]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - net/sched/cls_flower.c
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: sched: flower: track filter deletion with flag
[mirror_ubuntu-hirsute-kernel.git] / net / sched / cls_flower.c
CommitLineData
77b9900e
JP		 1/*
2 * net/sched/cls_flower.c Flower classifier
3 *
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12#include <linux/kernel.h>
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/rhashtable.h>
d9363774 16#include <linux/workqueue.h>
06177558 17#include <linux/refcount.h>
77b9900e
JP		 18
19#include <linux/if_ether.h>
20#include <linux/in6.h>
21#include <linux/ip.h>
a577d8f7 22#include <linux/mpls.h>
77b9900e
JP		 23
24#include <net/sch_generic.h>
25#include <net/pkt_cls.h>
26#include <net/ip.h>
27#include <net/flow_dissector.h>
0a6e7778 28#include <net/geneve.h>
77b9900e 29
bc3103f1
AV		 30#include <net/dst.h>
31#include <net/dst_metadata.h>
32
77b9900e
JP		 33struct fl_flow_key {
34 int indev_ifindex;
42aecaa9 35 struct flow_dissector_key_control control;
bc3103f1 36 struct flow_dissector_key_control enc_control;
77b9900e
JP		 37 struct flow_dissector_key_basic basic;
38 struct flow_dissector_key_eth_addrs eth;
9399ae9a 39 struct flow_dissector_key_vlan vlan;
d64efd09 40 struct flow_dissector_key_vlan cvlan;
77b9900e 41 union {
c3f83241 42 struct flow_dissector_key_ipv4_addrs ipv4;
77b9900e
JP		 43 struct flow_dissector_key_ipv6_addrs ipv6;
44 };
45 struct flow_dissector_key_ports tp;
7b684884 46 struct flow_dissector_key_icmp icmp;
99d31326 47 struct flow_dissector_key_arp arp;
bc3103f1
AV		 48 struct flow_dissector_key_keyid enc_key_id;
49 union {
50 struct flow_dissector_key_ipv4_addrs enc_ipv4;
51 struct flow_dissector_key_ipv6_addrs enc_ipv6;
52 };
f4d997fd 53 struct flow_dissector_key_ports enc_tp;
a577d8f7 54 struct flow_dissector_key_mpls mpls;
fdfc7dd6 55 struct flow_dissector_key_tcp tcp;
4d80cc0a 56 struct flow_dissector_key_ip ip;
0e2c17b6 57 struct flow_dissector_key_ip enc_ip;
0a6e7778 58 struct flow_dissector_key_enc_opts enc_opts;
5c72299f
AN		 59 struct flow_dissector_key_ports tp_min;
60 struct flow_dissector_key_ports tp_max;
77b9900e
JP		 61} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
62
63struct fl_flow_mask_range {
64 unsigned short int start;
65 unsigned short int end;
66};
67
68struct fl_flow_mask {
69 struct fl_flow_key key;
70 struct fl_flow_mask_range range;
5c72299f 71 u32 flags;
05cd271f
PB		 72 struct rhash_head ht_node;
73 struct rhashtable ht;
74 struct rhashtable_params filter_ht_params;
75 struct flow_dissector dissector;
76 struct list_head filters;
44a5cd43 77 struct rcu_work rwork;
05cd271f 78 struct list_head list;
77b9900e
JP		 79};
80
b95ec7eb
JP		 81struct fl_flow_tmplt {
82 struct fl_flow_key dummy_key;
83 struct fl_flow_key mask;
84 struct flow_dissector dissector;
85 struct tcf_chain *chain;
86};
87
77b9900e
JP		 88struct cls_fl_head {
89 struct rhashtable ht;
05cd271f 90 struct list_head masks;
aaa908ff 91 struct rcu_work rwork;
c15ab236 92 struct idr handle_idr;
77b9900e
JP		 93};
94
95struct cls_fl_filter {
05cd271f 96 struct fl_flow_mask *mask;
77b9900e
JP		 97 struct rhash_head ht_node;
98 struct fl_flow_key mkey;
99 struct tcf_exts exts;
100 struct tcf_result res;
101 struct fl_flow_key key;
102 struct list_head list;
103 u32 handle;
e69985c6 104 u32 flags;
86c55361 105 u32 in_hw_count;
aaa908ff 106 struct rcu_work rwork;
7091d8c7 107 struct net_device *hw_dev;
06177558
VB		 108 /* Flower classifier is unlocked, which means that its reference counter
109 * can be changed concurrently without any kind of external
110 * synchronization. Use atomic reference counter to be concurrency-safe.
