]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - net/sched/cls_flower.c
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net/dccp: fix use-after-free in dccp_invalid_packet
[mirror_ubuntu-hirsute-kernel.git] / net / sched / cls_flower.c
CommitLineData
77b9900e
JP		 1/*
2 * net/sched/cls_flower.c Flower classifier
3 *
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12#include <linux/kernel.h>
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/rhashtable.h>
d9363774 16#include <linux/workqueue.h>
77b9900e
JP		 17
18#include <linux/if_ether.h>
19#include <linux/in6.h>
20#include <linux/ip.h>
21
22#include <net/sch_generic.h>
23#include <net/pkt_cls.h>
24#include <net/ip.h>
25#include <net/flow_dissector.h>
26
bc3103f1
AV		 27#include <net/dst.h>
28#include <net/dst_metadata.h>
29
77b9900e
JP		 30struct fl_flow_key {
31 int indev_ifindex;
42aecaa9 32 struct flow_dissector_key_control control;
bc3103f1 33 struct flow_dissector_key_control enc_control;
77b9900e
JP		 34 struct flow_dissector_key_basic basic;
35 struct flow_dissector_key_eth_addrs eth;
9399ae9a 36 struct flow_dissector_key_vlan vlan;
77b9900e 37 union {
c3f83241 38 struct flow_dissector_key_ipv4_addrs ipv4;
77b9900e
JP		 39 struct flow_dissector_key_ipv6_addrs ipv6;
40 };
41 struct flow_dissector_key_ports tp;
bc3103f1
AV		 42 struct flow_dissector_key_keyid enc_key_id;
43 union {
44 struct flow_dissector_key_ipv4_addrs enc_ipv4;
45 struct flow_dissector_key_ipv6_addrs enc_ipv6;
46 };
77b9900e
JP		 47} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
48
49struct fl_flow_mask_range {
50 unsigned short int start;
51 unsigned short int end;
52};
53
54struct fl_flow_mask {
55 struct fl_flow_key key;
56 struct fl_flow_mask_range range;
57 struct rcu_head rcu;
58};
59
60struct cls_fl_head {
61 struct rhashtable ht;
62 struct fl_flow_mask mask;
63 struct flow_dissector dissector;
64 u32 hgen;
65 bool mask_assigned;
66 struct list_head filters;
67 struct rhashtable_params ht_params;
d9363774
DB		 68 union {
69 struct work_struct work;
70 struct rcu_head rcu;
71 };
77b9900e
JP		 72};
73
74struct cls_fl_filter {
75 struct rhash_head ht_node;
76 struct fl_flow_key mkey;
77 struct tcf_exts exts;
78 struct tcf_result res;
79 struct fl_flow_key key;
80 struct list_head list;
81 u32 handle;
e69985c6 82 u32 flags;
77b9900e
JP		 83 struct rcu_head rcu;
84};
85
86static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
87{
88 return mask->range.end - mask->range.start;
89}
90
91static void fl_mask_update_range(struct fl_flow_mask *mask)
92{
93 const u8 *bytes = (const u8 *) &mask->key;
94 size_t size = sizeof(mask->key);
95 size_t i, first = 0, last = size - 1;
96
97 for (i = 0; i < sizeof(mask->key); i++) {
98 if (bytes[i]) {
99 if (!first && i)
100 first = i;
101 last = i;
102 }
103 }
104 mask->range.start = rounddown(first, sizeof(long));
105 mask->range.end = roundup(last + 1, sizeof(long));
106}
107
108static void *fl_key_get_start(struct fl_flow_key *key,
109 const struct fl_flow_mask *mask)
110{
111 return (u8 *) key + mask->range.start;
112}
113
114static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
115 struct fl_flow_mask *mask)
116{
117 const long *lkey = fl_key_get_start(key, mask);
118 const long *lmask = fl_key_get_start(&mask->key, mask);
119 long *lmkey = fl_key_get_start(mkey, mask);
120 int i;
121
122 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
123 *lmkey++ = *lkey++ & *lmask++;
124}
125
126static void fl_clear_masked_range(struct fl_flow_key *key,
127 struct fl_flow_mask *mask)
128{
129 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
130}
131
132static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
133 struct tcf_result *res)
134{
135 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
136 struct cls_fl_filter *f;
137 struct fl_flow_key skb_key;
138 struct fl_flow_key skb_mkey;
bc3103f1 139 struct ip_tunnel_info *info;
77b9900e 140
e69985c6
AV		 141 if (!atomic_read(&head->ht.nelems))
