #include <linux/init.h> | |
| 10 | #include <linux/module.h> | |
| 11 | #include <linux/rhashtable.h> | |
| d9363774 | 12 | #include <linux/workqueue.h> |
| 06177558 | 13 | #include <linux/refcount.h> |
| 77b9900e JP |
14 | |
| 15 | #include <linux/if_ether.h> | |
| 16 | #include <linux/in6.h> | |
| 17 | #include <linux/ip.h> | |
| a577d8f7 | 18 | #include <linux/mpls.h> |
| 77b9900e JP |
19 | |
| 20 | #include <net/sch_generic.h> | |
| 21 | #include <net/pkt_cls.h> | |
| 22 | #include <net/ip.h> | |
| 23 | #include <net/flow_dissector.h> | |
| 0a6e7778 | 24 | #include <net/geneve.h> |
| 77b9900e | 25 | |
| bc3103f1 AV |
26 | #include <net/dst.h> |
| 27 | #include <net/dst_metadata.h> | |
| 28 | ||
| e0ace68a PB |
29 | #include <uapi/linux/netfilter/nf_conntrack_common.h> |
| 30 | ||
| 77b9900e | 31 | struct fl_flow_key { |
| 8212ed77 | 32 | struct flow_dissector_key_meta meta; |
| 42aecaa9 | 33 | struct flow_dissector_key_control control; |
| bc3103f1 | 34 | struct flow_dissector_key_control enc_control; |
| 77b9900e JP |
35 | struct flow_dissector_key_basic basic; |
| 36 | struct flow_dissector_key_eth_addrs eth; | |
| 9399ae9a | 37 | struct flow_dissector_key_vlan vlan; |
| d64efd09 | 38 | struct flow_dissector_key_vlan cvlan; |
| 77b9900e | 39 | union { |
| c3f83241 | 40 | struct flow_dissector_key_ipv4_addrs ipv4; |
| 77b9900e JP |
41 | struct flow_dissector_key_ipv6_addrs ipv6; |
| 42 | }; | |
| 43 | struct flow_dissector_key_ports tp; | |
| 7b684884 | 44 | struct flow_dissector_key_icmp icmp; |
| 99d31326 | 45 | struct flow_dissector_key_arp arp; |
| bc3103f1 AV |
46 | struct flow_dissector_key_keyid enc_key_id; |
| 47 | union { | |
| 48 | struct flow_dissector_key_ipv4_addrs enc_ipv4; | |
| 49 | struct flow_dissector_key_ipv6_addrs enc_ipv6; | |
| 50 | }; | |
| f4d997fd | 51 | struct flow_dissector_key_ports enc_tp; |
| a577d8f7 | 52 | struct flow_dissector_key_mpls mpls; |
| fdfc7dd6 | 53 | struct flow_dissector_key_tcp tcp; |
| 4d80cc0a | 54 | struct flow_dissector_key_ip ip; |
| 0e2c17b6 | 55 | struct flow_dissector_key_ip enc_ip; |
| 0a6e7778 | 56 | struct flow_dissector_key_enc_opts enc_opts; |
| 5c72299f AN |
57 | struct flow_dissector_key_ports tp_min; |
| 58 | struct flow_dissector_key_ports tp_max; | |
| e0ace68a | 59 | struct flow_dissector_key_ct ct; |
| 77b9900e JP |
60 | } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ |
| 61 | ||
| 62 | struct fl_flow_mask_range { | |
| 63 | unsigned short int start; | |
| 64 | unsigned short int end; | |
| 65 | }; | |
| 66 | ||
| 67 | struct fl_flow_mask { | |
| 68 | struct fl_flow_key key; | |
| 69 | struct fl_flow_mask_range range; | |
| 5c72299f | 70 | u32 flags; |
| 05cd271f PB |
71 | struct rhash_head ht_node; |
| 72 | struct rhashtable ht; | |
| 73 | struct rhashtable_params filter_ht_params; | |
| 74 | struct flow_dissector dissector; | |
| 75 | struct list_head filters; | |
| 44a5cd43 | 76 | struct rcu_work rwork; |
| 05cd271f | 77 | struct list_head list; |
| f48ef4d5 | 78 | refcount_t refcnt; |
| 77b9900e JP |
79 | }; |
| 80 | ||
| b95ec7eb JP |
81 | struct fl_flow_tmplt { |
| 82 | struct fl_flow_key dummy_key; | |
| 83 | struct fl_flow_key mask; | |
| 84 | struct flow_dissector dissector; | |
| 85 | struct tcf_chain *chain; | |
| 86 | }; | |
| 87 | ||
| 77b9900e JP |
88 | struct cls_fl_head { |
| 89 | struct rhashtable ht; | |
| 259e60f9 | 90 | spinlock_t masks_lock; /* Protect masks list */ |
| 05cd271f | 91 | struct list_head masks; |
| c049d56e | 92 | struct list_head hw_filters; |
| aaa908ff | 93 | struct rcu_work rwork; |
| c15ab236 | 94 | struct idr handle_idr; |
| 77b9900e JP |
95 | }; |
| 96 | ||
| 97 | struct cls_fl_filter { | |
| 05cd271f | 98 | struct fl_flow_mask *mask; |
| 77b9900e JP |
99 | struct rhash_head ht_node; |
| 100 | struct fl_flow_key mkey; | |
| 101 | struct tcf_exts exts; | |
| 102 | struct tcf_result res; | |
| 103 | struct fl_flow_key key; | |
| 104 | struct list_head list; | |
| c049d56e | 105 | struct list_head hw_list; |
| 77b9900e | 106 | u32 handle; |
| e69985c6 | 107 | u32 flags; |
| 86c55361 | 108 | u32 in_hw_count; |
| aaa908ff | 109 | struct rcu_work rwork; |
| 7091d8c7 | 110 | struct net_device *hw_dev; |
| 06177558 VB |
111 | /* Flower classifier is unlocked, which means that its reference counter |
| 112 | * can be changed concurrently without any kind of external | |
| 113 | * synchronization. Use atomic reference counter to be concurrency-safe. | |
| 114 | */ | |
| 115 | refcount_t refcnt; | |
| b2552b8c | 116 | bool deleted; |
| 77b9900e JP |
117 | }; |
| 118 | ||
| 05cd271f PB |
119 | static const struct rhashtable_params mask_ht_params = { |
| 120 | .key_offset = offsetof(struct fl_flow_mask, key), | |
| 121 | .key_len = sizeof(struct fl_flow_key), | |
| 122 | .head_offset = offsetof(struct fl_flow_mask, ht_node), | |
| 123 | .automatic_shrinking = true, | |
| 124 | }; | |
| 125 | ||
| 77b9900e JP |
126 | static unsigned short int fl_mask_range(const struct fl_flow_mask *mask) |
| 127 | { | |
| 128 | return mask->range.end - mask->range.start; | |
| 129 | } | |
| 130 | ||
| 131 | static void fl_mask_update_range(struct fl_flow_mask *mask) | |
| 132 | { | |
| 133 | const u8 *bytes = (const u8 *) &mask->key; | |
| 134 | size_t size = sizeof(mask->key); | |
| 05cd271f | 135 | size_t i, first = 0, last; |
| 77b9900e | 136 | |
| 05cd271f PB |
137 | for (i = 0; i < size; i++) { |
| 138 | if (bytes[i]) { | |
| 139 | first = i; | |
| 140 | break; | |
| 141 | } | |
| 142 | } | |
| 143 | last = first; | |
| 144 | for (i = size - 1; i != first; i--) { | |
| 77b9900e | 145 | if (bytes[i]) { |
| 77b9900e | 146 | last = i; |
| 05cd271f | 147 | break; |
| 77b9900e JP |
148 | } |
| 149 | } | |
| 150 | mask->range.start = rounddown(first, sizeof(long)); | |
| 151 | mask->range.end = roundup(last + 1, sizeof(long)); | |
| 152 | } | |
| 153 | ||
| 154 | static void *fl_key_get_start(struct fl_flow_key *key, | |
| 155 | const struct fl_flow_mask *mask) | |
| 156 | { | |
| 157 | return (u8 *) key + mask->range.start; | |
| 158 | } | |
| 159 | ||
| 160 | static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key, | |
| 161 | struct fl_flow_mask *mask) | |
| 162 | { | |
| 163 | const long *lkey = fl_key_get_start(key, mask); | |
| 164 | const long *lmask = fl_key_get_start(&mask->key, mask); | |
| 165 | long *lmkey = fl_key_get_start(mkey, mask); | |
| 166 | int i; | |
| 167 | ||
| 168 | for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) | |
| 169 | *lmkey++ = *lkey++ & *lmask++; | |
| 170 | } | |
| 171 | ||
| b95ec7eb JP |
172 | static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt, |
| 173 | struct fl_flow_mask *mask) | |
| 174 | { | |
| 175 | const long *lmask = fl_key_get_start(&mask->key, mask); | |
| 176 | const long *ltmplt; | |
| 177 | int i; | |
| 178 | ||
| 179 | if (!tmplt) | |
| 180 | return true; | |
| 181 | ltmplt = fl_key_get_start(&tmplt->mask, mask); | |
| 182 | for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) { | |
| 183 | if (~*ltmplt++ & *lmask++) | |
| 184 | return false; | |
| 185 | } | |
| 186 | return true; | |
| 187 | } | |
| 188 | ||
| 77b9900e JP |
189 | static void fl_clear_masked_range(struct fl_flow_key *key, |
| 190 | struct fl_flow_mask *mask) | |
| 191 | { | |
| 192 | memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask)); | |
| 193 | } | |
| 194 | ||
| 5c72299f AN |
195 | static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter, |
| 196 | struct fl_flow_key *key, | |
| 197 | struct fl_flow_key *mkey) | |
| 198 | { | |
| 199 | __be16 min_mask, max_mask, min_val, max_val; | |
| 200 | ||
| 201 | min_mask = htons(filter->mask->key.tp_min.dst); | |
| 202 | max_mask = htons(filter->mask->key.tp_max.dst); | |
| 203 | min_val = htons(filter->key.tp_min.dst); | |
| 204 | max_val = htons(filter->key.tp_max.dst); | |
| 205 | ||
| 206 | if (min_mask && max_mask) { | |
| 207 | if (htons(key->tp.dst) < min_val || | |
| 208 | htons(key->tp.dst) > max_val) | |
| 209 | return false; | |
| 210 | ||
| 211 | /* skb does not have min and max values */ | |
| 212 | mkey->tp_min.dst = filter->mkey.tp_min.dst; | |
| 213 | mkey->tp_max.dst = filter->mkey.tp_max.dst; | |
| 214 | } | |
| 215 | return true; | |
| 216 | } | |
| 217 | ||
| 218 | static bool fl_range_port_src_cmp(struct cls_fl_filter *filter, | |
| 219 | struct fl_flow_key *key, | |
| 220 | struct fl_flow_key *mkey) | |
| 221 | { | |
| 222 | __be16 min_mask, max_mask, min_val, max_val; | |
| 223 | ||
| 224 | min_mask = htons(filter->mask->key.tp_min.src); | |
| 225 | max_mask = htons(filter->mask->key.tp_max.src); | |
| 226 | min_val = htons(filter->key.tp_min.src); | |
| 227 | max_val = htons(filter->key.tp_max.src); | |
| 228 | ||
| 229 | if (min_mask && max_mask) { | |
| 230 | if (htons(key->tp.src) < min_val || | |
| 231 | htons(key->tp.src) > max_val) | |
| 232 | return false; | |
| 233 | ||
| 234 | /* skb does not have min and max values */ | |
| 235 | mkey->tp_min.src = filter->mkey.tp_min.src; | |
| 236 | mkey->tp_max.src = filter->mkey.tp_max.src; | |
| 237 | } | |
| 238 | return true; | |
| 239 | } | |
| 240 | ||
| 241 | static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask, | |
| 242 | struct fl_flow_key *mkey) | |
| a3308d8f | 243 | { |
| 05cd271f PB |
244 | return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask), |
| 245 | mask->filter_ht_params); | |
| a3308d8f PB |
246 | } |
| 247 | ||
| 5c72299f AN |
248 | static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask, |
| 249 | struct fl_flow_key *mkey, | |
| 250 | struct fl_flow_key *key) | |
| 251 | { | |
| 252 | struct cls_fl_filter *filter, *f; | |
| 253 | ||
| 254 | list_for_each_entry_rcu(filter, &mask->filters, list) { | |
| 255 | if (!fl_range_port_dst_cmp(filter, key, mkey)) | |
| 256 | continue; | |
| 257 | ||
| 258 | if (!fl_range_port_src_cmp(filter, key, mkey)) | |
| 259 | continue; | |
| 260 | ||
| 261 | f = __fl_lookup(mask, mkey); | |
| 262 | if (f) | |
| 263 | return f; | |
| 264 | } | |
| 265 | return NULL; | |
| 266 | } | |
| 267 | ||
| 268 | static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask, | |
| 269 | struct fl_flow_key *mkey, | |
| 270 | struct fl_flow_key *key) | |
| 271 | { | |
| 272 | if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE)) | |
| 273 | return fl_lookup_range(mask, mkey, key); | |
| 274 | ||
| 275 | return __fl_lookup(mask, mkey); | |
| 276 | } | |
| 277 | ||
| e0ace68a PB |
278 | static u16 fl_ct_info_to_flower_map[] = { |
| 279 | [IP_CT_ESTABLISHED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 280 | TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED, | |
| 281 | [IP_CT_RELATED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 282 | TCA_FLOWER_KEY_CT_FLAGS_RELATED, | |
| 283 | [IP_CT_ESTABLISHED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 284 | TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED, | |
| 285 | [IP_CT_RELATED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 286 | TCA_FLOWER_KEY_CT_FLAGS_RELATED, | |
| 287 | [IP_CT_NEW] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 288 | TCA_FLOWER_KEY_CT_FLAGS_NEW, | |
| 289 | }; | |
| 290 | ||
| 77b9900e JP |
291 | static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp, |
| 292 | struct tcf_result *res) | |
| 293 | { | |
| 294 | struct cls_fl_head *head = rcu_dereference_bh(tp->root); | |
| 77b9900e | 295 | struct fl_flow_key skb_mkey; |
| e0ace68a PB |
296 | struct fl_flow_key skb_key; |
| 297 | struct fl_flow_mask *mask; | |
| 298 | struct cls_fl_filter *f; | |
| 77b9900e | 299 | |
| 05cd271f PB |
300 | list_for_each_entry_rcu(mask, &head->masks, list) { |
| 301 | fl_clear_masked_range(&skb_key, mask); | |
| bc3103f1 | 302 | |
| 8212ed77 | 303 | skb_flow_dissect_meta(skb, &mask->dissector, &skb_key); |
| 05cd271f PB |
304 | /* skb_flow_dissect() does not set n_proto in case an unknown |
| 305 | * protocol, so do it rather here. | |
| 306 | */ | |
| 307 | skb_key.basic.n_proto = skb->protocol; | |
| 308 | skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key); | |
| e0ace68a PB |
309 | skb_flow_dissect_ct(skb, &mask->dissector, &skb_key, |
| 310 | fl_ct_info_to_flower_map, | |
| 311 | ARRAY_SIZE(fl_ct_info_to_flower_map)); | |
| 05cd271f | 312 | skb_flow_dissect(skb, &mask->dissector, &skb_key, 0); |
| 77b9900e | 313 | |
| 05cd271f | 314 | fl_set_masked_key(&skb_mkey, &skb_key, mask); |
| 77b9900e | 315 | |
| 5c72299f | 316 | f = fl_lookup(mask, &skb_mkey, &skb_key); |
| 05cd271f PB |
317 | if (f && !tc_skip_sw(f->flags)) { |
| 318 | *res = f->res; | |
| 319 | return tcf_exts_exec(skb, &f->exts, res); | |
| 320 | } | |
| 77b9900e JP |
321 | } |
| 322 | return -1; | |
| 323 | } | |
| 324 | ||
| 325 | static int fl_init(struct tcf_proto *tp) | |
| 326 | { | |
| 327 | struct cls_fl_head *head; | |
| 328 | ||
| 329 | head = kzalloc(sizeof(*head), GFP_KERNEL); | |
| 330 | if (!head) | |
| 331 | return -ENOBUFS; | |
| 332 | ||
| 259e60f9 | 333 | spin_lock_init(&head->masks_lock); |
| 05cd271f | 334 | INIT_LIST_HEAD_RCU(&head->masks); |
| c049d56e | 335 | INIT_LIST_HEAD(&head->hw_filters); |
| 77b9900e | 336 | rcu_assign_pointer(tp->root, head); |
| c15ab236 | 337 | idr_init(&head->handle_idr); |
| 77b9900e | 338 | |
| 05cd271f PB |
339 | return rhashtable_init(&head->ht, &mask_ht_params); |
| 340 | } | |
| 341 | ||
| 99815f50 | 342 | static void fl_mask_free(struct fl_flow_mask *mask, bool mask_init_done) |
| 44a5cd43 | 343 | { |
| 99815f50 VB |
344 | /* temporary masks don't have their filters list and ht initialized */ |
| 345 | if (mask_init_done) { | |
| 346 | WARN_ON(!list_empty(&mask->filters)); | |
| 347 | rhashtable_destroy(&mask->ht); | |
| 348 | } | |
| 44a5cd43 PA |
349 | kfree(mask); |
| 350 | } | |
| 351 | ||
| 352 | static void fl_mask_free_work(struct work_struct *work) | |