111 */
112 refcount_t refcnt;
b2552b8c 113 bool deleted;
77b9900e
JP		 114};
115
05cd271f
PB		 116static const struct rhashtable_params mask_ht_params = {
117 .key_offset = offsetof(struct fl_flow_mask, key),
118 .key_len = sizeof(struct fl_flow_key),
119 .head_offset = offsetof(struct fl_flow_mask, ht_node),
120 .automatic_shrinking = true,
121};
122
77b9900e
JP		 123static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
124{
125 return mask->range.end - mask->range.start;
126}
127
128static void fl_mask_update_range(struct fl_flow_mask *mask)
129{
130 const u8 *bytes = (const u8 *) &mask->key;
131 size_t size = sizeof(mask->key);
05cd271f 132 size_t i, first = 0, last;
77b9900e 133
05cd271f
PB		 134 for (i = 0; i < size; i++) {
135 if (bytes[i]) {
136 first = i;
137 break;
138 }
139 }
140 last = first;
141 for (i = size - 1; i != first; i--) {
77b9900e 142 if (bytes[i]) {
77b9900e 143 last = i;
05cd271f 144 break;
77b9900e
JP		 145 }
146 }
147 mask->range.start = rounddown(first, sizeof(long));
148 mask->range.end = roundup(last + 1, sizeof(long));
149}
150
151static void *fl_key_get_start(struct fl_flow_key *key,
152 const struct fl_flow_mask *mask)
153{
154 return (u8 *) key + mask->range.start;
155}
156
157static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
158 struct fl_flow_mask *mask)
159{
160 const long *lkey = fl_key_get_start(key, mask);
161 const long *lmask = fl_key_get_start(&mask->key, mask);
162 long *lmkey = fl_key_get_start(mkey, mask);
163 int i;
164
165 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
166 *lmkey++ = *lkey++ & *lmask++;
167}
168
b95ec7eb
JP		 169static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
170 struct fl_flow_mask *mask)
171{
172 const long *lmask = fl_key_get_start(&mask->key, mask);
173 const long *ltmplt;
174 int i;
175
176 if (!tmplt)
177 return true;
178 ltmplt = fl_key_get_start(&tmplt->mask, mask);
179 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
180 if (~*ltmplt++ & *lmask++)
181 return false;
182 }
183 return true;
184}
185
77b9900e
JP		 186static void fl_clear_masked_range(struct fl_flow_key *key,
187 struct fl_flow_mask *mask)
188{
189 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
190}
191
5c72299f
AN		 192static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
193 struct fl_flow_key *key,
194 struct fl_flow_key *mkey)
195{
196 __be16 min_mask, max_mask, min_val, max_val;
197
198 min_mask = htons(filter->mask->key.tp_min.dst);
199 max_mask = htons(filter->mask->key.tp_max.dst);
200 min_val = htons(filter->key.tp_min.dst);
201 max_val = htons(filter->key.tp_max.dst);
202
203 if (min_mask && max_mask) {
204 if (htons(key->tp.dst) < min_val ||
205 htons(key->tp.dst) > max_val)
206 return false;
207
208 /* skb does not have min and max values */
209 mkey->tp_min.dst = filter->mkey.tp_min.dst;
210 mkey->tp_max.dst = filter->mkey.tp_max.dst;
211 }
212 return true;
213}
214
215static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
216 struct fl_flow_key *key,
217 struct fl_flow_key *mkey)
218{
219 __be16 min_mask, max_mask, min_val, max_val;
220
221 min_mask = htons(filter->mask->key.tp_min.src);
222 max_mask = htons(filter->mask->key.tp_max.src);
223 min_val = htons(filter->key.tp_min.src);
224 max_val = htons(filter->key.tp_max.src);
225
226 if (min_mask && max_mask) {
227 if (htons(key->tp.src) < min_val ||
228 htons(key->tp.src) > max_val)
229 return false;
230
231 /* skb does not have min and max values */
232 mkey->tp_min.src = filter->mkey.tp_min.src;
233 mkey->tp_max.src = filter->mkey.tp_max.src;
234 }
235 return true;
236}
237
238static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
239 struct fl_flow_key *mkey)
a3308d8f 240{
05cd271f
PB		 241 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
242 mask->filter_ht_params);
a3308d8f
PB		 243}
244
5c72299f
AN		 245static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
246 struct fl_flow_key *mkey,
247 struct fl_flow_key *key)
248{
249 struct cls_fl_filter *filter, *f;
250
251 list_for_each_entry_rcu(filter, &mask->filters, list) {
252 if (!fl_range_port_dst_cmp(filter, key, mkey))
253 continue;
254
255 if (!fl_range_port_src_cmp(filter, key, mkey))
256 continue;
257
258 f = __fl_lookup(mask, mkey);
259 if (f)
260 return f;
261 }
262 return NULL;
263}
264
265static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
266 struct fl_flow_key *mkey,
267 struct fl_flow_key *key)
268{
269 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
270 return fl_lookup_range(mask, mkey, key);
271
272 return __fl_lookup(mask, mkey);
273}
274
77b9900e
JP		 275static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
276 struct tcf_result *res)
277{
278 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
279 struct cls_fl_filter *f;
05cd271f 280 struct fl_flow_mask *mask;
77b9900e
JP		 281 struct fl_flow_key skb_key;
282 struct fl_flow_key skb_mkey;
283
05cd271f
PB		 284 list_for_each_entry_rcu(mask, &head->masks, list) {
285 fl_clear_masked_range(&skb_key, mask);
bc3103f1 286
05cd271f
PB		 287 skb_key.indev_ifindex = skb->skb_iif;
288 /* skb_flow_dissect() does not set n_proto in case an unknown
289 * protocol, so do it rather here.