142 return -1;
143
77b9900e 144 fl_clear_masked_range(&skb_key, &head->mask);
bc3103f1
AV		 145
146 info = skb_tunnel_info(skb);
147 if (info) {
148 struct ip_tunnel_key *key = &info->key;
149
150 switch (ip_tunnel_info_af(info)) {
151 case AF_INET:
152 skb_key.enc_ipv4.src = key->u.ipv4.src;
153 skb_key.enc_ipv4.dst = key->u.ipv4.dst;
154 break;
155 case AF_INET6:
156 skb_key.enc_ipv6.src = key->u.ipv6.src;
157 skb_key.enc_ipv6.dst = key->u.ipv6.dst;
158 break;
159 }
160
161 skb_key.enc_key_id.keyid = tunnel_id_to_key32(key->tun_id);
162 }
163
77b9900e
JP		 164 skb_key.indev_ifindex = skb->skb_iif;
165 /* skb_flow_dissect() does not set n_proto in case an unknown protocol,
166 * so do it rather here.
167 */
168 skb_key.basic.n_proto = skb->protocol;
cd79a238 169 skb_flow_dissect(skb, &head->dissector, &skb_key, 0);
77b9900e
JP		 170
171 fl_set_masked_key(&skb_mkey, &skb_key, &head->mask);
172
173 f = rhashtable_lookup_fast(&head->ht,
174 fl_key_get_start(&skb_mkey, &head->mask),
175 head->ht_params);
e8eb36cd 176 if (f && !tc_skip_sw(f->flags)) {
77b9900e
JP		 177 *res = f->res;
178 return tcf_exts_exec(skb, &f->exts, res);
179 }
180 return -1;
181}
182
183static int fl_init(struct tcf_proto *tp)
184{
185 struct cls_fl_head *head;
186
187 head = kzalloc(sizeof(*head), GFP_KERNEL);
188 if (!head)
189 return -ENOBUFS;
190
191 INIT_LIST_HEAD_RCU(&head->filters);
192 rcu_assign_pointer(tp->root, head);
193
194 return 0;
195}
196
197static void fl_destroy_filter(struct rcu_head *head)
198{
199 struct cls_fl_filter *f = container_of(head, struct cls_fl_filter, rcu);
200
201 tcf_exts_destroy(&f->exts);
202 kfree(f);
203}
204
8208d21b 205static void fl_hw_destroy_filter(struct tcf_proto *tp, unsigned long cookie)
5b33f488
AV		 206{
207 struct net_device *dev = tp->q->dev_queue->dev;
208 struct tc_cls_flower_offload offload = {0};
209 struct tc_to_netdev tc;
210
92c075db 211 if (!tc_should_offload(dev, tp, 0))
5b33f488
AV		 212 return;
213
214 offload.command = TC_CLSFLOWER_DESTROY;
215 offload.cookie = cookie;
216
217 tc.type = TC_SETUP_CLSFLOWER;
218 tc.cls_flower = &offload;
219
220 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc);
221}
222
e8eb36cd
AV		 223static int fl_hw_replace_filter(struct tcf_proto *tp,
224 struct flow_dissector *dissector,
225 struct fl_flow_key *mask,
226 struct fl_flow_key *key,
227 struct tcf_exts *actions,
228 unsigned long cookie, u32 flags)
5b33f488
AV		 229{
230 struct net_device *dev = tp->q->dev_queue->dev;
231 struct tc_cls_flower_offload offload = {0};
232 struct tc_to_netdev tc;
e8eb36cd 233 int err;
5b33f488 234
92c075db 235 if (!tc_should_offload(dev, tp, flags))
e8eb36cd 236 return tc_skip_sw(flags) ? -EINVAL : 0;
5b33f488
AV		 237
238 offload.command = TC_CLSFLOWER_REPLACE;
239 offload.cookie = cookie;
240 offload.dissector = dissector;
241 offload.mask = mask;
242 offload.key = key;
243 offload.exts = actions;
244
245 tc.type = TC_SETUP_CLSFLOWER;
246 tc.cls_flower = &offload;
247
5a7a5555
JHS		 248 err = dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol,
249 &tc);
e8eb36cd
AV		 250
251 if (tc_skip_sw(flags))
252 return err;
253
254 return 0;
5b33f488
AV		 255}
256
10cbc684
AV		 257static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
258{
259 struct net_device *dev = tp->q->dev_queue->dev;
260 struct tc_cls_flower_offload offload = {0};
261 struct tc_to_netdev tc;
262
92c075db 263 if (!tc_should_offload(dev, tp, 0))
10cbc684
AV		 264 return;
265
266 offload.command = TC_CLSFLOWER_STATS;
267 offload.cookie = (unsigned long)f;
268 offload.exts = &f->exts;
269
270 tc.type = TC_SETUP_CLSFLOWER;
271 tc.cls_flower = &offload;
272
273 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, &tc);
274}
275
d9363774
DB		 276static void fl_destroy_sleepable(struct work_struct *work)
277{
278 struct cls_fl_head *head = container_of(work, struct cls_fl_head,
279 work);
280 if (head->mask_assigned)
281 rhashtable_destroy(&head->ht);
282 kfree(head);
283 module_put(THIS_MODULE);