| 353 | { | |
| 354 | struct fl_flow_mask *mask = container_of(to_rcu_work(work), | |
| 355 | struct fl_flow_mask, rwork); | |
| 356 | ||
| 99815f50 VB |
357 | fl_mask_free(mask, true); |
| 358 | } | |
| 359 | ||
| 360 | static void fl_uninit_mask_free_work(struct work_struct *work) | |
| 361 | { | |
| 362 | struct fl_flow_mask *mask = container_of(to_rcu_work(work), | |
| 363 | struct fl_flow_mask, rwork); | |
| 364 | ||
| 365 | fl_mask_free(mask, false); | |
| 44a5cd43 PA |
366 | } |
| 367 | ||
| 9994677c | 368 | static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask) |
| 05cd271f | 369 | { |
| f48ef4d5 | 370 | if (!refcount_dec_and_test(&mask->refcnt)) |
| 05cd271f PB |
371 | return false; |
| 372 | ||
| 373 | rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params); | |
| 259e60f9 VB |
374 | |
| 375 | spin_lock(&head->masks_lock); | |
| 05cd271f | 376 | list_del_rcu(&mask->list); |
| 259e60f9 VB |
377 | spin_unlock(&head->masks_lock); |
| 378 | ||
| 9994677c | 379 | tcf_queue_work(&mask->rwork, fl_mask_free_work); |
| 05cd271f PB |
380 | |
| 381 | return true; | |
| 77b9900e JP |
382 | } |
| 383 | ||
| c049d56e VB |
384 | static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp) |
| 385 | { | |
| 386 | /* Flower classifier only changes root pointer during init and destroy. | |
| 387 | * Users must obtain reference to tcf_proto instance before calling its | |
| 388 | * API, so tp->root pointer is protected from concurrent call to | |
| 389 | * fl_destroy() by reference counting. | |
| 390 | */ | |
| 391 | return rcu_dereference_raw(tp->root); | |
| 392 | } | |
| 393 | ||
| 0dadc117 CW |
394 | static void __fl_destroy_filter(struct cls_fl_filter *f) |
| 395 | { | |
| 396 | tcf_exts_destroy(&f->exts); | |
| 397 | tcf_exts_put_net(&f->exts); | |
| 398 | kfree(f); | |
| 399 | } | |
| 400 | ||
| 0552c8af | 401 | static void fl_destroy_filter_work(struct work_struct *work) |
| 77b9900e | 402 | { |
| aaa908ff CW |
403 | struct cls_fl_filter *f = container_of(to_rcu_work(work), |
| 404 | struct cls_fl_filter, rwork); | |
| 77b9900e | 405 | |
| 0dadc117 | 406 | __fl_destroy_filter(f); |
| 0552c8af CW |
407 | } |
| 408 | ||
| 1b0f8037 | 409 | static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f, |
| c24e43d8 | 410 | bool rtnl_held, struct netlink_ext_ack *extack) |
| 5b33f488 | 411 | { |
| 208c0f4b | 412 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 413 | struct flow_cls_offload cls_flower = {}; |
| 5b33f488 | 414 | |
| d6787147 | 415 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack); |
| f9e30088 | 416 | cls_flower.command = FLOW_CLS_DESTROY; |
| de4784ca | 417 | cls_flower.cookie = (unsigned long) f; |
| 5b33f488 | 418 | |
| 40119211 | 419 | tc_setup_cb_destroy(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, false, |
| 918190f5 | 420 | &f->flags, &f->in_hw_count, rtnl_held); |
| c24e43d8 | 421 | |
| 5b33f488 AV |
422 | } |
| 423 | ||
| e8eb36cd | 424 | static int fl_hw_replace_filter(struct tcf_proto *tp, |
| c24e43d8 | 425 | struct cls_fl_filter *f, bool rtnl_held, |
| 41002038 | 426 | struct netlink_ext_ack *extack) |
| 5b33f488 | 427 | { |
| 208c0f4b | 428 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 429 | struct flow_cls_offload cls_flower = {}; |
| 717503b9 | 430 | bool skip_sw = tc_skip_sw(f->flags); |
| c24e43d8 VB |
431 | int err = 0; |
| 432 | ||
| e3ab786b | 433 | cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts)); |
| 918190f5 VB |
434 | if (!cls_flower.rule) |
| 435 | return -ENOMEM; | |
| 8f256622 | 436 | |
| d6787147 | 437 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack); |
| f9e30088 | 438 | cls_flower.command = FLOW_CLS_REPLACE; |
| de4784ca | 439 | cls_flower.cookie = (unsigned long) f; |
| 8f256622 PNA |
440 | cls_flower.rule->match.dissector = &f->mask->dissector; |
| 441 | cls_flower.rule->match.mask = &f->mask->key; | |
| 442 | cls_flower.rule->match.key = &f->mkey; | |
| 384c181e | 443 | cls_flower.classid = f->res.classid; |
| 5b33f488 | 444 | |
| 9838b20a | 445 | err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts, |
| 918190f5 | 446 | rtnl_held); |
| 3a7b6861 PNA |
447 | if (err) { |
| 448 | kfree(cls_flower.rule); | |
| 918190f5 | 449 | if (skip_sw) { |
| 1f15bb4f | 450 | NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action"); |
| 918190f5 VB |
451 | return err; |
| 452 | } | |
| 453 | return 0; | |
| 3a7b6861 PNA |
454 | } |
| 455 | ||
| 40119211 | 456 | err = tc_setup_cb_add(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, |
| 918190f5 | 457 | skip_sw, &f->flags, &f->in_hw_count, rtnl_held); |
| 5a6ff4b1 | 458 | tc_cleanup_flow_action(&cls_flower.rule->action); |
| 8f256622 PNA |
459 | kfree(cls_flower.rule); |
| 460 | ||
| 40119211 | 461 | if (err) { |
| 918190f5 VB |
462 | fl_hw_destroy_filter(tp, f, rtnl_held, NULL); |
| 463 | return err; | |
| 717503b9 JP |
464 | } |
| 465 | ||
| 918190f5 VB |
466 | if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW)) |
| 467 | return -EINVAL; | |
| c24e43d8 | 468 | |
| 918190f5 | 469 | return 0; |
| 5b33f488 AV |
470 | } |
| 471 | ||
| c24e43d8 VB |
472 | static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f, |
| 473 | bool rtnl_held) | |
| 10cbc684 | 474 | { |
| 208c0f4b | 475 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 476 | struct flow_cls_offload cls_flower = {}; |
| 10cbc684 | 477 | |
| d6787147 | 478 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL); |
| f9e30088 | 479 | cls_flower.command = FLOW_CLS_STATS; |
| de4784ca | 480 | cls_flower.cookie = (unsigned long) f; |
| 384c181e | 481 | cls_flower.classid = f->res.classid; |
| 10cbc684 | 482 | |
| 918190f5 VB |
483 | tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, |
| 484 | rtnl_held); | |
| 3b1903ef PNA |
485 | |
| 486 | tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes, | |
| 487 | cls_flower.stats.pkts, | |
| 488 | cls_flower.stats.lastused); | |
| 10cbc684 AV |
489 | } |
| 490 | ||
| 06177558 VB |
491 | static void __fl_put(struct cls_fl_filter *f) |
| 492 | { | |
| 493 | if (!refcount_dec_and_test(&f->refcnt)) | |
| 494 | return; | |
| 495 | ||
| 496 | if (tcf_exts_get_net(&f->exts)) | |
| 497 | tcf_queue_work(&f->rwork, fl_destroy_filter_work); | |
| 498 | else | |
| 499 | __fl_destroy_filter(f); | |
| 500 | } | |
| 501 | ||
| 502 | static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle) | |
| 503 | { | |
| 504 | struct cls_fl_filter *f; | |
| 505 | ||
| 506 | rcu_read_lock(); | |
| 507 | f = idr_find(&head->handle_idr, handle); | |
| 508 | if (f && !refcount_inc_not_zero(&f->refcnt)) | |
| 509 | f = NULL; | |
| 510 | rcu_read_unlock(); | |
| 511 | ||
| 512 | return f; | |
| 513 | } | |
| 514 | ||
| b2552b8c | 515 | static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f, |
| c24e43d8 VB |
516 | bool *last, bool rtnl_held, |
| 517 | struct netlink_ext_ack *extack) | |
| 13fa876e | 518 | { |
| e474619a | 519 | struct cls_fl_head *head = fl_head_dereference(tp); |
| c15ab236 | 520 | |
| b2552b8c VB |
521 | *last = false; |
| 522 | ||
| 3d81e711 VB |
523 | spin_lock(&tp->lock); |
| 524 | if (f->deleted) { | |
| 525 | spin_unlock(&tp->lock); | |
| b2552b8c | 526 | return -ENOENT; |
| 3d81e711 | 527 | } |
| b2552b8c VB |
528 | |
| 529 | f->deleted = true; | |
| 530 | rhashtable_remove_fast(&f->mask->ht, &f->ht_node, | |
| 531 | f->mask->filter_ht_params); | |
| 9c160941 | 532 | idr_remove(&head->handle_idr, f->handle); |
| 13fa876e | 533 | list_del_rcu(&f->list); |
| 3d81e711 VB |
534 | spin_unlock(&tp->lock); |
| 535 | ||
| 9994677c | 536 | *last = fl_mask_put(head, f->mask); |
| 79685219 | 537 | if (!tc_skip_hw(f->flags)) |
| c24e43d8 | 538 | fl_hw_destroy_filter(tp, f, rtnl_held, extack); |
| 13fa876e | 539 | tcf_unbind_filter(tp, &f->res); |
| 06177558 | 540 | __fl_put(f); |
| 05cd271f | 541 | |
| b2552b8c | 542 | return 0; |
| 13fa876e RD |
543 | } |
| 544 | ||
| d9363774 DB |
545 | static void fl_destroy_sleepable(struct work_struct *work) |
| 546 | { | |
| aaa908ff CW |
547 | struct cls_fl_head *head = container_of(to_rcu_work(work), |
| 548 | struct cls_fl_head, | |
| 549 | rwork); | |
| de9dc650 PB |
550 | |
| 551 | rhashtable_destroy(&head->ht); | |
| d9363774 DB |
552 | kfree(head); |
| 553 | module_put(THIS_MODULE); | |
| 554 | } | |
| 555 | ||
| 12db03b6 VB |
556 | static void fl_destroy(struct tcf_proto *tp, bool rtnl_held, |
| 557 | struct netlink_ext_ack *extack) | |
| 77b9900e | 558 | { |
| e474619a | 559 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 05cd271f | 560 | struct fl_flow_mask *mask, *next_mask; |
| 77b9900e | 561 | struct cls_fl_filter *f, *next; |
| b2552b8c | 562 | bool last; |
| 77b9900e | 563 | |
| 05cd271f PB |
564 | list_for_each_entry_safe(mask, next_mask, &head->masks, list) { |
| 565 | list_for_each_entry_safe(f, next, &mask->filters, list) { | |
| c24e43d8 | 566 | __fl_delete(tp, f, &last, rtnl_held, extack); |
| b2552b8c | 567 | if (last) |
| 05cd271f PB |
568 | break; |
| 569 | } | |
| 570 | } | |
| c15ab236 | 571 | idr_destroy(&head->handle_idr); |
| d9363774 DB |
572 | |
| 573 | __module_get(THIS_MODULE); | |
| aaa908ff | 574 | tcf_queue_work(&head->rwork, fl_destroy_sleepable); |
| 77b9900e JP |
575 | } |
| 576 | ||
| 06177558 VB |
577 | static void fl_put(struct tcf_proto *tp, void *arg) |
| 578 | { | |
| 579 | struct cls_fl_filter *f = arg; | |
| 580 | ||
| 581 | __fl_put(f); | |
| 582 | } | |
| 583 | ||
| 8113c095 | 584 | static void *fl_get(struct tcf_proto *tp, u32 handle) |
| 77b9900e | 585 | { |
| e474619a | 586 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 77b9900e | 587 | |
| 06177558 | 588 | return __fl_get(head, handle); |
| 77b9900e JP |
589 | } |
| 590 | ||
| 591 | static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = { | |
| 592 | [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC }, | |
| 593 | [TCA_FLOWER_CLASSID] = { .type = NLA_U32 }, | |
| 594 | [TCA_FLOWER_INDEV] = { .type = NLA_STRING, | |
| 595 | .len = IFNAMSIZ }, | |
| 596 | [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN }, | |
| 597 | [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN }, | |
| 598 | [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN }, | |
| 599 | [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN }, | |
| 600 | [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 }, | |
| 601 | [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 }, | |
| 602 | [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 }, | |
| 603 | [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 }, | |
| 604 | [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 }, | |
| 605 | [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 }, | |
| 606 | [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, | |
| 607 | [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, | |
| 608 | [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) }, | |
| 609 | [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, | |
| 610 | [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 }, | |
| 611 | [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 }, | |
| b175c3a4 JHS |
612 | [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 }, |
| 613 | [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 }, | |
| 9399ae9a HHZ |
614 | [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 }, |
| 615 | [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 }, | |
| 616 | [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 }, | |
| bc3103f1 AV |
617 | [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 }, |
| 618 | [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 }, | |
| 619 | [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 }, | |
| 620 | [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 }, | |
| 621 | [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 }, | |
| 622 | [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, | |
| 623 | [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, | |
| 624 | [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) }, | |
| 625 | [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, | |
| aa72d708 OG |
626 | [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 }, |
| 627 | [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 }, | |
| 628 | [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 }, | |
| 629 | [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 }, | |
| 5976c5f4 SH |
630 | [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 }, |
| 631 | [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 }, | |
| 632 | [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 }, | |
| 633 | [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 }, | |
| f4d997fd HHZ |
634 | [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 }, |
| 635 | [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 }, | |
| 636 | [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 }, | |
| 637 | [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 }, | |
| faa3ffce OG |
638 | [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 }, |
| 639 | [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 }, | |
| 7b684884 SH |
640 | [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 }, |
| 641 | [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 }, | |
| 642 | [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 }, | |
| 643 | [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 }, | |
| 644 | [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 }, | |
| 645 | [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 }, | |
| 646 | [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 }, | |
| 647 | [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 }, | |
| 99d31326 SH |