290 */
291 skb_key.basic.n_proto = skb->protocol;
292 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
293 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
77b9900e 294
05cd271f 295 fl_set_masked_key(&skb_mkey, &skb_key, mask);
77b9900e 296
5c72299f 297 f = fl_lookup(mask, &skb_mkey, &skb_key);
05cd271f
PB		 298 if (f && !tc_skip_sw(f->flags)) {
299 *res = f->res;
300 return tcf_exts_exec(skb, &f->exts, res);
301 }
77b9900e
JP		 302 }
303 return -1;
304}
305
306static int fl_init(struct tcf_proto *tp)
307{
308 struct cls_fl_head *head;
309
310 head = kzalloc(sizeof(*head), GFP_KERNEL);
311 if (!head)
312 return -ENOBUFS;
313
05cd271f 314 INIT_LIST_HEAD_RCU(&head->masks);
77b9900e 315 rcu_assign_pointer(tp->root, head);
c15ab236 316 idr_init(&head->handle_idr);
77b9900e 317
05cd271f
PB		 318 return rhashtable_init(&head->ht, &mask_ht_params);
319}
320
44a5cd43
PA		 321static void fl_mask_free(struct fl_flow_mask *mask)
322{
323 rhashtable_destroy(&mask->ht);
324 kfree(mask);
325}
326
327static void fl_mask_free_work(struct work_struct *work)
328{
329 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
330 struct fl_flow_mask, rwork);
331
332 fl_mask_free(mask);
333}
334
05cd271f
PB		 335static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask,
336 bool async)
337{
338 if (!list_empty(&mask->filters))
339 return false;
340
341 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
05cd271f
PB		 342 list_del_rcu(&mask->list);
343 if (async)
44a5cd43 344 tcf_queue_work(&mask->rwork, fl_mask_free_work);
05cd271f 345 else
44a5cd43 346 fl_mask_free(mask);
05cd271f
PB		 347
348 return true;
77b9900e
JP		 349}
350
0dadc117
CW		 351static void __fl_destroy_filter(struct cls_fl_filter *f)
352{
353 tcf_exts_destroy(&f->exts);
354 tcf_exts_put_net(&f->exts);
355 kfree(f);
356}
357
0552c8af 358static void fl_destroy_filter_work(struct work_struct *work)
77b9900e 359{
aaa908ff
CW		 360 struct cls_fl_filter *f = container_of(to_rcu_work(work),
361 struct cls_fl_filter, rwork);
77b9900e 362
0552c8af 363 rtnl_lock();
0dadc117 364 __fl_destroy_filter(f);
0552c8af
CW		 365 rtnl_unlock();
366}
367
1b0f8037
JK		 368static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
369 struct netlink_ext_ack *extack)
5b33f488 370{
de4784ca 371 struct tc_cls_flower_offload cls_flower = {};
208c0f4b 372 struct tcf_block *block = tp->chain->block;
5b33f488 373
1b0f8037 374 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
de4784ca
JP		 375 cls_flower.command = TC_CLSFLOWER_DESTROY;
376 cls_flower.cookie = (unsigned long) f;
5b33f488 377
aeb3fecd 378 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
caa72601 379 tcf_block_offload_dec(block, &f->flags);
5b33f488
AV		 380}
381
e8eb36cd 382static int fl_hw_replace_filter(struct tcf_proto *tp,
41002038
QM		 383 struct cls_fl_filter *f,
384 struct netlink_ext_ack *extack)
5b33f488 385{
de4784ca 386 struct tc_cls_flower_offload cls_flower = {};
208c0f4b 387 struct tcf_block *block = tp->chain->block;
717503b9 388 bool skip_sw = tc_skip_sw(f->flags);
e8eb36cd 389 int err;
5b33f488 390
e3ab786b 391 cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts));
8f256622
PNA		 392 if (!cls_flower.rule)
393 return -ENOMEM;
394
ea205940 395 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
de4784ca
JP		 396 cls_flower.command = TC_CLSFLOWER_REPLACE;
397 cls_flower.cookie = (unsigned long) f;
8f256622
PNA		 398 cls_flower.rule->match.dissector = &f->mask->dissector;
399 cls_flower.rule->match.mask = &f->mask->key;
400 cls_flower.rule->match.key = &f->mkey;
384c181e 401 cls_flower.classid = f->res.classid;
5b33f488 402
3a7b6861
PNA		 403 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts);
404 if (err) {
405 kfree(cls_flower.rule);
1f15bb4f
VB		 406 if (skip_sw) {
407 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
408 return err;
409 }
410 return 0;
3a7b6861
PNA		 411 }
412
aeb3fecd 413 err = tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, skip_sw);
8f256622
PNA		 414 kfree(cls_flower.rule);
415
717503b9 416 if (err < 0) {
1b0f8037 417 fl_hw_destroy_filter(tp, f, NULL);
e8eb36cd 418 return err;
717503b9 419 } else if (err > 0) {
31533cba 420 f->in_hw_count = err;
caa72601 421 tcf_block_offload_inc(block, &f->flags);
717503b9
JP		 422 }
423
424 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
425 return -EINVAL;
426
e8eb36cd 427 return 0;
5b33f488
AV		 428}
429
10cbc684
AV		 430static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
431{
de4784ca 432 struct tc_cls_flower_offload cls_flower = {};
208c0f4b 433 struct tcf_block *block = tp->chain->block;
10cbc684 434
ea205940 435 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
de4784ca
JP		 436 cls_flower.command = TC_CLSFLOWER_STATS;
437 cls_flower.cookie = (unsigned long) f;
384c181e 438 cls_flower.classid = f->res.classid;
10cbc684 439
aeb3fecd 440 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
3b1903ef
PNA		 441
442 tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes,
443 cls_flower.stats.pkts,
444 cls_flower.stats.lastused);
10cbc684
AV		 445}
446
e474619a
VB		 447static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp)
448{
449 /* Flower classifier only changes root pointer during init and destroy.
450 * Users must obtain reference to tcf_proto instance before calling its