284}
285
286static void fl_destroy_rcu(struct rcu_head *rcu)
287{
288 struct cls_fl_head *head = container_of(rcu, struct cls_fl_head, rcu);
289
290 INIT_WORK(&head->work, fl_destroy_sleepable);
291 schedule_work(&head->work);
292}
293
77b9900e
JP		 294static bool fl_destroy(struct tcf_proto *tp, bool force)
295{
296 struct cls_fl_head *head = rtnl_dereference(tp->root);
297 struct cls_fl_filter *f, *next;
298
299 if (!force && !list_empty(&head->filters))
300 return false;
301
302 list_for_each_entry_safe(f, next, &head->filters, list) {
8208d21b 303 fl_hw_destroy_filter(tp, (unsigned long)f);
77b9900e
JP		 304 list_del_rcu(&f->list);
305 call_rcu(&f->rcu, fl_destroy_filter);
306 }
d9363774
DB		 307
308 __module_get(THIS_MODULE);
309 call_rcu(&head->rcu, fl_destroy_rcu);
77b9900e
JP		 310 return true;
311}
312
313static unsigned long fl_get(struct tcf_proto *tp, u32 handle)
314{
315 struct cls_fl_head *head = rtnl_dereference(tp->root);
316 struct cls_fl_filter *f;
317
318 list_for_each_entry(f, &head->filters, list)
319 if (f->handle == handle)
320 return (unsigned long) f;
321 return 0;
322}
323
324static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
325 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
326 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
327 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
328 .len = IFNAMSIZ },
329 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
330 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
331 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
332 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
333 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
334 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
335 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
336 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
337 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
338 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
339 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
340 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
341 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
342 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
343 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
344 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
b175c3a4
JHS		 345 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
346 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
9399ae9a
HHZ		 347 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
348 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
349 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
bc3103f1
AV		 350 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
351 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
352 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
353 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
354 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
355 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
356 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
357 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
358 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
aa72d708
OG		 359 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
360 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
361 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
362 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
77b9900e
JP		 363};
364
365static void fl_set_key_val(struct nlattr **tb,
366 void *val, int val_type,
367 void *mask, int mask_type, int len)
368{
369 if (!tb[val_type])
370 return;
371 memcpy(val, nla_data(tb[val_type]), len);
372 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
373 memset(mask, 0xff, len);
374 else
375 memcpy(mask, nla_data(tb[mask_type]), len);
376}
377
9399ae9a
HHZ		 378static void fl_set_key_vlan(struct nlattr **tb,
379 struct flow_dissector_key_vlan *key_val,
380 struct flow_dissector_key_vlan *key_mask)
381{
382#define VLAN_PRIORITY_MASK 0x7