648 | [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 }, |
| 649 | [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 }, | |
| 650 | [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 }, | |
| 651 | [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 }, | |
| 652 | [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 }, | |
| 653 | [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 }, | |
| 654 | [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN }, | |
| 655 | [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN }, | |
| 656 | [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN }, | |
| 657 | [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN }, | |
| a577d8f7 BL |
658 | [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 }, |
| 659 | [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 }, | |
| 660 | [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 }, | |
| 661 | [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 }, | |
| fdfc7dd6 JP |
662 | [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 }, |
| 663 | [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 }, | |
| 4d80cc0a OG |
664 | [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 }, |
| 665 | [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 }, | |
| 666 | [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 }, | |
| 667 | [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 }, | |
| d64efd09 JL |
668 | [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 }, |
| 669 | [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 }, | |
| 670 | [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 }, | |
| 0e2c17b6 OG |
671 | [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 }, |
| 672 | [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 }, | |
| 673 | [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 }, | |
| 674 | [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 }, | |
| 0a6e7778 PJV |
675 | [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED }, |
| 676 | [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED }, | |
| e0ace68a PB |
677 | [TCA_FLOWER_KEY_CT_STATE] = { .type = NLA_U16 }, |
| 678 | [TCA_FLOWER_KEY_CT_STATE_MASK] = { .type = NLA_U16 }, | |
| 679 | [TCA_FLOWER_KEY_CT_ZONE] = { .type = NLA_U16 }, | |
| 680 | [TCA_FLOWER_KEY_CT_ZONE_MASK] = { .type = NLA_U16 }, | |
| 681 | [TCA_FLOWER_KEY_CT_MARK] = { .type = NLA_U32 }, | |
| 682 | [TCA_FLOWER_KEY_CT_MARK_MASK] = { .type = NLA_U32 }, | |
| 683 | [TCA_FLOWER_KEY_CT_LABELS] = { .type = NLA_BINARY, | |
| 684 | .len = 128 / BITS_PER_BYTE }, | |
| 685 | [TCA_FLOWER_KEY_CT_LABELS_MASK] = { .type = NLA_BINARY, | |
| 686 | .len = 128 / BITS_PER_BYTE }, | |
| 0a6e7778 PJV |
687 | }; |
| 688 | ||
| 689 | static const struct nla_policy | |
| 690 | enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = { | |
| 691 | [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED }, | |
| 692 | }; | |
| 693 | ||
| 694 | static const struct nla_policy | |
| 695 | geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = { | |
| 696 | [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 }, | |
| 697 | [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 }, | |
| 698 | [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY, | |
| 699 | .len = 128 }, | |
| 77b9900e JP |
700 | }; |
| 701 | ||
| 702 | static void fl_set_key_val(struct nlattr **tb, | |
| 703 | void *val, int val_type, | |
| 704 | void *mask, int mask_type, int len) | |
| 705 | { | |
| 706 | if (!tb[val_type]) | |
| 707 | return; | |
| e0ace68a | 708 | nla_memcpy(val, tb[val_type], len); |
| 77b9900e JP |
709 | if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type]) |
| 710 | memset(mask, 0xff, len); | |
| 711 | else | |
| e0ace68a | 712 | nla_memcpy(mask, tb[mask_type], len); |
| 77b9900e JP |
713 | } |
| 714 | ||
| 5c72299f AN |
715 | static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key, |
| 716 | struct fl_flow_key *mask) | |
| 717 | { | |
| 718 | fl_set_key_val(tb, &key->tp_min.dst, | |
| 719 | TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_min.dst, | |
| 720 | TCA_FLOWER_UNSPEC, sizeof(key->tp_min.dst)); | |
| 721 | fl_set_key_val(tb, &key->tp_max.dst, | |
| 722 | TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_max.dst, | |
| 723 | TCA_FLOWER_UNSPEC, sizeof(key->tp_max.dst)); | |
| 724 | fl_set_key_val(tb, &key->tp_min.src, | |
| 725 | TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_min.src, | |
| 726 | TCA_FLOWER_UNSPEC, sizeof(key->tp_min.src)); | |
| 727 | fl_set_key_val(tb, &key->tp_max.src, | |
| 728 | TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_max.src, | |
| 729 | TCA_FLOWER_UNSPEC, sizeof(key->tp_max.src)); | |
| 730 | ||
| 731 | if ((mask->tp_min.dst && mask->tp_max.dst && | |
| 732 | htons(key->tp_max.dst) <= htons(key->tp_min.dst)) || | |
| 733 | (mask->tp_min.src && mask->tp_max.src && | |
| 734 | htons(key->tp_max.src) <= htons(key->tp_min.src))) | |
| 735 | return -EINVAL; | |
| 736 | ||
| 737 | return 0; | |
| 738 | } | |
| 739 | ||
| 1a7fca63 BL |
740 | static int fl_set_key_mpls(struct nlattr **tb, |
| 741 | struct flow_dissector_key_mpls *key_val, | |
| 742 | struct flow_dissector_key_mpls *key_mask) | |
| a577d8f7 BL |
743 | { |
| 744 | if (tb[TCA_FLOWER_KEY_MPLS_TTL]) { | |
| 745 | key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]); | |
| 746 | key_mask->mpls_ttl = MPLS_TTL_MASK; | |
| 747 | } | |
| 748 | if (tb[TCA_FLOWER_KEY_MPLS_BOS]) { | |
| 1a7fca63 BL |
749 | u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]); |
| 750 | ||
| 751 | if (bos & ~MPLS_BOS_MASK) | |
| 752 | return -EINVAL; | |
| 753 | key_val->mpls_bos = bos; | |
| a577d8f7 BL |
754 | key_mask->mpls_bos = MPLS_BOS_MASK; |
| 755 | } | |
| 756 | if (tb[TCA_FLOWER_KEY_MPLS_TC]) { | |
| 1a7fca63 BL |
757 | u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]); |
| 758 | ||
| 759 | if (tc & ~MPLS_TC_MASK) | |
| 760 | return -EINVAL; | |
| 761 | key_val->mpls_tc = tc; | |
| a577d8f7 BL |
762 | key_mask->mpls_tc = MPLS_TC_MASK; |
| 763 | } | |
| 764 | if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) { | |
| 1a7fca63 BL |
765 | u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]); |
| 766 | ||
| 767 | if (label & ~MPLS_LABEL_MASK) | |
| 768 | return -EINVAL; | |
| 769 | key_val->mpls_label = label; | |
| a577d8f7 BL |
770 | key_mask->mpls_label = MPLS_LABEL_MASK; |
| 771 | } | |
| 1a7fca63 | 772 | return 0; |
| a577d8f7 BL |
773 | } |
| 774 | ||
| 9399ae9a | 775 | static void fl_set_key_vlan(struct nlattr **tb, |
| aaab0834 | 776 | __be16 ethertype, |
| d64efd09 | 777 | int vlan_id_key, int vlan_prio_key, |
| 9399ae9a HHZ |
778 | struct flow_dissector_key_vlan *key_val, |
| 779 | struct flow_dissector_key_vlan *key_mask) | |
| 780 | { | |
| 781 | #define VLAN_PRIORITY_MASK 0x7 | |
| 782 | ||
| d64efd09 | 783 | if (tb[vlan_id_key]) { |
| 9399ae9a | 784 | key_val->vlan_id = |
| d64efd09 | 785 | nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK; |
| 9399ae9a HHZ |
786 | key_mask->vlan_id = VLAN_VID_MASK; |
| 787 | } | |
| d64efd09 | 788 | if (tb[vlan_prio_key]) { |
| 9399ae9a | 789 | key_val->vlan_priority = |
| d64efd09 | 790 | nla_get_u8(tb[vlan_prio_key]) & |
| 9399ae9a HHZ |
791 | VLAN_PRIORITY_MASK; |
| 792 | key_mask->vlan_priority = VLAN_PRIORITY_MASK; | |
| 793 | } | |
| aaab0834 JL |
794 | key_val->vlan_tpid = ethertype; |
| 795 | key_mask->vlan_tpid = cpu_to_be16(~0); | |
| 9399ae9a HHZ |
796 | } |
| 797 | ||
| faa3ffce OG |
798 | static void fl_set_key_flag(u32 flower_key, u32 flower_mask, |
| 799 | u32 *dissector_key, u32 *dissector_mask, | |
| 800 | u32 flower_flag_bit, u32 dissector_flag_bit) | |
| 801 | { | |
| 802 | if (flower_mask & flower_flag_bit) { | |
| 803 | *dissector_mask |= dissector_flag_bit; | |
| 804 | if (flower_key & flower_flag_bit) | |
| 805 | *dissector_key |= dissector_flag_bit; | |
| 806 | } | |
| 807 | } | |
| 808 | ||
| d9724772 OG |
809 | static int fl_set_key_flags(struct nlattr **tb, |
| 810 | u32 *flags_key, u32 *flags_mask) | |
| faa3ffce OG |
811 | { |
| 812 | u32 key, mask; | |
| 813 | ||
| d9724772 OG |
814 | /* mask is mandatory for flags */ |
| 815 | if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) | |
| 816 | return -EINVAL; | |
| faa3ffce OG |
817 | |
| 818 | key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS])); | |
| d9724772 | 819 | mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK])); |
| faa3ffce OG |
820 | |
| 821 | *flags_key = 0; | |
| 822 | *flags_mask = 0; | |
| 823 | ||
| 824 | fl_set_key_flag(key, mask, flags_key, flags_mask, | |
| 825 | TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); | |
| 459d153d PJV |
826 | fl_set_key_flag(key, mask, flags_key, flags_mask, |
| 827 | TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, | |
| 828 | FLOW_DIS_FIRST_FRAG); | |
| d9724772 OG |
829 | |
| 830 | return 0; | |
| faa3ffce OG |
831 | } |
| 832 | ||
| 0e2c17b6 | 833 | static void fl_set_key_ip(struct nlattr **tb, bool encap, |
| 4d80cc0a OG |
834 | struct flow_dissector_key_ip *key, |
| 835 | struct flow_dissector_key_ip *mask) | |
| 836 | { | |
| 0e2c17b6 OG |
837 | int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS; |
| 838 | int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL; | |
| 839 | int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK; | |
| 840 | int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK; | |
| 4d80cc0a | 841 | |
| 0e2c17b6 OG |
842 | fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)); |
| 843 | fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)); | |
| 4d80cc0a OG |
844 | } |
| 845 | ||
| 0a6e7778 PJV |
846 | static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key, |
| 847 | int depth, int option_len, | |
| 848 | struct netlink_ext_ack *extack) | |
| 849 | { | |
| 850 | struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1]; | |
| 851 | struct nlattr *class = NULL, *type = NULL, *data = NULL; | |
| 852 | struct geneve_opt *opt; | |
| 853 | int err, data_len = 0; | |
| 854 | ||
| 855 | if (option_len > sizeof(struct geneve_opt)) | |
| 856 | data_len = option_len - sizeof(struct geneve_opt); | |
| 857 | ||
| 858 | opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len]; | |
| 859 | memset(opt, 0xff, option_len); | |
| 860 | opt->length = data_len / 4; | |
| 861 | opt->r1 = 0; | |
| 862 | opt->r2 = 0; | |
| 863 | opt->r3 = 0; | |
| 864 | ||
| 865 | /* If no mask has been prodived we assume an exact match. */ | |
| 866 | if (!depth) | |
| 867 | return sizeof(struct geneve_opt) + data_len; | |
| 868 | ||
| 869 | if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) { | |
| 870 | NL_SET_ERR_MSG(extack, "Non-geneve option type for mask"); | |
| 871 | return -EINVAL; | |
| 872 | } | |
| 873 | ||
| 8cb08174 JB |
874 | err = nla_parse_nested_deprecated(tb, |
| 875 | TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX, | |
| 876 | nla, geneve_opt_policy, extack); | |
| 0a6e7778 PJV |
877 | if (err < 0) |
| 878 | return err; | |
| 879 | ||
| 880 | /* We are not allowed to omit any of CLASS, TYPE or DATA | |
| 881 | * fields from the key. | |
| 882 | */ | |
| 883 | if (!option_len && | |
| 884 | (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] || | |
| 885 | !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] || | |
| 886 | !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) { | |
| 887 | NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data"); | |
| 888 | return -EINVAL; | |
| 889 | } | |
| 890 | ||
| 891 | /* Omitting any of CLASS, TYPE or DATA fields is allowed | |
| 892 | * for the mask. | |
| 893 | */ | |
| 894 | if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) { | |
| 895 | int new_len = key->enc_opts.len; | |
| 896 | ||
| 897 | data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]; | |
| 898 | data_len = nla_len(data); | |
| 899 | if (data_len < 4) { | |
| 900 | NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long"); | |
| 901 | return -ERANGE; | |
| 902 | } | |
| 903 | if (data_len % 4) { | |
| 904 | NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long"); | |
| 905 | return -ERANGE; | |
| 906 | } | |
| 907 | ||
| 908 | new_len += sizeof(struct geneve_opt) + data_len; | |
| 909 | BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX); | |
| 910 | if (new_len > FLOW_DIS_TUN_OPTS_MAX) { | |
| 911 | NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size"); | |
| 912 | return -ERANGE; | |
| 913 | } | |
| 914 | opt->length = data_len / 4; | |
| 915 | memcpy(opt->opt_data, nla_data(data), data_len); | |
| 916 | } | |
| 917 | ||
| 918 | if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) { | |
| 919 | class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]; | |
| 920 | opt->opt_class = nla_get_be16(class); | |
| 921 | } | |
| 922 | ||
| 923 | if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) { | |
| 924 | type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]; | |
| 925 | opt->type = nla_get_u8(type); | |
| 926 | } | |
| 927 | ||
| 928 | return sizeof(struct geneve_opt) + data_len; | |
| 929 | } | |
| 930 | ||
| 931 | static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key, | |
| 932 | struct fl_flow_key *mask, | |
| 933 | struct netlink_ext_ack *extack) | |
| 934 | { | |
| 935 | const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL; | |
| 63c82997 JK |
936 | int err, option_len, key_depth, msk_depth = 0; |
| 937 | ||
| 8cb08174 JB |
938 | err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS], |
| 939 | TCA_FLOWER_KEY_ENC_OPTS_MAX, | |
| 940 | enc_opts_policy, extack); | |
| 63c82997 JK |
941 | if (err) |
| 942 | return err; | |
| 0a6e7778 PJV |
943 | |
| 944 | nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]); | |
| 945 | ||