451 * API, so tp->root pointer is protected from concurrent call to
452 * fl_destroy() by reference counting.
453 */
454 return rcu_dereference_raw(tp->root);
455}
456
06177558
VB		 457static void __fl_put(struct cls_fl_filter *f)
458{
459 if (!refcount_dec_and_test(&f->refcnt))
460 return;
461
b2552b8c
VB		 462 WARN_ON(!f->deleted);
463
06177558
VB		 464 if (tcf_exts_get_net(&f->exts))
465 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
466 else
467 __fl_destroy_filter(f);
468}
469
470static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle)
471{
472 struct cls_fl_filter *f;
473
474 rcu_read_lock();
475 f = idr_find(&head->handle_idr, handle);
476 if (f && !refcount_inc_not_zero(&f->refcnt))
477 f = NULL;
478 rcu_read_unlock();
479
480 return f;
481}
482
483static struct cls_fl_filter *fl_get_next_filter(struct tcf_proto *tp,
484 unsigned long *handle)
485{
486 struct cls_fl_head *head = fl_head_dereference(tp);
487 struct cls_fl_filter *f;
488
489 rcu_read_lock();
490 while ((f = idr_get_next_ul(&head->handle_idr, handle))) {
491 /* don't return filters that are being deleted */
492 if (refcount_inc_not_zero(&f->refcnt))
493 break;
494 ++(*handle);
495 }
496 rcu_read_unlock();
497
498 return f;
499}
500
b2552b8c
VB		 501static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
502 bool *last, struct netlink_ext_ack *extack)
13fa876e 503{
e474619a 504 struct cls_fl_head *head = fl_head_dereference(tp);
05cd271f 505 bool async = tcf_exts_get_net(&f->exts);
c15ab236 506
b2552b8c
VB		 507 *last = false;
508
509 if (f->deleted)
510 return -ENOENT;
511
512 f->deleted = true;
513 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
514 f->mask->filter_ht_params);
9c160941 515 idr_remove(&head->handle_idr, f->handle);
13fa876e 516 list_del_rcu(&f->list);
b2552b8c 517 *last = fl_mask_put(head, f->mask, async);
79685219 518 if (!tc_skip_hw(f->flags))
1b0f8037 519 fl_hw_destroy_filter(tp, f, extack);
13fa876e 520 tcf_unbind_filter(tp, &f->res);
06177558 521 __fl_put(f);
05cd271f 522
b2552b8c 523 return 0;
13fa876e
RD		 524}
525
d9363774
DB		 526static void fl_destroy_sleepable(struct work_struct *work)
527{
aaa908ff
CW		 528 struct cls_fl_head *head = container_of(to_rcu_work(work),
529 struct cls_fl_head,
530 rwork);
de9dc650
PB		 531
532 rhashtable_destroy(&head->ht);
d9363774
DB		 533 kfree(head);
534 module_put(THIS_MODULE);
535}
536
12db03b6
VB		 537static void fl_destroy(struct tcf_proto *tp, bool rtnl_held,
538 struct netlink_ext_ack *extack)
77b9900e 539{
e474619a 540 struct cls_fl_head *head = fl_head_dereference(tp);
05cd271f 541 struct fl_flow_mask *mask, *next_mask;
77b9900e 542 struct cls_fl_filter *f, *next;
b2552b8c 543 bool last;
77b9900e 544
05cd271f
PB		 545 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
546 list_for_each_entry_safe(f, next, &mask->filters, list) {
b2552b8c
VB		 547 __fl_delete(tp, f, &last, extack);
548 if (last)
05cd271f
PB		 549 break;
550 }
551 }
c15ab236 552 idr_destroy(&head->handle_idr);
d9363774
DB		 553
554 __module_get(THIS_MODULE);
aaa908ff 555 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
77b9900e
JP		 556}
557
06177558
VB		 558static void fl_put(struct tcf_proto *tp, void *arg)
559{
560 struct cls_fl_filter *f = arg;
561
562 __fl_put(f);
563}
564
8113c095 565static void *fl_get(struct tcf_proto *tp, u32 handle)
77b9900e 566{
e474619a 567 struct cls_fl_head *head = fl_head_dereference(tp);
77b9900e 568
06177558 569 return __fl_get(head, handle);
77b9900e
JP		 570}
571
572static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
573 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
574 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
575 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
576 .len = IFNAMSIZ },
577 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
578 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
579 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
580 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
581 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
582 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
583 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
584 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
585 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
586 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
587 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
588 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
589 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
590 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
591 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
592 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
b175c3a4
JHS		 593 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
594 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
9399ae9a
HHZ		 595 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
596 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
597 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
bc3103f1
AV		 598 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
599 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
600 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
601 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