383
384 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
385 key_val->vlan_id =
386 nla_get_u16(tb[TCA_FLOWER_KEY_VLAN_ID]) & VLAN_VID_MASK;
387 key_mask->vlan_id = VLAN_VID_MASK;
388 }
389 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
390 key_val->vlan_priority =
391 nla_get_u8(tb[TCA_FLOWER_KEY_VLAN_PRIO]) &
392 VLAN_PRIORITY_MASK;
393 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
394 }
395}
396
77b9900e
JP		 397static int fl_set_key(struct net *net, struct nlattr **tb,
398 struct fl_flow_key *key, struct fl_flow_key *mask)
399{
9399ae9a 400 __be16 ethertype;
dd3aa3b5 401#ifdef CONFIG_NET_CLS_IND
77b9900e 402 if (tb[TCA_FLOWER_INDEV]) {
dd3aa3b5 403 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV]);
77b9900e
JP		 404 if (err < 0)
405 return err;
406 key->indev_ifindex = err;
407 mask->indev_ifindex = 0xffffffff;
408 }
dd3aa3b5 409#endif
77b9900e
JP		 410
411 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
412 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
413 sizeof(key->eth.dst));
414 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
415 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
416 sizeof(key->eth.src));
66530bdf 417
0b498a52 418 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
9399ae9a
HHZ		 419 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
420
0b498a52
AB		 421 if (ethertype == htons(ETH_P_8021Q)) {
422 fl_set_key_vlan(tb, &key->vlan, &mask->vlan);
423 fl_set_key_val(tb, &key->basic.n_proto,
424 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
425 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
426 sizeof(key->basic.n_proto));
427 } else {
428 key->basic.n_proto = ethertype;
429 mask->basic.n_proto = cpu_to_be16(~0);
430 }
9399ae9a 431 }
66530bdf 432
77b9900e
JP		 433 if (key->basic.n_proto == htons(ETH_P_IP) ||
434 key->basic.n_proto == htons(ETH_P_IPV6)) {
435 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
436 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
437 sizeof(key->basic.ip_proto));
438 }
66530bdf
JHS		 439
440 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
441 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
77b9900e
JP		 442 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
443 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
444 sizeof(key->ipv4.src));
445 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
446 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
447 sizeof(key->ipv4.dst));
66530bdf
JHS		 448 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
449 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
77b9900e
JP		 450 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
451 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
452 sizeof(key->ipv6.src));
453 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
454 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
455 sizeof(key->ipv6.dst));
456 }
66530bdf 457
77b9900e
JP		 458 if (key->basic.ip_proto == IPPROTO_TCP) {
459 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
aa72d708 460 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
77b9900e
JP		 461 sizeof(key->tp.src));
462 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
aa72d708 463 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
77b9900e
JP		 464 sizeof(key->tp.dst));
465 } else if (key->basic.ip_proto == IPPROTO_UDP) {
466 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
aa72d708 467 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
77b9900e
JP		 468 sizeof(key->tp.src));
469 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
aa72d708 470 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
77b9900e
JP		 471 sizeof(key->tp.dst));
472 }
473
bc3103f1
AV		 474 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
475 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
476 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
477 fl_set_key_val(tb, &key->enc_ipv4.src,
478 TCA_FLOWER_KEY_ENC_IPV4_SRC,