| 946 | if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) { | |
| 8cb08174 JB |
947 | err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK], |
| 948 | TCA_FLOWER_KEY_ENC_OPTS_MAX, | |
| 949 | enc_opts_policy, extack); | |
| 63c82997 JK |
950 | if (err) |
| 951 | return err; | |
| 952 | ||
| 0a6e7778 PJV |
953 | nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]); |
| 954 | msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]); | |
| 955 | } | |
| 956 | ||
| 957 | nla_for_each_attr(nla_opt_key, nla_enc_key, | |
| 958 | nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) { | |
| 959 | switch (nla_type(nla_opt_key)) { | |
| 960 | case TCA_FLOWER_KEY_ENC_OPTS_GENEVE: | |
| 961 | option_len = 0; | |
| 962 | key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT; | |
| 963 | option_len = fl_set_geneve_opt(nla_opt_key, key, | |
| 964 | key_depth, option_len, | |
| 965 | extack); | |
| 966 | if (option_len < 0) | |
| 967 | return option_len; | |
| 968 | ||
| 969 | key->enc_opts.len += option_len; | |
| 970 | /* At the same time we need to parse through the mask | |
| 971 | * in order to verify exact and mask attribute lengths. | |
| 972 | */ | |
| 973 | mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT; | |
| 974 | option_len = fl_set_geneve_opt(nla_opt_msk, mask, | |
| 975 | msk_depth, option_len, | |
| 976 | extack); | |
| 977 | if (option_len < 0) | |
| 978 | return option_len; | |
| 979 | ||
| 980 | mask->enc_opts.len += option_len; | |
| 981 | if (key->enc_opts.len != mask->enc_opts.len) { | |
| 982 | NL_SET_ERR_MSG(extack, "Key and mask miss aligned"); | |
| 983 | return -EINVAL; | |
| 984 | } | |
| 985 | ||
| 986 | if (msk_depth) | |
| 987 | nla_opt_msk = nla_next(nla_opt_msk, &msk_depth); | |
| 988 | break; | |
| 989 | default: | |
| 990 | NL_SET_ERR_MSG(extack, "Unknown tunnel option type"); | |
| 991 | return -EINVAL; | |
| 992 | } | |
| 993 | } | |
| 994 | ||
| 995 | return 0; | |
| 996 | } | |
| 997 | ||
| e0ace68a PB |
998 | static int fl_set_key_ct(struct nlattr **tb, |
| 999 | struct flow_dissector_key_ct *key, | |
| 1000 | struct flow_dissector_key_ct *mask, | |
| 1001 | struct netlink_ext_ack *extack) | |
| 1002 | { | |
| 1003 | if (tb[TCA_FLOWER_KEY_CT_STATE]) { | |
| 1004 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK)) { | |
| 1005 | NL_SET_ERR_MSG(extack, "Conntrack isn't enabled"); | |
| 1006 | return -EOPNOTSUPP; | |
| 1007 | } | |
| 1008 | fl_set_key_val(tb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE, | |
| 1009 | &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK, | |
| 1010 | sizeof(key->ct_state)); | |
| 1011 | } | |
| 1012 | if (tb[TCA_FLOWER_KEY_CT_ZONE]) { | |
| 1013 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)) { | |
| 1014 | NL_SET_ERR_MSG(extack, "Conntrack zones isn't enabled"); | |
| 1015 | return -EOPNOTSUPP; | |
| 1016 | } | |
| 1017 | fl_set_key_val(tb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE, | |
| 1018 | &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK, | |
| 1019 | sizeof(key->ct_zone)); | |
| 1020 | } | |
| 1021 | if (tb[TCA_FLOWER_KEY_CT_MARK]) { | |
| 1022 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)) { | |
| 1023 | NL_SET_ERR_MSG(extack, "Conntrack mark isn't enabled"); | |
| 1024 | return -EOPNOTSUPP; | |
| 1025 | } | |
| 1026 | fl_set_key_val(tb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK, | |
| 1027 | &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK, | |
| 1028 | sizeof(key->ct_mark)); | |
| 1029 | } | |
| 1030 | if (tb[TCA_FLOWER_KEY_CT_LABELS]) { | |
| 1031 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS)) { | |
| 1032 | NL_SET_ERR_MSG(extack, "Conntrack labels aren't enabled"); | |
| 1033 | return -EOPNOTSUPP; | |
| 1034 | } | |
| 1035 | fl_set_key_val(tb, key->ct_labels, TCA_FLOWER_KEY_CT_LABELS, | |
| 1036 | mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK, | |
| 1037 | sizeof(key->ct_labels)); | |
| 1038 | } | |
| 1039 | ||
| 1040 | return 0; | |
| 1041 | } | |
| 1042 | ||
| 77b9900e | 1043 | static int fl_set_key(struct net *net, struct nlattr **tb, |
| 1057c55f AA |
1044 | struct fl_flow_key *key, struct fl_flow_key *mask, |
| 1045 | struct netlink_ext_ack *extack) | |
| 77b9900e | 1046 | { |
| 9399ae9a | 1047 | __be16 ethertype; |
| d9724772 | 1048 | int ret = 0; |
| a5148626 | 1049 | |
| 77b9900e | 1050 | if (tb[TCA_FLOWER_INDEV]) { |
| 1057c55f | 1051 | int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack); |
| 77b9900e JP |
1052 | if (err < 0) |
| 1053 | return err; | |
| 8212ed77 JP |
1054 | key->meta.ingress_ifindex = err; |
| 1055 | mask->meta.ingress_ifindex = 0xffffffff; | |
| 77b9900e JP |
1056 | } |
| 1057 | ||
| 1058 | fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, | |
| 1059 | mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, | |
| 1060 | sizeof(key->eth.dst)); | |
| 1061 | fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, | |
| 1062 | mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, | |
| 1063 | sizeof(key->eth.src)); | |
| 66530bdf | 1064 | |
| 0b498a52 | 1065 | if (tb[TCA_FLOWER_KEY_ETH_TYPE]) { |
| 9399ae9a HHZ |
1066 | ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]); |
| 1067 | ||
| aaab0834 | 1068 | if (eth_type_vlan(ethertype)) { |
| d64efd09 JL |
1069 | fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID, |
| 1070 | TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, | |
| 1071 | &mask->vlan); | |
| 1072 | ||
| 5e9a0fe4 JL |
1073 | if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) { |
| 1074 | ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]); | |
| 1075 | if (eth_type_vlan(ethertype)) { | |
| 1076 | fl_set_key_vlan(tb, ethertype, | |
| 1077 | TCA_FLOWER_KEY_CVLAN_ID, | |
| 1078 | TCA_FLOWER_KEY_CVLAN_PRIO, | |
| 1079 | &key->cvlan, &mask->cvlan); | |
| 1080 | fl_set_key_val(tb, &key->basic.n_proto, | |
| 1081 | TCA_FLOWER_KEY_CVLAN_ETH_TYPE, | |
| 1082 | &mask->basic.n_proto, | |
| 1083 | TCA_FLOWER_UNSPEC, | |
| 1084 | sizeof(key->basic.n_proto)); | |
| 1085 | } else { | |
| 1086 | key->basic.n_proto = ethertype; | |
| 1087 | mask->basic.n_proto = cpu_to_be16(~0); | |
| 1088 | } | |
| d64efd09 | 1089 | } |
| 0b498a52 AB |
1090 | } else { |
| 1091 | key->basic.n_proto = ethertype; | |
| 1092 | mask->basic.n_proto = cpu_to_be16(~0); | |
| 1093 | } | |
| 9399ae9a | 1094 | } |
| 66530bdf | 1095 | |
| 77b9900e JP |
1096 | if (key->basic.n_proto == htons(ETH_P_IP) || |
| 1097 | key->basic.n_proto == htons(ETH_P_IPV6)) { | |
| 1098 | fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, | |
| 1099 | &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, | |
| 1100 | sizeof(key->basic.ip_proto)); | |
| 0e2c17b6 | 1101 | fl_set_key_ip(tb, false, &key->ip, &mask->ip); |
| 77b9900e | 1102 | } |
| 66530bdf JHS |
1103 | |
| 1104 | if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) { | |
| 1105 | key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; | |
| 970bfcd0 | 1106 | mask->control.addr_type = ~0; |
| 77b9900e JP |
1107 | fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, |
| 1108 | &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, | |
| 1109 | sizeof(key->ipv4.src)); | |
| 1110 | fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, | |
| 1111 | &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, | |
| 1112 | sizeof(key->ipv4.dst)); | |
| 66530bdf JHS |
1113 | } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) { |
| 1114 | key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; | |
| 970bfcd0 | 1115 | mask->control.addr_type = ~0; |
| 77b9900e JP |
1116 | fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, |
| 1117 | &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, | |
| 1118 | sizeof(key->ipv6.src)); | |
| 1119 | fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, | |
| 1120 | &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, | |
| 1121 | sizeof(key->ipv6.dst)); | |
| 1122 | } | |
| 66530bdf | 1123 | |
| 77b9900e JP |
1124 | if (key->basic.ip_proto == IPPROTO_TCP) { |
| 1125 | fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, | |
| aa72d708 | 1126 | &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, |
| 77b9900e JP |
1127 | sizeof(key->tp.src)); |
| 1128 | fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, | |
| aa72d708 | 1129 | &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, |
| 77b9900e | 1130 | sizeof(key->tp.dst)); |
| fdfc7dd6 JP |
1131 | fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, |
| 1132 | &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, | |
| 1133 | sizeof(key->tcp.flags)); | |
| 77b9900e JP |
1134 | } else if (key->basic.ip_proto == IPPROTO_UDP) { |
| 1135 | fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, | |
| aa72d708 | 1136 | &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, |
| 77b9900e JP |
1137 | sizeof(key->tp.src)); |
| 1138 | fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, | |
| aa72d708 | 1139 | &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, |
| 77b9900e | 1140 | sizeof(key->tp.dst)); |
| 5976c5f4 SH |
1141 | } else if (key->basic.ip_proto == IPPROTO_SCTP) { |
| 1142 | fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, | |
| 1143 | &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, | |
| 1144 | sizeof(key->tp.src)); | |
| 1145 | fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, | |
| 1146 | &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, | |
| 1147 | sizeof(key->tp.dst)); | |
| 7b684884 SH |
1148 | } else if (key->basic.n_proto == htons(ETH_P_IP) && |
| 1149 | key->basic.ip_proto == IPPROTO_ICMP) { | |
| 1150 | fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE, | |
| 1151 | &mask->icmp.type, | |
| 1152 | TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, | |
| 1153 | sizeof(key->icmp.type)); | |
| 1154 | fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE, | |
| 1155 | &mask->icmp.code, | |
| 1156 | TCA_FLOWER_KEY_ICMPV4_CODE_MASK, | |
| 1157 | sizeof(key->icmp.code)); | |
| 1158 | } else if (key->basic.n_proto == htons(ETH_P_IPV6) && | |
| 1159 | key->basic.ip_proto == IPPROTO_ICMPV6) { | |
| 1160 | fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE, | |
| 1161 | &mask->icmp.type, | |
| 1162 | TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, | |
| 1163 | sizeof(key->icmp.type)); | |
| 040587af | 1164 | fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE, |
| 7b684884 | 1165 | &mask->icmp.code, |
| 040587af | 1166 | TCA_FLOWER_KEY_ICMPV6_CODE_MASK, |
| 7b684884 | 1167 | sizeof(key->icmp.code)); |
| a577d8f7 BL |
1168 | } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) || |
| 1169 | key->basic.n_proto == htons(ETH_P_MPLS_MC)) { | |
| 1a7fca63 BL |
1170 | ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls); |
| 1171 | if (ret) | |
| 1172 | return ret; | |
| 99d31326 SH |
1173 | } else if (key->basic.n_proto == htons(ETH_P_ARP) || |
| 1174 | key->basic.n_proto == htons(ETH_P_RARP)) { | |
| 1175 | fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP, | |
| 1176 | &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK, | |
| 1177 | sizeof(key->arp.sip)); | |
| 1178 | fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP, | |
| 1179 | &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK, | |
| 1180 | sizeof(key->arp.tip)); | |
| 1181 | fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP, | |
| 1182 | &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK, | |
| 1183 | sizeof(key->arp.op)); | |
| 1184 | fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, | |
| 1185 | mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, | |
| 1186 | sizeof(key->arp.sha)); | |
| 1187 | fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, | |
| 1188 | mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, | |
| 1189 | sizeof(key->arp.tha)); | |
| 77b9900e JP |
1190 | } |
| 1191 | ||
| 5c72299f AN |
1192 | if (key->basic.ip_proto == IPPROTO_TCP || |
| 1193 | key->basic.ip_proto == IPPROTO_UDP || | |
| 1194 | key->basic.ip_proto == IPPROTO_SCTP) { | |
| 1195 | ret = fl_set_key_port_range(tb, key, mask); | |
| 1196 | if (ret) | |
| 1197 | return ret; | |
| 1198 | } | |
| 1199 | ||
| bc3103f1 AV |
1200 | if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] || |
| 1201 | tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) { | |
| 1202 | key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; | |
| 970bfcd0 | 1203 | mask->enc_control.addr_type = ~0; |
| bc3103f1 AV |
1204 | fl_set_key_val(tb, &key->enc_ipv4.src, |
| 1205 | TCA_FLOWER_KEY_ENC_IPV4_SRC, | |
| 1206 | &mask->enc_ipv4.src, | |
| 1207 | TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, | |
| 1208 | sizeof(key->enc_ipv4.src)); | |
| 1209 | fl_set_key_val(tb, &key->enc_ipv4.dst, | |
| 1210 | TCA_FLOWER_KEY_ENC_IPV4_DST, | |
| 1211 | &mask->enc_ipv4.dst, | |
| 1212 | TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, | |
| 1213 | sizeof(key->enc_ipv4.dst)); | |
| 1214 | } | |
| 1215 | ||
| 1216 | if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] || | |
| 1217 | tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) { | |
| 1218 | key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; | |
| 970bfcd0 | 1219 | mask->enc_control.addr_type = ~0; |
| bc3103f1 AV |
1220 | fl_set_key_val(tb, &key->enc_ipv6.src, |
| 1221 | TCA_FLOWER_KEY_ENC_IPV6_SRC, | |
| 1222 | &mask->enc_ipv6.src, | |
| 1223 | TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, | |
| 1224 | sizeof(key->enc_ipv6.src)); | |
| 1225 | fl_set_key_val(tb, &key->enc_ipv6.dst, | |
| 1226 | TCA_FLOWER_KEY_ENC_IPV6_DST, | |
| 1227 | &mask->enc_ipv6.dst, | |
| 1228 | TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, | |
| 1229 | sizeof(key->enc_ipv6.dst)); | |
| 1230 | } | |
| 1231 | ||