602 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
603 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
604 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
605 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
606 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
aa72d708
OG		 607 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
608 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
609 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
610 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
5976c5f4
SH		 611 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
612 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
613 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
614 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
f4d997fd
HHZ		 615 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
616 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
617 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
618 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
faa3ffce
OG		 619 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
620 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
7b684884
SH		 621 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
622 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
623 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
624 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
625 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
626 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
627 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
628 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
99d31326
SH		 629 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
630 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
631 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
632 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
633 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
634 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
635 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
636 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
637 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
638 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
a577d8f7
BL		 639 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
640 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
641 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
642 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
fdfc7dd6
JP		 643 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
644 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
4d80cc0a
OG		 645 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
646 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
647 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
648 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
d64efd09
JL		 649 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
650 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
651 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
0e2c17b6
OG		 652 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
653 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
654 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
655 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
0a6e7778
PJV		 656 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
657 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
658};
659
660static const struct nla_policy
661enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
662 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
663};
664
665static const struct nla_policy
666geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
667 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
668 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
669 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
670 .len = 128 },
77b9900e
JP		 671};
672
673static void fl_set_key_val(struct nlattr **tb,
674 void *val, int val_type,
675 void *mask, int mask_type, int len)
676{
677 if (!tb[val_type])
678 return;
679 memcpy(val, nla_data(tb[val_type]), len);
680 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
681 memset(mask, 0xff, len);
682 else
683 memcpy(mask, nla_data(tb[mask_type]), len);
684}
685
5c72299f
AN		 686static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
687 struct fl_flow_key *mask)
688{
689 fl_set_key_val(tb, &key->tp_min.dst,
690 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_min.dst,
691 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.dst));
692 fl_set_key_val(tb, &key->tp_max.dst,
693 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_max.dst,
694 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.dst));
695 fl_set_key_val(tb, &key->tp_min.src,
696 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_min.src,
697 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.src));
698 fl_set_key_val(tb, &key->tp_max.src,
699 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_max.src,
700 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.src));
701
702 if ((mask->tp_min.dst && mask->tp_max.dst &&
703 htons(key->tp_max.dst) <= htons(key->tp_min.dst)) ||
704 (mask->tp_min.src && mask->tp_max.src &&
705 htons(key->tp_max.src) <= htons(key->tp_min.src)))
706 return -EINVAL;