479 &mask->enc_ipv4.src,
480 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
481 sizeof(key->enc_ipv4.src));
482 fl_set_key_val(tb, &key->enc_ipv4.dst,
483 TCA_FLOWER_KEY_ENC_IPV4_DST,
484 &mask->enc_ipv4.dst,
485 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
486 sizeof(key->enc_ipv4.dst));
487 }
488
489 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
490 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
491 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
492 fl_set_key_val(tb, &key->enc_ipv6.src,
493 TCA_FLOWER_KEY_ENC_IPV6_SRC,
494 &mask->enc_ipv6.src,
495 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
496 sizeof(key->enc_ipv6.src));
497 fl_set_key_val(tb, &key->enc_ipv6.dst,
498 TCA_FLOWER_KEY_ENC_IPV6_DST,
499 &mask->enc_ipv6.dst,
500 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
501 sizeof(key->enc_ipv6.dst));
502 }
503
504 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
eb523f42 505 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
bc3103f1
AV		 506 sizeof(key->enc_key_id.keyid));
507
77b9900e
JP		 508 return 0;
509}
510
511static bool fl_mask_eq(struct fl_flow_mask *mask1,
512 struct fl_flow_mask *mask2)
513{
514 const long *lmask1 = fl_key_get_start(&mask1->key, mask1);
515 const long *lmask2 = fl_key_get_start(&mask2->key, mask2);
516
517 return !memcmp(&mask1->range, &mask2->range, sizeof(mask1->range)) &&
518 !memcmp(lmask1, lmask2, fl_mask_range(mask1));
519}
520
521static const struct rhashtable_params fl_ht_params = {
522 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
523 .head_offset = offsetof(struct cls_fl_filter, ht_node),
524 .automatic_shrinking = true,
525};
526
527static int fl_init_hashtable(struct cls_fl_head *head,
528 struct fl_flow_mask *mask)
529{
530 head->ht_params = fl_ht_params;
531 head->ht_params.key_len = fl_mask_range(mask);
532 head->ht_params.key_offset += mask->range.start;
533
534 return rhashtable_init(&head->ht, &head->ht_params);
535}
536
537#define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
538#define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
77b9900e 539
339ba878
HHZ		 540#define FL_KEY_IS_MASKED(mask, member) \
541 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
542 0, FL_KEY_MEMBER_SIZE(member)) \
77b9900e
JP		 543
544#define FL_KEY_SET(keys, cnt, id, member) \
545 do { \
546 keys[cnt].key_id = id; \
547 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
548 cnt++; \
549 } while(0);
550
339ba878 551#define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
77b9900e 552 do { \
339ba878 553 if (FL_KEY_IS_MASKED(mask, member)) \
77b9900e
JP		 554 FL_KEY_SET(keys, cnt, id, member); \
555 } while(0);
556
557static void fl_init_dissector(struct cls_fl_head *head,
558 struct fl_flow_mask *mask)
559{
560 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
561 size_t cnt = 0;
562
42aecaa9 563 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
77b9900e 564 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
339ba878
HHZ		 565 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
566 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
567 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
568 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
569 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
570 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
571 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
572 FLOW_DISSECTOR_KEY_PORTS, tp);
9399ae9a
HHZ		 573 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
574 FLOW_DISSECTOR_KEY_VLAN, vlan);
77b9900e
JP		 575
576 skb_flow_dissector_init(&head->dissector, keys, cnt);
577}
578
579static int fl_check_assign_mask(struct cls_fl_head *head,
580 struct fl_flow_mask *mask)
581{
582 int err;
583
584 if (head->mask_assigned) {
585 if (!fl_mask_eq(&head->mask, mask))
586 return -EINVAL;
587 else
588 return 0;
589 }
590
591 /* Mask is not assigned yet. So assign it and init hashtable
592 * according to that.