| 1232 | fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID, | |
| eb523f42 | 1233 | &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC, |
| bc3103f1 AV |
1234 | sizeof(key->enc_key_id.keyid)); |
| 1235 | ||
| f4d997fd HHZ |
1236 | fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, |
| 1237 | &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, | |
| 1238 | sizeof(key->enc_tp.src)); | |
| 1239 | ||
| 1240 | fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, | |
| 1241 | &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, | |
| 1242 | sizeof(key->enc_tp.dst)); | |
| 1243 | ||
| 0e2c17b6 OG |
1244 | fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip); |
| 1245 | ||
| 0a6e7778 PJV |
1246 | if (tb[TCA_FLOWER_KEY_ENC_OPTS]) { |
| 1247 | ret = fl_set_enc_opt(tb, key, mask, extack); | |
| 1248 | if (ret) | |
| 1249 | return ret; | |
| 1250 | } | |
| 1251 | ||
| e0ace68a PB |
1252 | ret = fl_set_key_ct(tb, &key->ct, &mask->ct, extack); |
| 1253 | if (ret) | |
| 1254 | return ret; | |
| 1255 | ||
| d9724772 OG |
1256 | if (tb[TCA_FLOWER_KEY_FLAGS]) |
| 1257 | ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags); | |
| faa3ffce | 1258 | |
| d9724772 | 1259 | return ret; |
| 77b9900e JP |
1260 | } |
| 1261 | ||
| 05cd271f PB |
1262 | static void fl_mask_copy(struct fl_flow_mask *dst, |
| 1263 | struct fl_flow_mask *src) | |
| 77b9900e | 1264 | { |
| 05cd271f PB |
1265 | const void *psrc = fl_key_get_start(&src->key, src); |
| 1266 | void *pdst = fl_key_get_start(&dst->key, src); | |
| 77b9900e | 1267 | |
| 05cd271f PB |
1268 | memcpy(pdst, psrc, fl_mask_range(src)); |
| 1269 | dst->range = src->range; | |
| 77b9900e JP |
1270 | } |
| 1271 | ||
| 1272 | static const struct rhashtable_params fl_ht_params = { | |
| 1273 | .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */ | |
| 1274 | .head_offset = offsetof(struct cls_fl_filter, ht_node), | |
| 1275 | .automatic_shrinking = true, | |
| 1276 | }; | |
| 1277 | ||
| 05cd271f | 1278 | static int fl_init_mask_hashtable(struct fl_flow_mask *mask) |
| 77b9900e | 1279 | { |
| 05cd271f PB |
1280 | mask->filter_ht_params = fl_ht_params; |
| 1281 | mask->filter_ht_params.key_len = fl_mask_range(mask); | |
| 1282 | mask->filter_ht_params.key_offset += mask->range.start; | |
| 77b9900e | 1283 | |
| 05cd271f | 1284 | return rhashtable_init(&mask->ht, &mask->filter_ht_params); |
| 77b9900e JP |
1285 | } |
| 1286 | ||
| 1287 | #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member) | |
| cb205a81 | 1288 | #define FL_KEY_MEMBER_SIZE(member) FIELD_SIZEOF(struct fl_flow_key, member) |
| 77b9900e | 1289 | |
| 339ba878 HHZ |
1290 | #define FL_KEY_IS_MASKED(mask, member) \ |
| 1291 | memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \ | |
| 1292 | 0, FL_KEY_MEMBER_SIZE(member)) \ | |
| 77b9900e JP |
1293 | |
| 1294 | #define FL_KEY_SET(keys, cnt, id, member) \ | |
| 1295 | do { \ | |
| 1296 | keys[cnt].key_id = id; \ | |
| 1297 | keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \ | |
| 1298 | cnt++; \ | |
| 1299 | } while(0); | |
| 1300 | ||
| 339ba878 | 1301 | #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \ |
| 77b9900e | 1302 | do { \ |
| 339ba878 | 1303 | if (FL_KEY_IS_MASKED(mask, member)) \ |
| 77b9900e JP |
1304 | FL_KEY_SET(keys, cnt, id, member); \ |
| 1305 | } while(0); | |
| 1306 | ||
| 33fb5cba JP |
1307 | static void fl_init_dissector(struct flow_dissector *dissector, |
| 1308 | struct fl_flow_key *mask) | |
| 77b9900e JP |
1309 | { |
| 1310 | struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX]; | |
| 1311 | size_t cnt = 0; | |
| 1312 | ||
| 8212ed77 JP |
1313 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 1314 | FLOW_DISSECTOR_KEY_META, meta); | |
| 42aecaa9 | 1315 | FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control); |
| 77b9900e | 1316 | FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic); |
| 33fb5cba | 1317 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 339ba878 | 1318 | FLOW_DISSECTOR_KEY_ETH_ADDRS, eth); |
| 33fb5cba | 1319 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 339ba878 | 1320 | FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4); |
| 33fb5cba | 1321 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 339ba878 | 1322 | FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6); |
| 5c72299f AN |
1323 | if (FL_KEY_IS_MASKED(mask, tp) || |
| 1324 | FL_KEY_IS_MASKED(mask, tp_min) || FL_KEY_IS_MASKED(mask, tp_max)) | |
| 1325 | FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_PORTS, tp); | |
| 33fb5cba | 1326 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 4d80cc0a | 1327 | FLOW_DISSECTOR_KEY_IP, ip); |
| 33fb5cba | 1328 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| fdfc7dd6 | 1329 | FLOW_DISSECTOR_KEY_TCP, tcp); |
| 33fb5cba | 1330 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 7b684884 | 1331 | FLOW_DISSECTOR_KEY_ICMP, icmp); |
| 33fb5cba | 1332 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 99d31326 | 1333 | FLOW_DISSECTOR_KEY_ARP, arp); |
| 33fb5cba | 1334 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| a577d8f7 | 1335 | FLOW_DISSECTOR_KEY_MPLS, mpls); |
| 33fb5cba | 1336 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 9399ae9a | 1337 | FLOW_DISSECTOR_KEY_VLAN, vlan); |
| 33fb5cba | 1338 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| d64efd09 | 1339 | FLOW_DISSECTOR_KEY_CVLAN, cvlan); |
| 33fb5cba | 1340 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 519d1052 | 1341 | FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id); |
| 33fb5cba | 1342 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 519d1052 | 1343 | FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4); |
| 33fb5cba | 1344 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 519d1052 | 1345 | FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6); |
| 33fb5cba JP |
1346 | if (FL_KEY_IS_MASKED(mask, enc_ipv4) || |
| 1347 | FL_KEY_IS_MASKED(mask, enc_ipv6)) | |
| 519d1052 HHZ |
1348 | FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL, |
| 1349 | enc_control); | |
| 33fb5cba | 1350 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| f4d997fd | 1351 | FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp); |
| 33fb5cba | 1352 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 0e2c17b6 | 1353 | FLOW_DISSECTOR_KEY_ENC_IP, enc_ip); |
| 0a6e7778 PJV |
1354 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 1355 | FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts); | |
| e0ace68a PB |
1356 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 1357 | FLOW_DISSECTOR_KEY_CT, ct); | |
| 77b9900e | 1358 | |
| 33fb5cba | 1359 | skb_flow_dissector_init(dissector, keys, cnt); |
| 05cd271f PB |
1360 | } |
| 1361 | ||
| 1362 | static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head, | |
| 1363 | struct fl_flow_mask *mask) | |
| 1364 | { | |
| 1365 | struct fl_flow_mask *newmask; | |
| 1366 | int err; | |
| 1367 | ||
| 1368 | newmask = kzalloc(sizeof(*newmask), GFP_KERNEL); | |
| 1369 | if (!newmask) | |
| 1370 | return ERR_PTR(-ENOMEM); | |
| 1371 | ||
| 1372 | fl_mask_copy(newmask, mask); | |
| 1373 | ||
| 5c72299f AN |
1374 | if ((newmask->key.tp_min.dst && newmask->key.tp_max.dst) || |
| 1375 | (newmask->key.tp_min.src && newmask->key.tp_max.src)) | |
| 1376 | newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE; | |
| 1377 | ||
| 05cd271f PB |
1378 | err = fl_init_mask_hashtable(newmask); |
| 1379 | if (err) | |
| 1380 | goto errout_free; | |
| 1381 | ||
| 33fb5cba | 1382 | fl_init_dissector(&newmask->dissector, &newmask->key); |
| 05cd271f PB |
1383 | |
| 1384 | INIT_LIST_HEAD_RCU(&newmask->filters); | |
| 1385 | ||
| f48ef4d5 | 1386 | refcount_set(&newmask->refcnt, 1); |
| 195c234d VB |
1387 | err = rhashtable_replace_fast(&head->ht, &mask->ht_node, |
| 1388 | &newmask->ht_node, mask_ht_params); | |
| 05cd271f PB |
1389 | if (err) |
| 1390 | goto errout_destroy; | |
| 1391 | ||
| 259e60f9 | 1392 | spin_lock(&head->masks_lock); |
| 05cd271f | 1393 | list_add_tail_rcu(&newmask->list, &head->masks); |
| 259e60f9 | 1394 | spin_unlock(&head->masks_lock); |
| 05cd271f PB |
1395 | |
| 1396 | return newmask; | |
| 1397 | ||
| 1398 | errout_destroy: | |
| 1399 | rhashtable_destroy(&newmask->ht); | |
| 1400 | errout_free: | |
| 1401 | kfree(newmask); | |
| 1402 | ||
| 1403 | return ERR_PTR(err); | |
| 77b9900e JP |
1404 | } |
| 1405 | ||
| 1406 | static int fl_check_assign_mask(struct cls_fl_head *head, | |
| 05cd271f PB |
1407 | struct cls_fl_filter *fnew, |
| 1408 | struct cls_fl_filter *fold, | |
| 77b9900e JP |
1409 | struct fl_flow_mask *mask) |
| 1410 | { | |
| 05cd271f | 1411 | struct fl_flow_mask *newmask; |
| f48ef4d5 | 1412 | int ret = 0; |
| 77b9900e | 1413 | |
| f48ef4d5 | 1414 | rcu_read_lock(); |
| 195c234d VB |
1415 | |
| 1416 | /* Insert mask as temporary node to prevent concurrent creation of mask | |
| 1417 | * with same key. Any concurrent lookups with same key will return | |
| 99815f50 | 1418 | * -EAGAIN because mask's refcnt is zero. |
| 195c234d VB |
1419 | */ |
| 1420 | fnew->mask = rhashtable_lookup_get_insert_fast(&head->ht, | |
| 1421 | &mask->ht_node, | |
| 1422 | mask_ht_params); | |
| 05cd271f | 1423 | if (!fnew->mask) { |
| f48ef4d5 VB |
1424 | rcu_read_unlock(); |
| 1425 | ||
| 195c234d VB |
1426 | if (fold) { |
| 1427 | ret = -EINVAL; | |
| 1428 | goto errout_cleanup; | |
| 1429 | } | |
| 77b9900e | 1430 | |
| 05cd271f | 1431 | newmask = fl_create_new_mask(head, mask); |
| 195c234d VB |
1432 | if (IS_ERR(newmask)) { |
| 1433 | ret = PTR_ERR(newmask); | |
| 1434 | goto errout_cleanup; | |
| 1435 | } | |
| 77b9900e | 1436 | |
| 05cd271f | 1437 | fnew->mask = newmask; |
| f48ef4d5 | 1438 | return 0; |
| 195c234d VB |
1439 | } else if (IS_ERR(fnew->mask)) { |
| 1440 | ret = PTR_ERR(fnew->mask); | |
| f6521c58 | 1441 | } else if (fold && fold->mask != fnew->mask) { |
| f48ef4d5 VB |
1442 | ret = -EINVAL; |
| 1443 | } else if (!refcount_inc_not_zero(&fnew->mask->refcnt)) { | |
| 1444 | /* Mask was deleted concurrently, try again */ | |
| 1445 | ret = -EAGAIN; | |
| 05cd271f | 1446 | } |
| f48ef4d5 VB |
1447 | rcu_read_unlock(); |
| 1448 | return ret; | |
| 195c234d VB |
1449 | |
| 1450 | errout_cleanup: | |
| 1451 | rhashtable_remove_fast(&head->ht, &mask->ht_node, | |
| 1452 | mask_ht_params); | |
| 195c234d | 1453 | return ret; |
| 77b9900e JP |
1454 | } |
| 1455 | ||
| 1456 | static int fl_set_parms(struct net *net, struct tcf_proto *tp, | |
| 1457 | struct cls_fl_filter *f, struct fl_flow_mask *mask, | |
| 1458 | unsigned long base, struct nlattr **tb, | |
| 50a56190 | 1459 | struct nlattr *est, bool ovr, |
| c24e43d8 | 1460 | struct fl_flow_tmplt *tmplt, bool rtnl_held, |
| 50a56190 | 1461 | struct netlink_ext_ack *extack) |
| 77b9900e | 1462 | { |
| 77b9900e JP |
1463 | int err; |
| 1464 | ||
| c24e43d8 | 1465 | err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, rtnl_held, |
| ec6743a1 | 1466 | extack); |
| 77b9900e JP |
1467 | if (err < 0) |
| 1468 | return err; | |
| 1469 | ||
| 1470 | if (tb[TCA_FLOWER_CLASSID]) { | |
| 1471 | f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]); | |
| c24e43d8 VB |
1472 | if (!rtnl_held) |
| 1473 | rtnl_lock(); | |
| 77b9900e | 1474 | tcf_bind_filter(tp, &f->res, base); |
| c24e43d8 VB |
1475 | if (!rtnl_held) |
| 1476 | rtnl_unlock(); | |
| 77b9900e JP |
1477 | } |
| 1478 | ||
| 1057c55f | 1479 | err = fl_set_key(net, tb, &f->key, &mask->key, extack); |
| 77b9900e | 1480 | if (err) |
| 45507529 | 1481 | return err; |
| 77b9900e JP |
1482 | |
| 1483 | fl_mask_update_range(mask); | |
| 1484 | fl_set_masked_key(&f->mkey, &f->key, mask); | |
| 1485 | ||
| b95ec7eb JP |
1486 | if (!fl_mask_fits_tmplt(tmplt, mask)) { |
| 1487 | NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template"); | |
| 1488 | return -EINVAL; | |
| 1489 | } | |
| 1490 | ||
| 77b9900e | 1491 | return 0; |
| 77b9900e JP |
1492 | } |
| 1493 | ||
| 1f17f774 VB |
1494 | static int fl_ht_insert_unique(struct cls_fl_filter *fnew, |
| 1495 | struct cls_fl_filter *fold, | |
| 1496 | bool *in_ht) | |
| 1497 | { | |
| 1498 | struct fl_flow_mask *mask = fnew->mask; | |
| 1499 | int err; | |
| 1500 | ||
| 9e35552a VB |
1501 | err = rhashtable_lookup_insert_fast(&mask->ht, |
| 1502 | &fnew->ht_node, | |
| 1503 | mask->filter_ht_params); | |
| 1f17f774 VB |
1504 | if (err) { |
| 1505 | *in_ht = false; | |
| 1506 | /* It is okay if filter with same key exists when | |
| 1507 | * overwriting. | |
| 1508 | */ | |
| 1509 | return fold && err == -EEXIST ? 0 : err; | |
| 1510 | } | |
| 1511 | ||
| 1512 | *in_ht = true; | |
| 1513 | return 0; | |
| 1514 | } | |
| 1515 | ||
| 77b9900e JP |
1516 | static int fl_change(struct net *net, struct sk_buff *in_skb, |
| 1517 | struct tcf_proto *tp, unsigned long base, | |
| 1518 | u32 handle, struct nlattr **tca, | |
| 12db03b6 VB |
1519 | void **arg, bool ovr, bool rtnl_held, |
| 1520 | struct netlink_ext_ack *extack) | |
| 77b9900e | 1521 | { |
| e474619a | 1522 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 8113c095 | 1523 | struct cls_fl_filter *fold = *arg; |
| 77b9900e | 1524 | struct cls_fl_filter *fnew; |
| 2cddd201 | 1525 | struct fl_flow_mask *mask; |
| 39b7b6a6 | 1526 | struct nlattr **tb; |
| 1f17f774 | 1527 | bool in_ht; |
| 77b9900e JP |
1528 | int err; |
| 1529 | ||
| 06177558 VB |
1530 | if (!tca[TCA_OPTIONS]) { |
| 1531 | err = -EINVAL; | |
| 1532 | goto errout_fold; | |
| 1533 | } | |
| 77b9900e | 1534 | |
| 2cddd201 | 1535 | mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL); |
| 06177558 VB |
1536 | if (!mask) { |
| 1537 | err = -ENOBUFS; | |
| 1538 | goto errout_fold; | |
| 1539 | } | |
| 39b7b6a6 | 1540 | |
| 2cddd201 IV |
1541 | tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL); |