707
708 return 0;
709}
710
1a7fca63
BL		 711static int fl_set_key_mpls(struct nlattr **tb,
712 struct flow_dissector_key_mpls *key_val,
713 struct flow_dissector_key_mpls *key_mask)
a577d8f7
BL		 714{
715 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
716 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
717 key_mask->mpls_ttl = MPLS_TTL_MASK;
718 }
719 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
1a7fca63
BL		 720 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
721
722 if (bos & ~MPLS_BOS_MASK)
723 return -EINVAL;
724 key_val->mpls_bos = bos;
a577d8f7
BL		 725 key_mask->mpls_bos = MPLS_BOS_MASK;
726 }
727 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
1a7fca63
BL		 728 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
729
730 if (tc & ~MPLS_TC_MASK)
731 return -EINVAL;
732 key_val->mpls_tc = tc;
a577d8f7
BL		 733 key_mask->mpls_tc = MPLS_TC_MASK;
734 }
735 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
1a7fca63
BL		 736 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
737
738 if (label & ~MPLS_LABEL_MASK)
739 return -EINVAL;
740 key_val->mpls_label = label;
a577d8f7
BL		 741 key_mask->mpls_label = MPLS_LABEL_MASK;
742 }
1a7fca63 743 return 0;
a577d8f7
BL		 744}
745
9399ae9a 746static void fl_set_key_vlan(struct nlattr **tb,
aaab0834 747 __be16 ethertype,
d64efd09 748 int vlan_id_key, int vlan_prio_key,
9399ae9a
HHZ		 749 struct flow_dissector_key_vlan *key_val,
750 struct flow_dissector_key_vlan *key_mask)
751{
752#define VLAN_PRIORITY_MASK 0x7
753
d64efd09 754 if (tb[vlan_id_key]) {
9399ae9a 755 key_val->vlan_id =
d64efd09 756 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
9399ae9a
HHZ		 757 key_mask->vlan_id = VLAN_VID_MASK;
758 }
d64efd09 759 if (tb[vlan_prio_key]) {
9399ae9a 760 key_val->vlan_priority =
d64efd09 761 nla_get_u8(tb[vlan_prio_key]) &
9399ae9a
HHZ		 762 VLAN_PRIORITY_MASK;
763 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
764 }
aaab0834
JL		 765 key_val->vlan_tpid = ethertype;
766 key_mask->vlan_tpid = cpu_to_be16(~0);
9399ae9a
HHZ		 767}
768
faa3ffce
OG		 769static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
770 u32 *dissector_key, u32 *dissector_mask,
771 u32 flower_flag_bit, u32 dissector_flag_bit)
772{
773 if (flower_mask & flower_flag_bit) {
774 *dissector_mask |= dissector_flag_bit;
775 if (flower_key & flower_flag_bit)
776 *dissector_key |= dissector_flag_bit;
777 }
778}
779
d9724772
OG		 780static int fl_set_key_flags(struct nlattr **tb,
781 u32 *flags_key, u32 *flags_mask)
faa3ffce
OG		 782{
783 u32 key, mask;
784
d9724772
OG		 785 /* mask is mandatory for flags */
786 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
787 return -EINVAL;
faa3ffce
OG		 788
789 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
d9724772 790 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
faa3ffce
OG		 791
792 *flags_key = 0;
793 *flags_mask = 0;
794
795 fl_set_key_flag(key, mask, flags_key, flags_mask,
796 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
459d153d
PJV		 797 fl_set_key_flag(key, mask, flags_key, flags_mask,
798 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
799 FLOW_DIS_FIRST_FRAG);
d9724772
OG		 800
801 return 0;
faa3ffce
OG		 802}
803
0e2c17b6 804static void fl_set_key_ip(struct nlattr **tb, bool encap,
4d80cc0a
OG		 805 struct flow_dissector_key_ip *key,
806 struct flow_dissector_key_ip *mask)
807{
0e2c17b6
OG		 808 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
809 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
810 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
811 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
4d80cc0a 812
0e2c17b6
OG		 813 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
814 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
4d80cc0a
OG		 815}
816
0a6e7778
PJV		 817static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
818 int depth, int option_len,
819 struct netlink_ext_ack *extack)
820{
821 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
822 struct nlattr *class = NULL, *type = NULL, *data = NULL;
823 struct geneve_opt *opt;
824 int err, data_len = 0;
825
826 if (option_len > sizeof(struct geneve_opt))
827 data_len = option_len - sizeof(struct geneve_opt);
828
829 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
830 memset(opt, 0xff, option_len);
831 opt->length = data_len / 4;
832 opt->r1 = 0;
833 opt->r2 = 0;
834 opt->r3 = 0;
835
836 /* If no mask has been prodived we assume an exact match. */
837 if (!depth)
838 return sizeof(struct geneve_opt) + data_len;
839
840 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
841 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
842 return -EINVAL;
843 }
844
845 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
846 nla, geneve_opt_policy, extack);
847 if (err < 0)
848 return err;
849
850 /* We are not allowed to omit any of CLASS, TYPE or DATA
851 * fields from the key.
852 */
853 if (!option_len &&
854 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
855 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
856 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
857 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
858 return -EINVAL;
859 }
860
861 /* Omitting any of CLASS, TYPE or DATA fields is allowed
862 * for the mask.