593 */
594 err = fl_init_hashtable(head, mask);
595 if (err)
596 return err;
597 memcpy(&head->mask, mask, sizeof(head->mask));
598 head->mask_assigned = true;
599
600 fl_init_dissector(head, mask);
601
602 return 0;
603}
604
605static int fl_set_parms(struct net *net, struct tcf_proto *tp,
606 struct cls_fl_filter *f, struct fl_flow_mask *mask,
607 unsigned long base, struct nlattr **tb,
608 struct nlattr *est, bool ovr)
609{
610 struct tcf_exts e;
611 int err;
612
b9a24bb7 613 err = tcf_exts_init(&e, TCA_FLOWER_ACT, 0);
77b9900e
JP		 614 if (err < 0)
615 return err;
b9a24bb7
WC		 616 err = tcf_exts_validate(net, tp, tb, est, &e, ovr);
617 if (err < 0)
618 goto errout;
77b9900e
JP		 619
620 if (tb[TCA_FLOWER_CLASSID]) {
621 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
622 tcf_bind_filter(tp, &f->res, base);
623 }
624
625 err = fl_set_key(net, tb, &f->key, &mask->key);
626 if (err)
627 goto errout;
628
629 fl_mask_update_range(mask);
630 fl_set_masked_key(&f->mkey, &f->key, mask);
631
632 tcf_exts_change(tp, &f->exts, &e);
633
634 return 0;
635errout:
636 tcf_exts_destroy(&e);
637 return err;
638}
639
640static u32 fl_grab_new_handle(struct tcf_proto *tp,
641 struct cls_fl_head *head)
642{
643 unsigned int i = 0x80000000;
644 u32 handle;
645
646 do {
647 if (++head->hgen == 0x7FFFFFFF)
648 head->hgen = 1;
649 } while (--i > 0 && fl_get(tp, head->hgen));
650
651 if (unlikely(i == 0)) {
652 pr_err("Insufficient number of handles\n");
653 handle = 0;
654 } else {
655 handle = head->hgen;
656 }
657
658 return handle;
659}
660
661static int fl_change(struct net *net, struct sk_buff *in_skb,
662 struct tcf_proto *tp, unsigned long base,
663 u32 handle, struct nlattr **tca,
664 unsigned long *arg, bool ovr)
665{
666 struct cls_fl_head *head = rtnl_dereference(tp->root);
667 struct cls_fl_filter *fold = (struct cls_fl_filter *) *arg;
668 struct cls_fl_filter *fnew;
669 struct nlattr *tb[TCA_FLOWER_MAX + 1];
670 struct fl_flow_mask mask = {};
671 int err;
672
673 if (!tca[TCA_OPTIONS])
674 return -EINVAL;
675
676 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS], fl_policy);
677 if (err < 0)
678 return err;
679
680 if (fold && handle && fold->handle != handle)
681 return -EINVAL;
682
683 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
684 if (!fnew)
685 return -ENOBUFS;
686
b9a24bb7
WC		 687 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
688 if (err < 0)
689 goto errout;
77b9900e
JP		 690
691 if (!handle) {
692 handle = fl_grab_new_handle(tp, head);
693 if (!handle) {
694 err = -EINVAL;
695 goto errout;
696 }
697 }
698 fnew->handle = handle;
699
e69985c6
AV		 700 if (tb[TCA_FLOWER_FLAGS]) {
701 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
702
703 if (!tc_flags_valid(fnew->flags)) {
704 err = -EINVAL;
705 goto errout;
706 }
707 }
5b33f488 708
77b9900e
JP		 709 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr);
710 if (err)
711 goto errout;
712
713 err = fl_check_assign_mask(head, &mask);
714 if (err)
715 goto errout;
716
e8eb36cd 717 if (!tc_skip_sw(fnew->flags)) {
e69985c6
AV		 718 err = rhashtable_insert_fast(&head->ht, &fnew->ht_node,
719 head->ht_params);
720 if (err)
721 goto errout;
722 }
5b33f488 723
e8eb36cd
AV		 724 err = fl_hw_replace_filter(tp,
725 &head->dissector,
726 &mask.key,
727 &fnew->key,
728 &fnew->exts,
729 (unsigned long)fnew,
730 fnew->flags);
731 if (err)
732 goto errout;
5b33f488
AV		 733
734 if (fold) {
77b9900e
JP		 735 rhashtable_remove_fast(&head->ht, &fold->ht_node,
736 head->ht_params);
8208d21b 737 fl_hw_destroy_filter(tp, (unsigned long)fold);
5b33f488 738 }
77b9900e
JP		 739
740 *arg = (unsigned long) fnew;
741
742 if (fold) {
ff3532f2 743 list_replace_rcu(&fold->list, &fnew->list);
77b9900e
JP		 744 tcf_unbind_filter(tp, &fold->res);
745 call_rcu(&fold->rcu, fl_destroy_filter);
746 } else {