| 1542 | if (!tb) { | |
| 1543 | err = -ENOBUFS; | |
| 1544 | goto errout_mask_alloc; | |
| 1545 | } | |
| 1546 | ||
| 8cb08174 JB |
1547 | err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX, |
| 1548 | tca[TCA_OPTIONS], fl_policy, NULL); | |
| 77b9900e | 1549 | if (err < 0) |
| 39b7b6a6 | 1550 | goto errout_tb; |
| 77b9900e | 1551 | |
| 39b7b6a6 AB |
1552 | if (fold && handle && fold->handle != handle) { |
| 1553 | err = -EINVAL; | |
| 1554 | goto errout_tb; | |
| 1555 | } | |
| 77b9900e JP |
1556 | |
| 1557 | fnew = kzalloc(sizeof(*fnew), GFP_KERNEL); | |
| 39b7b6a6 AB |
1558 | if (!fnew) { |
| 1559 | err = -ENOBUFS; | |
| 1560 | goto errout_tb; | |
| 1561 | } | |
| c049d56e | 1562 | INIT_LIST_HEAD(&fnew->hw_list); |
| 06177558 | 1563 | refcount_set(&fnew->refcnt, 1); |
| 77b9900e | 1564 | |
| 14215108 | 1565 | err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0); |
| b9a24bb7 WC |
1566 | if (err < 0) |
| 1567 | goto errout; | |
| 77b9900e | 1568 | |
| e69985c6 AV |
1569 | if (tb[TCA_FLOWER_FLAGS]) { |
| 1570 | fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]); | |
| 1571 | ||
| 1572 | if (!tc_flags_valid(fnew->flags)) { | |
| 1573 | err = -EINVAL; | |
| ecb3dea4 | 1574 | goto errout; |
| e69985c6 AV |
1575 | } |
| 1576 | } | |
| 5b33f488 | 1577 | |
| 2cddd201 | 1578 | err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr, |
| c24e43d8 | 1579 | tp->chain->tmplt_priv, rtnl_held, extack); |
| 77b9900e | 1580 | if (err) |
| ecb3dea4 | 1581 | goto errout; |
| 77b9900e | 1582 | |
| 2cddd201 | 1583 | err = fl_check_assign_mask(head, fnew, fold, mask); |
| 77b9900e | 1584 | if (err) |
| ecb3dea4 VB |
1585 | goto errout; |
| 1586 | ||
| 1f17f774 VB |
1587 | err = fl_ht_insert_unique(fnew, fold, &in_ht); |
| 1588 | if (err) | |
| 1589 | goto errout_mask; | |
| 1590 | ||
| 79685219 | 1591 | if (!tc_skip_hw(fnew->flags)) { |
| c24e43d8 | 1592 | err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack); |
| 79685219 | 1593 | if (err) |
| 1f17f774 | 1594 | goto errout_ht; |
| 79685219 | 1595 | } |
| 5b33f488 | 1596 | |
| 55593960 OG |
1597 | if (!tc_in_hw(fnew->flags)) |
| 1598 | fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW; | |
| 1599 | ||
| 3d81e711 VB |
1600 | spin_lock(&tp->lock); |
| 1601 | ||
| 272ffaad VB |
1602 | /* tp was deleted concurrently. -EAGAIN will cause caller to lookup |
| 1603 | * proto again or create new one, if necessary. | |
| 1604 | */ | |
| 1605 | if (tp->deleting) { | |
| 1606 | err = -EAGAIN; | |
| 1607 | goto errout_hw; | |
| 1608 | } | |
| 1609 | ||
| 5b33f488 | 1610 | if (fold) { |
| b2552b8c VB |
1611 | /* Fold filter was deleted concurrently. Retry lookup. */ |
| 1612 | if (fold->deleted) { | |
| 1613 | err = -EAGAIN; | |
| 1614 | goto errout_hw; | |
| 1615 | } | |
| 1616 | ||
| 620da486 VB |
1617 | fnew->handle = handle; |
| 1618 | ||
| 1f17f774 VB |
1619 | if (!in_ht) { |
| 1620 | struct rhashtable_params params = | |
| 1621 | fnew->mask->filter_ht_params; | |
| 1622 | ||
| 1623 | err = rhashtable_insert_fast(&fnew->mask->ht, | |
| 1624 | &fnew->ht_node, | |
| 1625 | params); | |
| 1626 | if (err) | |
| 1627 | goto errout_hw; | |
| 1628 | in_ht = true; | |
| 1629 | } | |
| 620da486 | 1630 | |
| c049d56e | 1631 | refcount_inc(&fnew->refcnt); |
| 599d2570 RD |
1632 | rhashtable_remove_fast(&fold->mask->ht, |
| 1633 | &fold->ht_node, | |
| 1634 | fold->mask->filter_ht_params); | |
| 234a4624 | 1635 | idr_replace(&head->handle_idr, fnew, fnew->handle); |
| ff3532f2 | 1636 | list_replace_rcu(&fold->list, &fnew->list); |
| b2552b8c | 1637 | fold->deleted = true; |
| 620da486 | 1638 | |
| 3d81e711 VB |
1639 | spin_unlock(&tp->lock); |
| 1640 | ||
| 9994677c | 1641 | fl_mask_put(head, fold->mask); |
| 620da486 | 1642 | if (!tc_skip_hw(fold->flags)) |
| c24e43d8 | 1643 | fl_hw_destroy_filter(tp, fold, rtnl_held, NULL); |
| 77b9900e | 1644 | tcf_unbind_filter(tp, &fold->res); |
| 06177558 VB |
1645 | /* Caller holds reference to fold, so refcnt is always > 0 |
| 1646 | * after this. | |
| 1647 | */ | |
| 1648 | refcount_dec(&fold->refcnt); | |
| 1649 | __fl_put(fold); | |
| 77b9900e | 1650 | } else { |
| 620da486 VB |
1651 | if (handle) { |
| 1652 | /* user specifies a handle and it doesn't exist */ | |
| 1653 | err = idr_alloc_u32(&head->handle_idr, fnew, &handle, | |
| 1654 | handle, GFP_ATOMIC); | |
| 9a2d9389 VB |
1655 | |
| 1656 | /* Filter with specified handle was concurrently | |
| 1657 | * inserted after initial check in cls_api. This is not | |
| 1658 | * necessarily an error if NLM_F_EXCL is not set in | |
| 1659 | * message flags. Returning EAGAIN will cause cls_api to | |
| 1660 | * try to update concurrently inserted rule. | |
| 1661 | */ | |
| 1662 | if (err == -ENOSPC) | |
| 1663 | err = -EAGAIN; | |
| 620da486 VB |
1664 | } else { |
| 1665 | handle = 1; | |
| 1666 | err = idr_alloc_u32(&head->handle_idr, fnew, &handle, | |
| 1667 | INT_MAX, GFP_ATOMIC); | |
| 1668 | } | |
| 1669 | if (err) | |
| 1670 | goto errout_hw; | |
| 1671 | ||
| c049d56e | 1672 | refcount_inc(&fnew->refcnt); |
| 620da486 | 1673 | fnew->handle = handle; |
| 05cd271f | 1674 | list_add_tail_rcu(&fnew->list, &fnew->mask->filters); |
| 3d81e711 | 1675 | spin_unlock(&tp->lock); |
| 77b9900e JP |
1676 | } |
| 1677 | ||
| 620da486 VB |
1678 | *arg = fnew; |
| 1679 | ||
| 39b7b6a6 | 1680 | kfree(tb); |
| 99815f50 | 1681 | tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work); |
| 77b9900e JP |
1682 | return 0; |
| 1683 | ||
| c049d56e VB |
1684 | errout_ht: |
| 1685 | spin_lock(&tp->lock); | |
| 620da486 | 1686 | errout_hw: |
| c049d56e | 1687 | fnew->deleted = true; |
| 3d81e711 | 1688 | spin_unlock(&tp->lock); |
| 620da486 | 1689 | if (!tc_skip_hw(fnew->flags)) |
| c24e43d8 | 1690 | fl_hw_destroy_filter(tp, fnew, rtnl_held, NULL); |
| 1f17f774 VB |
1691 | if (in_ht) |
| 1692 | rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node, | |
| 1693 | fnew->mask->filter_ht_params); | |
| ecb3dea4 | 1694 | errout_mask: |
| 9994677c | 1695 | fl_mask_put(head, fnew->mask); |
| 77b9900e | 1696 | errout: |
| c049d56e | 1697 | __fl_put(fnew); |
| 39b7b6a6 AB |
1698 | errout_tb: |
| 1699 | kfree(tb); | |
| 2cddd201 | 1700 | errout_mask_alloc: |
| 99815f50 | 1701 | tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work); |
| 06177558 VB |
1702 | errout_fold: |
| 1703 | if (fold) | |
| 1704 | __fl_put(fold); | |
| 77b9900e JP |
1705 | return err; |
| 1706 | } | |
| 1707 | ||
| 571acf21 | 1708 | static int fl_delete(struct tcf_proto *tp, void *arg, bool *last, |
| 12db03b6 | 1709 | bool rtnl_held, struct netlink_ext_ack *extack) |
| 77b9900e | 1710 | { |
| e474619a | 1711 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 8113c095 | 1712 | struct cls_fl_filter *f = arg; |
| b2552b8c VB |
1713 | bool last_on_mask; |
| 1714 | int err = 0; | |
| 77b9900e | 1715 | |
| c24e43d8 | 1716 | err = __fl_delete(tp, f, &last_on_mask, rtnl_held, extack); |
| 05cd271f | 1717 | *last = list_empty(&head->masks); |
| 06177558 VB |
1718 | __fl_put(f); |
| 1719 | ||
| b2552b8c | 1720 | return err; |
| 77b9900e JP |
1721 | } |
| 1722 | ||
| 12db03b6 VB |
1723 | static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg, |
| 1724 | bool rtnl_held) | |
| 77b9900e | 1725 | { |
| d39d7149 CW |
1726 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 1727 | unsigned long id = arg->cookie, tmp; | |
| 77b9900e | 1728 | struct cls_fl_filter *f; |
| 05cd271f | 1729 | |
| 01683a14 VB |
1730 | arg->count = arg->skip; |
| 1731 | ||
| d39d7149 CW |
1732 | idr_for_each_entry_continue_ul(&head->handle_idr, f, tmp, id) { |
| 1733 | /* don't return filters that are being deleted */ | |
| 1734 | if (!refcount_inc_not_zero(&f->refcnt)) | |
| 1735 | continue; | |
| 01683a14 | 1736 | if (arg->fn(tp, f, arg) < 0) { |
| 06177558 | 1737 | __fl_put(f); |
| 01683a14 VB |
1738 | arg->stop = 1; |
| 1739 | break; | |
| 05cd271f | 1740 | } |
| 06177558 | 1741 | __fl_put(f); |
| 01683a14 | 1742 | arg->count++; |
| 77b9900e | 1743 | } |
| d39d7149 | 1744 | arg->cookie = id; |
| 77b9900e JP |
1745 | } |
| 1746 | ||
| c049d56e VB |
1747 | static struct cls_fl_filter * |
| 1748 | fl_get_next_hw_filter(struct tcf_proto *tp, struct cls_fl_filter *f, bool add) | |
| 1749 | { | |
| 1750 | struct cls_fl_head *head = fl_head_dereference(tp); | |
| 1751 | ||
| 1752 | spin_lock(&tp->lock); | |
| 1753 | if (list_empty(&head->hw_filters)) { | |
| 1754 | spin_unlock(&tp->lock); | |
| 1755 | return NULL; | |
| 1756 | } | |
| 1757 | ||
| 1758 | if (!f) | |
| 1759 | f = list_entry(&head->hw_filters, struct cls_fl_filter, | |
| 1760 | hw_list); | |
| 1761 | list_for_each_entry_continue(f, &head->hw_filters, hw_list) { | |
| 1762 | if (!(add && f->deleted) && refcount_inc_not_zero(&f->refcnt)) { | |
| 1763 | spin_unlock(&tp->lock); | |
| 1764 | return f; | |
| 1765 | } | |
| 1766 | } | |
| 1767 | ||
| 1768 | spin_unlock(&tp->lock); | |
| 1769 | return NULL; | |
| 1770 | } | |
| 1771 | ||
| a7323311 | 1772 | static int fl_reoffload(struct tcf_proto *tp, bool add, flow_setup_cb_t *cb, |
| 31533cba JH |
1773 | void *cb_priv, struct netlink_ext_ack *extack) |
| 1774 | { | |
| 31533cba | 1775 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 1776 | struct flow_cls_offload cls_flower = {}; |
| c049d56e | 1777 | struct cls_fl_filter *f = NULL; |
| 31533cba JH |
1778 | int err; |
| 1779 | ||
| c049d56e VB |
1780 | /* hw_filters list can only be changed by hw offload functions after |
| 1781 | * obtaining rtnl lock. Make sure it is not changed while reoffload is | |
| 1782 | * iterating it. | |
| 1783 | */ | |
| 1784 | ASSERT_RTNL(); | |
| 3a7b6861 | 1785 | |
| c049d56e | 1786 | while ((f = fl_get_next_hw_filter(tp, f, add))) { |
| 95e27a4d JH |
1787 | cls_flower.rule = |
| 1788 | flow_rule_alloc(tcf_exts_num_actions(&f->exts)); | |
| 1789 | if (!cls_flower.rule) { | |
| 1790 | __fl_put(f); | |
| 1791 | return -ENOMEM; | |
| 1792 | } | |
| 31533cba | 1793 | |
| 95e27a4d | 1794 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, |
| d6787147 | 1795 | extack); |
| 95e27a4d | 1796 | cls_flower.command = add ? |
| f9e30088 | 1797 | FLOW_CLS_REPLACE : FLOW_CLS_DESTROY; |
| 95e27a4d JH |
1798 | cls_flower.cookie = (unsigned long)f; |
| 1799 | cls_flower.rule->match.dissector = &f->mask->dissector; | |
| 1800 | cls_flower.rule->match.mask = &f->mask->key; | |
| 1801 | cls_flower.rule->match.key = &f->mkey; | |
| 1802 | ||
| 9838b20a VB |
1803 | err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts, |
| 1804 | true); | |
| 95e27a4d | 1805 | if (err) { |
| 8f256622 | 1806 | kfree(cls_flower.rule); |
| 95e27a4d JH |
1807 | if (tc_skip_sw(f->flags)) { |
| 1808 | NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action"); | |
| 1809 | __fl_put(f); | |
| 1810 | return err; | |
| 31533cba | 1811 | } |
| 95e27a4d JH |
1812 | goto next_flow; |
| 1813 | } | |
| 31533cba | 1814 | |
| 95e27a4d JH |
1815 | cls_flower.classid = f->res.classid; |
| 1816 | ||
| 40119211 VB |
1817 | err = tc_setup_cb_reoffload(block, tp, add, cb, |
| 1818 | TC_SETUP_CLSFLOWER, &cls_flower, | |
| 1819 | cb_priv, &f->flags, | |
| 1820 | &f->in_hw_count); | |
| 5a6ff4b1 | 1821 | tc_cleanup_flow_action(&cls_flower.rule->action); |
| 95e27a4d JH |
1822 | kfree(cls_flower.rule); |
| 1823 | ||
| 1824 | if (err) { | |
| 40119211 VB |
1825 | __fl_put(f); |
| 1826 | return err; | |
| 31533cba | 1827 | } |
| 95e27a4d | 1828 | next_flow: |
| 95e27a4d | 1829 | __fl_put(f); |
| 31533cba JH |
1830 | } |
| 1831 | ||
| 1832 | return 0; | |
| 1833 | } | |
| 1834 | ||
| a449a3e7 VB |
1835 | static void fl_hw_add(struct tcf_proto *tp, void *type_data) |
| 1836 | { | |
| 1837 | struct flow_cls_offload *cls_flower = type_data; | |
| 1838 | struct cls_fl_filter *f = | |
| 1839 | (struct cls_fl_filter *) cls_flower->cookie; | |
| 1840 | struct cls_fl_head *head = fl_head_dereference(tp); | |
| 1841 | ||
| 1842 | spin_lock(&tp->lock); | |
| 1843 | list_add(&f->hw_list, &head->hw_filters); | |
| 1844 | spin_unlock(&tp->lock); | |
| 1845 | } | |
| 1846 | ||
| 1847 | static void fl_hw_del(struct tcf_proto *tp, void *type_data) | |
| 1848 | { | |
| 1849 | struct flow_cls_offload *cls_flower = type_data; | |
| 1850 | struct cls_fl_filter *f = | |
| 1851 | (struct cls_fl_filter *) cls_flower->cookie; | |
| 1852 | ||
| 1853 | spin_lock(&tp->lock); | |
| 1854 | if (!list_empty(&f->hw_list)) | |
| 1855 | list_del_init(&f->hw_list); | |
| 1856 | spin_unlock(&tp->lock); | |
| 1857 | } | |
| 1858 | ||
| 8f256622 PNA |
1859 | static int fl_hw_create_tmplt(struct tcf_chain *chain, |
| 1860 | struct fl_flow_tmplt *tmplt) | |
| 34738452 | 1861 | { |
| f9e30088 | 1862 | struct flow_cls_offload cls_flower = {}; |
| 34738452 | 1863 | struct tcf_block *block = chain->block; |
| 34738452 | 1864 | |
| e3ab786b | 1865 | cls_flower.rule = flow_rule_alloc(0); |
| 8f256622 PNA |
1866 | if (!cls_flower.rule) |
| 1867 | return -ENOMEM; | |
| 1868 | ||
| 34738452 | 1869 | cls_flower.common.chain_index = chain->index; |
| f9e30088 | 1870 | cls_flower.command = FLOW_CLS_TMPLT_CREATE; |
| 34738452 | 1871 | cls_flower.cookie = (unsigned long) tmplt; |
| 8f256622 PNA |
1872 | cls_flower.rule->match.dissector = &tmplt->dissector; |
| 1873 | cls_flower.rule->match.mask = &tmplt->mask; | |
| 1874 | cls_flower.rule->match.key = &tmplt->dummy_key; | |
| 34738452 JP |
1875 | |
| 1876 | /* We don't care if driver (any of them) fails to handle this | |
| 1877 | * call. It serves just as a hint for it. | |
| 1878 | */ | |
| 40119211 | 1879 | tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true); |
| 8f256622 PNA |
1880 | kfree(cls_flower.rule); |
| 1881 | ||
| 1882 | return 0; | |
| 34738452 JP |
1883 | } |
| 1884 | ||
| 1885 | static void fl_hw_destroy_tmplt(struct tcf_chain *chain, | |
| 1886 | struct fl_flow_tmplt *tmplt) | |