863 */
864 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
865 int new_len = key->enc_opts.len;
866
867 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
868 data_len = nla_len(data);
869 if (data_len < 4) {
870 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
871 return -ERANGE;
872 }
873 if (data_len % 4) {
874 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
875 return -ERANGE;
876 }
877
878 new_len += sizeof(struct geneve_opt) + data_len;
879 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
880 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
881 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
882 return -ERANGE;
883 }
884 opt->length = data_len / 4;
885 memcpy(opt->opt_data, nla_data(data), data_len);
886 }
887
888 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
889 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
890 opt->opt_class = nla_get_be16(class);
891 }
892
893 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
894 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
895 opt->type = nla_get_u8(type);
896 }
897
898 return sizeof(struct geneve_opt) + data_len;
899}
900
901static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
902 struct fl_flow_key *mask,
903 struct netlink_ext_ack *extack)
904{
905 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
63c82997
JK		 906 int err, option_len, key_depth, msk_depth = 0;
907
908 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS],
909 TCA_FLOWER_KEY_ENC_OPTS_MAX,
910 enc_opts_policy, extack);
911 if (err)
912 return err;
0a6e7778
PJV		 913
914 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
915
916 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
63c82997
JK		 917 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
918 TCA_FLOWER_KEY_ENC_OPTS_MAX,
919 enc_opts_policy, extack);
920 if (err)
921 return err;
922
0a6e7778
PJV		 923 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
924 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
925 }
926
927 nla_for_each_attr(nla_opt_key, nla_enc_key,
928 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
929 switch (nla_type(nla_opt_key)) {
930 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
931 option_len = 0;
932 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
933 option_len = fl_set_geneve_opt(nla_opt_key, key,
934 key_depth, option_len,
935 extack);
936 if (option_len < 0)
937 return option_len;
938
939 key->enc_opts.len += option_len;
940 /* At the same time we need to parse through the mask
941 * in order to verify exact and mask attribute lengths.
942 */
943 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
944 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
945 msk_depth, option_len,
946 extack);
947 if (option_len < 0)
948 return option_len;
949
950 mask->enc_opts.len += option_len;
951 if (key->enc_opts.len != mask->enc_opts.len) {
952 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
953 return -EINVAL;
954 }
955
956 if (msk_depth)
957 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
958 break;
959 default:
960 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
961 return -EINVAL;
962 }
963 }
964
965 return 0;
966}
967
77b9900e 968static int fl_set_key(struct net *net, struct nlattr **tb,
1057c55f
AA		 969 struct fl_flow_key *key, struct fl_flow_key *mask,
970 struct netlink_ext_ack *extack)
77b9900e 971{
9399ae9a 972 __be16 ethertype;
d9724772 973 int ret = 0;
dd3aa3b5 974#ifdef CONFIG_NET_CLS_IND
77b9900e 975 if (tb[TCA_FLOWER_INDEV]) {
1057c55f 976 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
77b9900e
JP		 977 if (err < 0)
978 return err;
979 key->indev_ifindex = err;
980 mask->indev_ifindex = 0xffffffff;
981 }
dd3aa3b5 982#endif
77b9900e
JP		 983
984 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
985 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
986 sizeof(key->eth.dst));
987 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
988 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
989 sizeof(key->eth.src));
66530bdf 990
0b498a52 991 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
9399ae9a
HHZ		 992 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
993
aaab0834 994 if (eth_type_vlan(ethertype)) {
d64efd09
JL		 995 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
996 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
997 &mask->vlan);
998
5e9a0fe4
JL		 999 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
1000 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
1001 if (eth_type_vlan(ethertype)) {
1002 fl_set_key_vlan(tb, ethertype,
1003 TCA_FLOWER_KEY_CVLAN_ID,
1004 TCA_FLOWER_KEY_CVLAN_PRIO,
1005 &key->cvlan, &mask->cvlan);
1006 fl_set_key_val(tb, &key->basic.n_proto,
1007 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1008 &mask->basic.n_proto,
1009 TCA_FLOWER_UNSPEC,
1010 sizeof(key->basic.n_proto));
1011 } else {
1012 key->basic.n_proto = ethertype;
1013 mask->basic.n_proto = cpu_to_be16(~0);
1014 }
d64efd09 1015 }
0b498a52
AB		 1016 } else {
1017 key->basic.n_proto = ethertype;
1018 mask->basic.n_proto = cpu_to_be16(~0);
1019 }
9399ae9a 1020 }
66530bdf 1021
77b9900e
JP		 1022 if (key->basic.n_proto == htons(ETH_P_IP) ||
1023 key->basic.n_proto == htons(ETH_P_IPV6)) {
1024 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1025 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1026 sizeof(key->basic.ip_proto));
0e2c17b6 1027 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
77b9900e 1028 }
66530bdf
JHS		 1029
1030 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
1031 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
970bfcd0 1032 mask->control.addr_type = ~0;
77b9900e
JP		 1033 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1034 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1035 sizeof(key->ipv4.src));
1036 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1037 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1038 sizeof(key->ipv4.dst));
66530bdf
JHS		 1039 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