747 list_add_tail_rcu(&fnew->list, &head->filters);
748 }
749
750 return 0;
751
752errout:
b9a24bb7 753 tcf_exts_destroy(&fnew->exts);
77b9900e
JP		 754 kfree(fnew);
755 return err;
756}
757
758static int fl_delete(struct tcf_proto *tp, unsigned long arg)
759{
760 struct cls_fl_head *head = rtnl_dereference(tp->root);
761 struct cls_fl_filter *f = (struct cls_fl_filter *) arg;
762
763 rhashtable_remove_fast(&head->ht, &f->ht_node,
764 head->ht_params);
765 list_del_rcu(&f->list);
8208d21b 766 fl_hw_destroy_filter(tp, (unsigned long)f);
77b9900e
JP		 767 tcf_unbind_filter(tp, &f->res);
768 call_rcu(&f->rcu, fl_destroy_filter);
769 return 0;
770}
771
772static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
773{
774 struct cls_fl_head *head = rtnl_dereference(tp->root);
775 struct cls_fl_filter *f;
776
777 list_for_each_entry_rcu(f, &head->filters, list) {
778 if (arg->count < arg->skip)
779 goto skip;
780 if (arg->fn(tp, (unsigned long) f, arg) < 0) {
781 arg->stop = 1;
782 break;
783 }
784skip:
785 arg->count++;
786 }
787}
788
789static int fl_dump_key_val(struct sk_buff *skb,
790 void *val, int val_type,
791 void *mask, int mask_type, int len)
792{
793 int err;
794
795 if (!memchr_inv(mask, 0, len))
796 return 0;
797 err = nla_put(skb, val_type, len, val);
798 if (err)
799 return err;
800 if (mask_type != TCA_FLOWER_UNSPEC) {
801 err = nla_put(skb, mask_type, len, mask);
802 if (err)
803 return err;
804 }
805 return 0;
806}
807
9399ae9a
HHZ		 808static int fl_dump_key_vlan(struct sk_buff *skb,
809 struct flow_dissector_key_vlan *vlan_key,
810 struct flow_dissector_key_vlan *vlan_mask)
811{
812 int err;
813
814 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
815 return 0;
816 if (vlan_mask->vlan_id) {
817 err = nla_put_u16(skb, TCA_FLOWER_KEY_VLAN_ID,
818 vlan_key->vlan_id);
819 if (err)
820 return err;
821 }
822 if (vlan_mask->vlan_priority) {
823 err = nla_put_u8(skb, TCA_FLOWER_KEY_VLAN_PRIO,
824 vlan_key->vlan_priority);
825 if (err)
826 return err;
827 }
828 return 0;
829}
830
77b9900e
JP		 831static int fl_dump(struct net *net, struct tcf_proto *tp, unsigned long fh,
832 struct sk_buff *skb, struct tcmsg *t)
833{
834 struct cls_fl_head *head = rtnl_dereference(tp->root);
835 struct cls_fl_filter *f = (struct cls_fl_filter *) fh;
836 struct nlattr *nest;
837 struct fl_flow_key *key, *mask;
838
839 if (!f)
840 return skb->len;
841
842 t->tcm_handle = f->handle;
843
844 nest = nla_nest_start(skb, TCA_OPTIONS);
845 if (!nest)
846 goto nla_put_failure;
847
848 if (f->res.classid &&
849 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
850 goto nla_put_failure;
851
852 key = &f->key;
853 mask = &head->mask.key;
854
855 if (mask->indev_ifindex) {
856 struct net_device *dev;
857
858 dev = __dev_get_by_index(net, key->indev_ifindex);
859 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
860 goto nla_put_failure;
861 }
862
10cbc684
AV		 863 fl_hw_update_stats(tp, f);
864
77b9900e
JP		 865 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
866 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
867 sizeof(key->eth.dst)) ||
868 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
869 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
870 sizeof(key->eth.src)) ||
871 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
872 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
873 sizeof(key->basic.n_proto)))
874 goto nla_put_failure;
9399ae9a
HHZ		 875
876 if (fl_dump_key_vlan(skb, &key->vlan, &mask->vlan))
877 goto nla_put_failure;
878
77b9900e
JP		 879 if ((key->basic.n_proto == htons(ETH_P_IP) ||
880 key->basic.n_proto == htons(ETH_P_IPV6)) &&
881 fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
882 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
883 sizeof(key->basic.ip_proto)))
884 goto nla_put_failure;
885
c3f83241 886 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