| 1887 | { | |
| f9e30088 | 1888 | struct flow_cls_offload cls_flower = {}; |
| 34738452 JP |
1889 | struct tcf_block *block = chain->block; |
| 1890 | ||
| 1891 | cls_flower.common.chain_index = chain->index; | |
| f9e30088 | 1892 | cls_flower.command = FLOW_CLS_TMPLT_DESTROY; |
| 34738452 JP |
1893 | cls_flower.cookie = (unsigned long) tmplt; |
| 1894 | ||
| 40119211 | 1895 | tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true); |
| 34738452 JP |
1896 | } |
| 1897 | ||
| b95ec7eb JP |
1898 | static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain, |
| 1899 | struct nlattr **tca, | |
| 1900 | struct netlink_ext_ack *extack) | |
| 1901 | { | |
| 1902 | struct fl_flow_tmplt *tmplt; | |
| 1903 | struct nlattr **tb; | |
| 1904 | int err; | |
| 1905 | ||
| 1906 | if (!tca[TCA_OPTIONS]) | |
| 1907 | return ERR_PTR(-EINVAL); | |
| 1908 | ||
| 1909 | tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL); | |
| 1910 | if (!tb) | |
| 1911 | return ERR_PTR(-ENOBUFS); | |
| 8cb08174 JB |
1912 | err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX, |
| 1913 | tca[TCA_OPTIONS], fl_policy, NULL); | |
| b95ec7eb JP |
1914 | if (err) |
| 1915 | goto errout_tb; | |
| 1916 | ||
| 1917 | tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL); | |
| 1cbc36a5 DC |
1918 | if (!tmplt) { |
| 1919 | err = -ENOMEM; | |
| b95ec7eb | 1920 | goto errout_tb; |
| 1cbc36a5 | 1921 | } |
| b95ec7eb JP |
1922 | tmplt->chain = chain; |
| 1923 | err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack); | |
| 1924 | if (err) | |
| 1925 | goto errout_tmplt; | |
| b95ec7eb JP |
1926 | |
| 1927 | fl_init_dissector(&tmplt->dissector, &tmplt->mask); | |
| 1928 | ||
| 8f256622 PNA |
1929 | err = fl_hw_create_tmplt(chain, tmplt); |
| 1930 | if (err) | |
| 1931 | goto errout_tmplt; | |
| 34738452 | 1932 | |
| 8f256622 | 1933 | kfree(tb); |
| b95ec7eb JP |
1934 | return tmplt; |
| 1935 | ||
| 1936 | errout_tmplt: | |
| 1937 | kfree(tmplt); | |
| 1938 | errout_tb: | |
| 1939 | kfree(tb); | |
| 1940 | return ERR_PTR(err); | |
| 1941 | } | |
| 1942 | ||
| ec3ed293 VB |
1943 | static void fl_tmplt_destroy(void *tmplt_priv) |
| 1944 | { | |
| 1945 | struct fl_flow_tmplt *tmplt = tmplt_priv; | |
| 1946 | ||
| 95278dda CW |
1947 | fl_hw_destroy_tmplt(tmplt->chain, tmplt); |
| 1948 | kfree(tmplt); | |
| ec3ed293 VB |
1949 | } |
| 1950 | ||
| 77b9900e JP |
1951 | static int fl_dump_key_val(struct sk_buff *skb, |
| 1952 | void *val, int val_type, | |
| 1953 | void *mask, int mask_type, int len) | |
| 1954 | { | |
| 1955 | int err; | |
| 1956 | ||
| 1957 | if (!memchr_inv(mask, 0, len)) | |
| 1958 | return 0; | |
| 1959 | err = nla_put(skb, val_type, len, val); | |
| 1960 | if (err) | |
| 1961 | return err; | |
| 1962 | if (mask_type != TCA_FLOWER_UNSPEC) { | |
| 1963 | err = nla_put(skb, mask_type, len, mask); | |
| 1964 | if (err) | |
| 1965 | return err; | |
| 1966 | } | |
| 1967 | return 0; | |
| 1968 | } | |
| 1969 | ||
| 5c72299f AN |
1970 | static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key, |
| 1971 | struct fl_flow_key *mask) | |
| 1972 | { | |
| 1973 | if (fl_dump_key_val(skb, &key->tp_min.dst, TCA_FLOWER_KEY_PORT_DST_MIN, | |
| 1974 | &mask->tp_min.dst, TCA_FLOWER_UNSPEC, | |
| 1975 | sizeof(key->tp_min.dst)) || | |
| 1976 | fl_dump_key_val(skb, &key->tp_max.dst, TCA_FLOWER_KEY_PORT_DST_MAX, | |
| 1977 | &mask->tp_max.dst, TCA_FLOWER_UNSPEC, | |
| 1978 | sizeof(key->tp_max.dst)) || | |
| 1979 | fl_dump_key_val(skb, &key->tp_min.src, TCA_FLOWER_KEY_PORT_SRC_MIN, | |
| 1980 | &mask->tp_min.src, TCA_FLOWER_UNSPEC, | |
| 1981 | sizeof(key->tp_min.src)) || | |
| 1982 | fl_dump_key_val(skb, &key->tp_max.src, TCA_FLOWER_KEY_PORT_SRC_MAX, | |
| 1983 | &mask->tp_max.src, TCA_FLOWER_UNSPEC, | |
| 1984 | sizeof(key->tp_max.src))) | |
| 1985 | return -1; | |
| 1986 | ||
| 1987 | return 0; | |
| 1988 | } | |
| 1989 | ||
| a577d8f7 BL |
1990 | static int fl_dump_key_mpls(struct sk_buff *skb, |
| 1991 | struct flow_dissector_key_mpls *mpls_key, | |
| 1992 | struct flow_dissector_key_mpls *mpls_mask) | |
| 1993 | { | |
| 1994 | int err; | |
| 1995 | ||
| 1996 | if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask))) | |
| 1997 | return 0; | |
| 1998 | if (mpls_mask->mpls_ttl) { | |
| 1999 | err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL, | |
| 2000 | mpls_key->mpls_ttl); | |
| 2001 | if (err) | |
| 2002 | return err; | |
| 2003 | } | |
| 2004 | if (mpls_mask->mpls_tc) { | |
| 2005 | err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC, | |
| 2006 | mpls_key->mpls_tc); | |
| 2007 | if (err) | |
| 2008 | return err; | |
| 2009 | } | |
| 2010 | if (mpls_mask->mpls_label) { | |
| 2011 | err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL, | |
| 2012 | mpls_key->mpls_label); | |
| 2013 | if (err) | |
| 2014 | return err; | |
| 2015 | } | |
| 2016 | if (mpls_mask->mpls_bos) { | |
| 2017 | err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS, | |
| 2018 | mpls_key->mpls_bos); | |
| 2019 | if (err) | |
| 2020 | return err; | |
| 2021 | } | |
| 2022 | return 0; | |
| 2023 | } | |
| 2024 | ||
| 0e2c17b6 | 2025 | static int fl_dump_key_ip(struct sk_buff *skb, bool encap, |
| 4d80cc0a OG |
2026 | struct flow_dissector_key_ip *key, |
| 2027 | struct flow_dissector_key_ip *mask) | |
| 2028 | { | |
| 0e2c17b6 OG |
2029 | int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS; |
| 2030 | int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL; | |
| 2031 | int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK; | |
| 2032 | int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK; | |
| 2033 | ||
| 2034 | if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) || | |
| 2035 | fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl))) | |
| 4d80cc0a OG |
2036 | return -1; |
| 2037 | ||
| 2038 | return 0; | |
| 2039 | } | |
| 2040 | ||
| 9399ae9a | 2041 | static int fl_dump_key_vlan(struct sk_buff *skb, |
| d64efd09 | 2042 | int vlan_id_key, int vlan_prio_key, |
| 9399ae9a HHZ |
2043 | struct flow_dissector_key_vlan *vlan_key, |
| 2044 | struct flow_dissector_key_vlan *vlan_mask) | |
| 2045 | { | |
| 2046 | int err; | |
| 2047 | ||
| 2048 | if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask))) | |
| 2049 | return 0; | |
| 2050 | if (vlan_mask->vlan_id) { | |
| d64efd09 | 2051 | err = nla_put_u16(skb, vlan_id_key, |
| 9399ae9a HHZ |
2052 | vlan_key->vlan_id); |
| 2053 | if (err) | |
| 2054 | return err; | |
| 2055 | } | |
| 2056 | if (vlan_mask->vlan_priority) { | |
| d64efd09 | 2057 | err = nla_put_u8(skb, vlan_prio_key, |
| 9399ae9a HHZ |
2058 | vlan_key->vlan_priority); |
| 2059 | if (err) | |
| 2060 | return err; | |
| 2061 | } | |
| 2062 | return 0; | |
| 2063 | } | |
| 2064 | ||
| faa3ffce OG |
2065 | static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask, |
| 2066 | u32 *flower_key, u32 *flower_mask, | |
| 2067 | u32 flower_flag_bit, u32 dissector_flag_bit) | |
| 2068 | { | |
| 2069 | if (dissector_mask & dissector_flag_bit) { | |
| 2070 | *flower_mask |= flower_flag_bit; | |
| 2071 | if (dissector_key & dissector_flag_bit) | |
| 2072 | *flower_key |= flower_flag_bit; | |
| 2073 | } | |
| 2074 | } | |
| 2075 | ||
| 2076 | static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask) | |
| 2077 | { | |
| 2078 | u32 key, mask; | |
| 2079 | __be32 _key, _mask; | |
| 2080 | int err; | |
| 2081 | ||
| 2082 | if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask))) | |
| 2083 | return 0; | |
| 2084 | ||
| 2085 | key = 0; | |
| 2086 | mask = 0; | |
| 2087 | ||
| 2088 | fl_get_key_flag(flags_key, flags_mask, &key, &mask, | |
| 2089 | TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); | |
| 459d153d PJV |
2090 | fl_get_key_flag(flags_key, flags_mask, &key, &mask, |
| 2091 | TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, | |
| 2092 | FLOW_DIS_FIRST_FRAG); | |
| faa3ffce OG |
2093 | |
| 2094 | _key = cpu_to_be32(key); | |
| 2095 | _mask = cpu_to_be32(mask); | |
| 2096 | ||
| 2097 | err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key); | |
| 2098 | if (err) | |
| 2099 | return err; | |
| 2100 | ||
| 2101 | return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask); | |
| 2102 | } | |
| 2103 | ||
| 0a6e7778 PJV |
2104 | static int fl_dump_key_geneve_opt(struct sk_buff *skb, |
| 2105 | struct flow_dissector_key_enc_opts *enc_opts) | |
| 2106 | { | |
| 2107 | struct geneve_opt *opt; | |
| 2108 | struct nlattr *nest; | |
| 2109 | int opt_off = 0; | |
| 2110 | ||
| ae0be8de | 2111 | nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE); |
| 0a6e7778 PJV |
2112 | if (!nest) |
| 2113 | goto nla_put_failure; | |
| 2114 | ||
| 2115 | while (enc_opts->len > opt_off) { | |
| 2116 | opt = (struct geneve_opt *)&enc_opts->data[opt_off]; | |
| 2117 | ||
| 2118 | if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS, | |
| 2119 | opt->opt_class)) | |
| 2120 | goto nla_put_failure; | |
| 2121 | if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE, | |
| 2122 | opt->type)) | |
| 2123 | goto nla_put_failure; | |
| 2124 | if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA, | |
| 2125 | opt->length * 4, opt->opt_data)) | |
| 2126 | goto nla_put_failure; | |
| 2127 | ||
| 2128 | opt_off += sizeof(struct geneve_opt) + opt->length * 4; | |
| 2129 | } | |
| 2130 | nla_nest_end(skb, nest); | |
| 2131 | return 0; | |
| 2132 | ||
| 2133 | nla_put_failure: | |
| 2134 | nla_nest_cancel(skb, nest); | |
| 2135 | return -EMSGSIZE; | |
| 2136 | } | |
| 2137 | ||
| e0ace68a PB |
2138 | static int fl_dump_key_ct(struct sk_buff *skb, |
| 2139 | struct flow_dissector_key_ct *key, | |
| 2140 | struct flow_dissector_key_ct *mask) | |
| 2141 | { | |
| 2142 | if (IS_ENABLED(CONFIG_NF_CONNTRACK) && | |
| 2143 | fl_dump_key_val(skb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE, | |
| 2144 | &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK, | |
| 2145 | sizeof(key->ct_state))) | |
| 2146 | goto nla_put_failure; | |
| 2147 | ||
| 2148 | if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) && | |
| 2149 | fl_dump_key_val(skb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE, | |
| 2150 | &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK, | |
| 2151 | sizeof(key->ct_zone))) | |
| 2152 | goto nla_put_failure; | |
| 2153 | ||
| 2154 | if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) && | |
| 2155 | fl_dump_key_val(skb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK, | |
| 2156 | &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK, | |
| 2157 | sizeof(key->ct_mark))) | |
| 2158 | goto nla_put_failure; | |
| 2159 | ||
| 2160 | if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) && | |
| 2161 | fl_dump_key_val(skb, &key->ct_labels, TCA_FLOWER_KEY_CT_LABELS, | |
| 2162 | &mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK, | |
| 2163 | sizeof(key->ct_labels))) | |
| 2164 | goto nla_put_failure; | |
| 2165 | ||
| 2166 | return 0; | |
| 2167 | ||
| 2168 | nla_put_failure: | |
| 2169 | return -EMSGSIZE; | |
| 2170 | } | |
| 2171 | ||
| 0a6e7778 PJV |
2172 | static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type, |
| 2173 | struct flow_dissector_key_enc_opts *enc_opts) | |
| 2174 | { | |
| 2175 | struct nlattr *nest; | |
| 2176 | int err; | |
| 2177 | ||
| 2178 | if (!enc_opts->len) | |
| 2179 | return 0; | |
| 2180 | ||
| ae0be8de | 2181 | nest = nla_nest_start_noflag(skb, enc_opt_type); |
| 0a6e7778 PJV |
2182 | if (!nest) |
| 2183 | goto nla_put_failure; | |
| 2184 | ||
| 2185 | switch (enc_opts->dst_opt_type) { | |
| 2186 | case TUNNEL_GENEVE_OPT: | |
| 2187 | err = fl_dump_key_geneve_opt(skb, enc_opts); | |
| 2188 | if (err) | |
| 2189 | goto nla_put_failure; | |
| 2190 | break; | |
| 2191 | default: | |
| 2192 | goto nla_put_failure; | |
| 2193 | } | |
| 2194 | nla_nest_end(skb, nest); | |
| 2195 | return 0; | |
| 2196 | ||
| 2197 | nla_put_failure: | |
| 2198 | nla_nest_cancel(skb, nest); | |
| 2199 | return -EMSGSIZE; | |
| 2200 | } | |
| 2201 | ||
| 2202 | static int fl_dump_key_enc_opt(struct sk_buff *skb, | |
| 2203 | struct flow_dissector_key_enc_opts *key_opts, | |
| 2204 | struct flow_dissector_key_enc_opts *msk_opts) | |
| 2205 | { | |
| 2206 | int err; | |
| 2207 | ||
| 2208 | err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts); | |
| 2209 | if (err) | |
| 2210 | return err; | |
| 2211 | ||
| 2212 | return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts); | |
| 2213 | } | |
| 2214 | ||
| f5749081 JP |
2215 | static int fl_dump_key(struct sk_buff *skb, struct net *net, |
| 2216 | struct fl_flow_key *key, struct fl_flow_key *mask) | |
| 77b9900e | 2217 | { |
| 8212ed77 | 2218 | if (mask->meta.ingress_ifindex) { |
| 77b9900e JP |
2219 | struct net_device *dev; |
| 2220 | ||
| 8212ed77 | 2221 | dev = __dev_get_by_index(net, key->meta.ingress_ifindex); |
| 77b9900e JP |
2222 | if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name)) |
| 2223 | goto nla_put_failure; | |
| 2224 | } | |
| 2225 | ||
| 2226 | if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, | |
| 2227 | mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, | |
| 2228 | sizeof(key->eth.dst)) || | |
| 2229 | fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, | |
| 2230 | mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, | |
| 2231 | sizeof(key->eth.src)) || | |
| 2232 | fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE, | |
| 2233 | &mask->basic.n_proto, TCA_FLOWER_UNSPEC, | |
| 2234 | sizeof(key->basic.n_proto))) | |
| 2235 | goto nla_put_failure; | |
| 9399ae9a | 2236 | |
| a577d8f7 BL |
2237 | if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls)) |
| 2238 | goto nla_put_failure; | |
| 2239 | ||
| d64efd09 JL |
2240 | if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID, |