77b9900e
JP		 887 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
888 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
889 sizeof(key->ipv4.src)) ||
890 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
891 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
892 sizeof(key->ipv4.dst))))
893 goto nla_put_failure;
c3f83241 894 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
77b9900e
JP		 895 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
896 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
897 sizeof(key->ipv6.src)) ||
898 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
899 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
900 sizeof(key->ipv6.dst))))
901 goto nla_put_failure;
902
903 if (key->basic.ip_proto == IPPROTO_TCP &&
904 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
aa72d708 905 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
77b9900e
JP		 906 sizeof(key->tp.src)) ||
907 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
aa72d708 908 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
77b9900e
JP		 909 sizeof(key->tp.dst))))
910 goto nla_put_failure;
911 else if (key->basic.ip_proto == IPPROTO_UDP &&
912 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
aa72d708 913 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
77b9900e
JP		 914 sizeof(key->tp.src)) ||
915 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
aa72d708 916 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
77b9900e
JP		 917 sizeof(key->tp.dst))))
918 goto nla_put_failure;
919
bc3103f1
AV		 920 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
921 (fl_dump_key_val(skb, &key->enc_ipv4.src,
922 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
923 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
924 sizeof(key->enc_ipv4.src)) ||
925 fl_dump_key_val(skb, &key->enc_ipv4.dst,
926 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
927 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
928 sizeof(key->enc_ipv4.dst))))
929 goto nla_put_failure;
930 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
931 (fl_dump_key_val(skb, &key->enc_ipv6.src,
932 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
933 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
934 sizeof(key->enc_ipv6.src)) ||
935 fl_dump_key_val(skb, &key->enc_ipv6.dst,
936 TCA_FLOWER_KEY_ENC_IPV6_DST,
937 &mask->enc_ipv6.dst,
938 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
939 sizeof(key->enc_ipv6.dst))))
940 goto nla_put_failure;
941
942 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
eb523f42 943 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
bc3103f1
AV		 944 sizeof(key->enc_key_id)))
945 goto nla_put_failure;
946
e69985c6
AV		 947 nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags);
948
77b9900e
JP		 949 if (tcf_exts_dump(skb, &f->exts))
950 goto nla_put_failure;
951
952 nla_nest_end(skb, nest);
953
954 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
955 goto nla_put_failure;
956
957 return skb->len;
958
959nla_put_failure:
960 nla_nest_cancel(skb, nest);
961 return -1;
962}
963
964static struct tcf_proto_ops cls_fl_ops __read_mostly = {
965 .kind = "flower",
966 .classify = fl_classify,
967 .init = fl_init,
968 .destroy = fl_destroy,
969 .get = fl_get,
970 .change = fl_change,
971 .delete = fl_delete,
972 .walk = fl_walk,
973 .dump = fl_dump,
974 .owner = THIS_MODULE,
975};
976
977static int __init cls_fl_init(void)
978{
979 return register_tcf_proto_ops(&cls_fl_ops);
980}
981
982static void __exit cls_fl_exit(void)
983{
984 unregister_tcf_proto_ops(&cls_fl_ops);
985}
986
987module_init(cls_fl_init);
988module_exit(cls_fl_exit);
989
990MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
991MODULE_DESCRIPTION("Flower classifier");
992MODULE_LICENSE("GPL v2");
Ubuntu Hirsute Linux kernel mirror