| 2241 | TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan)) | |
| 9399ae9a HHZ |
2242 | goto nla_put_failure; |
| 2243 | ||
| d64efd09 JL |
2244 | if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID, |
| 2245 | TCA_FLOWER_KEY_CVLAN_PRIO, | |
| 2246 | &key->cvlan, &mask->cvlan) || | |
| 2247 | (mask->cvlan.vlan_tpid && | |
| 158abbf1 JL |
2248 | nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE, |
| 2249 | key->cvlan.vlan_tpid))) | |
| d3069512 JL |
2250 | goto nla_put_failure; |
| 2251 | ||
| 5e9a0fe4 JL |
2252 | if (mask->basic.n_proto) { |
| 2253 | if (mask->cvlan.vlan_tpid) { | |
| 2254 | if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE, | |
| 2255 | key->basic.n_proto)) | |
| 2256 | goto nla_put_failure; | |
| 2257 | } else if (mask->vlan.vlan_tpid) { | |
| 2258 | if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE, | |
| 2259 | key->basic.n_proto)) | |
| 2260 | goto nla_put_failure; | |
| 2261 | } | |
| d64efd09 JL |
2262 | } |
| 2263 | ||
| 77b9900e JP |
2264 | if ((key->basic.n_proto == htons(ETH_P_IP) || |
| 2265 | key->basic.n_proto == htons(ETH_P_IPV6)) && | |
| 4d80cc0a | 2266 | (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, |
| 77b9900e | 2267 | &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, |
| 4d80cc0a | 2268 | sizeof(key->basic.ip_proto)) || |
| 0e2c17b6 | 2269 | fl_dump_key_ip(skb, false, &key->ip, &mask->ip))) |
| 77b9900e JP |
2270 | goto nla_put_failure; |
| 2271 | ||
| c3f83241 | 2272 | if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && |
| 77b9900e JP |
2273 | (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, |
| 2274 | &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, | |
| 2275 | sizeof(key->ipv4.src)) || | |
| 2276 | fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, | |
| 2277 | &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, | |
| 2278 | sizeof(key->ipv4.dst)))) | |
| 2279 | goto nla_put_failure; | |
| c3f83241 | 2280 | else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && |
| 77b9900e JP |
2281 | (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, |
| 2282 | &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, | |
| 2283 | sizeof(key->ipv6.src)) || | |
| 2284 | fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, | |
| 2285 | &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, | |
| 2286 | sizeof(key->ipv6.dst)))) | |
| 2287 | goto nla_put_failure; | |
| 2288 | ||
| 2289 | if (key->basic.ip_proto == IPPROTO_TCP && | |
| 2290 | (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, | |
| aa72d708 | 2291 | &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, |
| 77b9900e JP |
2292 | sizeof(key->tp.src)) || |
| 2293 | fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, | |
| aa72d708 | 2294 | &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, |
| fdfc7dd6 JP |
2295 | sizeof(key->tp.dst)) || |
| 2296 | fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, | |
| 2297 | &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, | |
| 2298 | sizeof(key->tcp.flags)))) | |
| 77b9900e JP |
2299 | goto nla_put_failure; |
| 2300 | else if (key->basic.ip_proto == IPPROTO_UDP && | |
| 2301 | (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, | |
| aa72d708 | 2302 | &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, |
| 77b9900e JP |
2303 | sizeof(key->tp.src)) || |
| 2304 | fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, | |
| aa72d708 | 2305 | &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, |
| 5976c5f4 SH |
2306 | sizeof(key->tp.dst)))) |
| 2307 | goto nla_put_failure; | |
| 2308 | else if (key->basic.ip_proto == IPPROTO_SCTP && | |
| 2309 | (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, | |
| 2310 | &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, | |
| 2311 | sizeof(key->tp.src)) || | |
| 2312 | fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, | |
| 2313 | &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, | |
| 77b9900e JP |
2314 | sizeof(key->tp.dst)))) |
| 2315 | goto nla_put_failure; | |
| 7b684884 SH |
2316 | else if (key->basic.n_proto == htons(ETH_P_IP) && |
| 2317 | key->basic.ip_proto == IPPROTO_ICMP && | |
| 2318 | (fl_dump_key_val(skb, &key->icmp.type, | |
| 2319 | TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type, | |
| 2320 | TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, | |
| 2321 | sizeof(key->icmp.type)) || | |
| 2322 | fl_dump_key_val(skb, &key->icmp.code, | |
| 2323 | TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code, | |
| 2324 | TCA_FLOWER_KEY_ICMPV4_CODE_MASK, | |
| 2325 | sizeof(key->icmp.code)))) | |
| 2326 | goto nla_put_failure; | |
| 2327 | else if (key->basic.n_proto == htons(ETH_P_IPV6) && | |
| 2328 | key->basic.ip_proto == IPPROTO_ICMPV6 && | |
| 2329 | (fl_dump_key_val(skb, &key->icmp.type, | |
| 2330 | TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type, | |
| 2331 | TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, | |
| 2332 | sizeof(key->icmp.type)) || | |
| 2333 | fl_dump_key_val(skb, &key->icmp.code, | |
| 2334 | TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code, | |
| 2335 | TCA_FLOWER_KEY_ICMPV6_CODE_MASK, | |
| 2336 | sizeof(key->icmp.code)))) | |
| 2337 | goto nla_put_failure; | |
| 99d31326 SH |
2338 | else if ((key->basic.n_proto == htons(ETH_P_ARP) || |
| 2339 | key->basic.n_proto == htons(ETH_P_RARP)) && | |
| 2340 | (fl_dump_key_val(skb, &key->arp.sip, | |
| 2341 | TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip, | |
| 2342 | TCA_FLOWER_KEY_ARP_SIP_MASK, | |
| 2343 | sizeof(key->arp.sip)) || | |
| 2344 | fl_dump_key_val(skb, &key->arp.tip, | |
| 2345 | TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip, | |
| 2346 | TCA_FLOWER_KEY_ARP_TIP_MASK, | |
| 2347 | sizeof(key->arp.tip)) || | |
| 2348 | fl_dump_key_val(skb, &key->arp.op, | |
| 2349 | TCA_FLOWER_KEY_ARP_OP, &mask->arp.op, | |
| 2350 | TCA_FLOWER_KEY_ARP_OP_MASK, | |
| 2351 | sizeof(key->arp.op)) || | |
| 2352 | fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, | |
| 2353 | mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, | |
| 2354 | sizeof(key->arp.sha)) || | |
| 2355 | fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, | |
| 2356 | mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, | |
| 2357 | sizeof(key->arp.tha)))) | |
| 2358 | goto nla_put_failure; | |
| 77b9900e | 2359 | |
| 5c72299f AN |
2360 | if ((key->basic.ip_proto == IPPROTO_TCP || |
| 2361 | key->basic.ip_proto == IPPROTO_UDP || | |
| 2362 | key->basic.ip_proto == IPPROTO_SCTP) && | |
| 2363 | fl_dump_key_port_range(skb, key, mask)) | |
| 2364 | goto nla_put_failure; | |
| 2365 | ||
| bc3103f1 AV |
2366 | if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && |
| 2367 | (fl_dump_key_val(skb, &key->enc_ipv4.src, | |
| 2368 | TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src, | |
| 2369 | TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, | |
| 2370 | sizeof(key->enc_ipv4.src)) || | |
| 2371 | fl_dump_key_val(skb, &key->enc_ipv4.dst, | |
| 2372 | TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst, | |
| 2373 | TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, | |
| 2374 | sizeof(key->enc_ipv4.dst)))) | |
| 2375 | goto nla_put_failure; | |
| 2376 | else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && | |
| 2377 | (fl_dump_key_val(skb, &key->enc_ipv6.src, | |
| 2378 | TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src, | |
| 2379 | TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, | |
| 2380 | sizeof(key->enc_ipv6.src)) || | |
| 2381 | fl_dump_key_val(skb, &key->enc_ipv6.dst, | |
| 2382 | TCA_FLOWER_KEY_ENC_IPV6_DST, | |
| 2383 | &mask->enc_ipv6.dst, | |
| 2384 | TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, | |
| 2385 | sizeof(key->enc_ipv6.dst)))) | |
| 2386 | goto nla_put_failure; | |
| 2387 | ||
| 2388 | if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID, | |
| eb523f42 | 2389 | &mask->enc_key_id, TCA_FLOWER_UNSPEC, |
| f4d997fd HHZ |
2390 | sizeof(key->enc_key_id)) || |
| 2391 | fl_dump_key_val(skb, &key->enc_tp.src, | |
| 2392 | TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, | |
| 2393 | &mask->enc_tp.src, | |
| 2394 | TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, | |
| 2395 | sizeof(key->enc_tp.src)) || | |
| 2396 | fl_dump_key_val(skb, &key->enc_tp.dst, | |
| 2397 | TCA_FLOWER_KEY_ENC_UDP_DST_PORT, | |
| 2398 | &mask->enc_tp.dst, | |
| 2399 | TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, | |
| 0e2c17b6 | 2400 | sizeof(key->enc_tp.dst)) || |
| 0a6e7778 PJV |
2401 | fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) || |
| 2402 | fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts)) | |
| bc3103f1 AV |
2403 | goto nla_put_failure; |
| 2404 | ||
| e0ace68a PB |
2405 | if (fl_dump_key_ct(skb, &key->ct, &mask->ct)) |
| 2406 | goto nla_put_failure; | |
| 2407 | ||
| faa3ffce OG |
2408 | if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags)) |
| 2409 | goto nla_put_failure; | |
| 2410 | ||
| f5749081 JP |
2411 | return 0; |
| 2412 | ||
| 2413 | nla_put_failure: | |
| 2414 | return -EMSGSIZE; | |
| 2415 | } | |
| 2416 | ||
| 2417 | static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh, | |
| 12db03b6 | 2418 | struct sk_buff *skb, struct tcmsg *t, bool rtnl_held) |
| f5749081 JP |
2419 | { |
| 2420 | struct cls_fl_filter *f = fh; | |
| 2421 | struct nlattr *nest; | |
| 2422 | struct fl_flow_key *key, *mask; | |
| 3d81e711 | 2423 | bool skip_hw; |
| f5749081 JP |
2424 | |
| 2425 | if (!f) | |
| 2426 | return skb->len; | |
| 2427 | ||
| 2428 | t->tcm_handle = f->handle; | |
| 2429 | ||
| ae0be8de | 2430 | nest = nla_nest_start_noflag(skb, TCA_OPTIONS); |
| f5749081 JP |
2431 | if (!nest) |
| 2432 | goto nla_put_failure; | |
| 2433 | ||
| 3d81e711 VB |
2434 | spin_lock(&tp->lock); |
| 2435 | ||
| f5749081 JP |
2436 | if (f->res.classid && |
| 2437 | nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid)) | |
| 3d81e711 | 2438 | goto nla_put_failure_locked; |
| f5749081 JP |
2439 | |
| 2440 | key = &f->key; | |
| 2441 | mask = &f->mask->key; | |
| 3d81e711 | 2442 | skip_hw = tc_skip_hw(f->flags); |
| f5749081 JP |
2443 | |
| 2444 | if (fl_dump_key(skb, net, key, mask)) | |
| 3d81e711 | 2445 | goto nla_put_failure_locked; |
| f5749081 | 2446 | |
| 749e6720 | 2447 | if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags)) |
| 3d81e711 VB |
2448 | goto nla_put_failure_locked; |
| 2449 | ||
| 2450 | spin_unlock(&tp->lock); | |
| 2451 | ||
| 2452 | if (!skip_hw) | |
| c24e43d8 | 2453 | fl_hw_update_stats(tp, f, rtnl_held); |
| e69985c6 | 2454 | |
| 86c55361 VB |
2455 | if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count)) |
| 2456 | goto nla_put_failure; | |
| 2457 | ||
| 77b9900e JP |
2458 | if (tcf_exts_dump(skb, &f->exts)) |
| 2459 | goto nla_put_failure; | |
| 2460 | ||
| 2461 | nla_nest_end(skb, nest); | |
| 2462 | ||
| 2463 | if (tcf_exts_dump_stats(skb, &f->exts) < 0) | |
| 2464 | goto nla_put_failure; | |
| 2465 | ||
| 2466 | return skb->len; | |
| 2467 | ||
| 3d81e711 VB |
2468 | nla_put_failure_locked: |
| 2469 | spin_unlock(&tp->lock); | |
| 77b9900e JP |
2470 | nla_put_failure: |
| 2471 | nla_nest_cancel(skb, nest); | |
| 2472 | return -1; | |
| 2473 | } | |
| 2474 | ||
| b95ec7eb JP |
2475 | static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv) |
| 2476 | { | |
| 2477 | struct fl_flow_tmplt *tmplt = tmplt_priv; | |
| 2478 | struct fl_flow_key *key, *mask; | |
| 2479 | struct nlattr *nest; | |
| 2480 | ||
| ae0be8de | 2481 | nest = nla_nest_start_noflag(skb, TCA_OPTIONS); |
| b95ec7eb JP |
2482 | if (!nest) |
| 2483 | goto nla_put_failure; | |
| 2484 | ||
| 2485 | key = &tmplt->dummy_key; | |
| 2486 | mask = &tmplt->mask; | |
| 2487 | ||
| 2488 | if (fl_dump_key(skb, net, key, mask)) | |
| 2489 | goto nla_put_failure; | |
| 2490 | ||
| 2491 | nla_nest_end(skb, nest); | |
| 2492 | ||
| 2493 | return skb->len; | |
| 2494 | ||
| 2495 | nla_put_failure: | |
| 2496 | nla_nest_cancel(skb, nest); | |
| 2497 | return -EMSGSIZE; | |
| 2498 | } | |
| 2499 | ||
| 07d79fc7 CW |
2500 | static void fl_bind_class(void *fh, u32 classid, unsigned long cl) |
| 2501 | { | |
| 2502 | struct cls_fl_filter *f = fh; | |
| 2503 | ||
| 2504 | if (f && f->res.classid == classid) | |
| 2505 | f->res.class = cl; | |
| 2506 | } | |
| 2507 | ||
| 77b9900e JP |
2508 | static struct tcf_proto_ops cls_fl_ops __read_mostly = { |
| 2509 | .kind = "flower", | |
| 2510 | .classify = fl_classify, | |
| 2511 | .init = fl_init, | |
| 2512 | .destroy = fl_destroy, | |
| 2513 | .get = fl_get, | |
| 06177558 | 2514 | .put = fl_put, |
| 77b9900e JP |
2515 | .change = fl_change, |
| 2516 | .delete = fl_delete, | |
| 2517 | .walk = fl_walk, | |
| 31533cba | 2518 | .reoffload = fl_reoffload, |
| a449a3e7 VB |
2519 | .hw_add = fl_hw_add, |
| 2520 | .hw_del = fl_hw_del, | |
| 77b9900e | 2521 | .dump = fl_dump, |
| 07d79fc7 | 2522 | .bind_class = fl_bind_class, |
| b95ec7eb JP |
2523 | .tmplt_create = fl_tmplt_create, |
| 2524 | .tmplt_destroy = fl_tmplt_destroy, | |
| 2525 | .tmplt_dump = fl_tmplt_dump, | |
| 77b9900e | 2526 | .owner = THIS_MODULE, |
| 92149190 | 2527 | .flags = TCF_PROTO_OPS_DOIT_UNLOCKED, |
| 77b9900e JP |
2528 | }; |
| 2529 | ||
| 2530 | static int __init cls_fl_init(void) | |
| 2531 | { | |
| 2532 | return register_tcf_proto_ops(&cls_fl_ops); | |
| 2533 | } | |
| 2534 | ||
| 2535 | static void __exit cls_fl_exit(void) | |
| 2536 | { | |
| 2537 | unregister_tcf_proto_ops(&cls_fl_ops); | |
| 2538 | } | |
| 2539 | ||
| 2540 | module_init(cls_fl_init); | |
| 2541 | module_exit(cls_fl_exit); | |
| 2542 | ||
| 2543 | MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>"); | |
| 2544 | MODULE_DESCRIPTION("Flower classifier"); | |
| 2545 | MODULE_LICENSE("GPL v2"); |