1040 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
970bfcd0 1041 mask->control.addr_type = ~0;
77b9900e
JP		 1042 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1043 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1044 sizeof(key->ipv6.src));
1045 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1046 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1047 sizeof(key->ipv6.dst));
1048 }
66530bdf 1049
77b9900e
JP		 1050 if (key->basic.ip_proto == IPPROTO_TCP) {
1051 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
aa72d708 1052 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
77b9900e
JP		 1053 sizeof(key->tp.src));
1054 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
aa72d708 1055 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
77b9900e 1056 sizeof(key->tp.dst));
fdfc7dd6
JP		 1057 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1058 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1059 sizeof(key->tcp.flags));
77b9900e
JP		 1060 } else if (key->basic.ip_proto == IPPROTO_UDP) {
1061 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
aa72d708 1062 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
77b9900e
JP		 1063 sizeof(key->tp.src));
1064 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
aa72d708 1065 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
77b9900e 1066 sizeof(key->tp.dst));
5976c5f4
SH		 1067 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
1068 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1069 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1070 sizeof(key->tp.src));
1071 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1072 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1073 sizeof(key->tp.dst));
7b684884
SH		 1074 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
1075 key->basic.ip_proto == IPPROTO_ICMP) {
1076 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
1077 &mask->icmp.type,
1078 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1079 sizeof(key->icmp.type));
1080 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
1081 &mask->icmp.code,
1082 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1083 sizeof(key->icmp.code));
1084 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1085 key->basic.ip_proto == IPPROTO_ICMPV6) {
1086 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
1087 &mask->icmp.type,
1088 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1089 sizeof(key->icmp.type));
040587af 1090 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
7b684884 1091 &mask->icmp.code,
040587af 1092 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
7b684884 1093 sizeof(key->icmp.code));
a577d8f7
BL		 1094 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1095 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1a7fca63
BL		 1096 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
1097 if (ret)
1098 return ret;
99d31326
SH		 1099 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1100 key->basic.n_proto == htons(ETH_P_RARP)) {
1101 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1102 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1103 sizeof(key->arp.sip));
1104 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1105 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1106 sizeof(key->arp.tip));
1107 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1108 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1109 sizeof(key->arp.op));
1110 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1111 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1112 sizeof(key->arp.sha));
1113 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1114 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1115 sizeof(key->arp.tha));
77b9900e
JP		 1116 }
1117
5c72299f
AN		 1118 if (key->basic.ip_proto == IPPROTO_TCP ||
1119 key->basic.ip_proto == IPPROTO_UDP ||
1120 key->basic.ip_proto == IPPROTO_SCTP) {
1121 ret = fl_set_key_port_range(tb, key, mask);
1122 if (ret)
1123 return ret;
1124 }
1125
bc3103f1
AV		 1126 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1127 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1128 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
970bfcd0 1129 mask->enc_control.addr_type = ~0;
bc3103f1
AV		 1130 fl_set_key_val(tb, &key->enc_ipv4.src,
1131 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1132 &mask->enc_ipv4.src,
1133 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1134 sizeof(key->enc_ipv4.src));
1135 fl_set_key_val(tb, &key->enc_ipv4.dst,
1136 TCA_FLOWER_KEY_ENC_IPV4_DST,
1137 &mask->enc_ipv4.dst,
1138 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1139 sizeof(key->enc_ipv4.dst));
1140 }
1141
1142 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1143 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1144 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
970bfcd0 1145 mask->enc_control.addr_type = ~0;
bc3103f1
AV		 1146 fl_set_key_val(tb, &key->enc_ipv6.src,
1147 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1148 &mask->enc_ipv6.src,
1149 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1150 sizeof(key->enc_ipv6.src));
1151 fl_set_key_val(tb, &key->enc_ipv6.dst,
1152 TCA_FLOWER_KEY_ENC_IPV6_DST,
1153 &mask->enc_ipv6.dst,
1154 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1155 sizeof(key->enc_ipv6.dst));
1156 }
1157
1158 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
eb523f42 1159 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
bc3103f1
AV		 1160 sizeof(key->enc_key_id.keyid));
1161
f4d997fd
HHZ		 1162 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1163 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1164 sizeof(key->enc_tp.src));
1165
1166 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1167 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1168 sizeof(key->enc_tp.dst));
1169
0e2c17b6
OG		 1170 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1171
0a6e7778
PJV		 1172 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1173 ret = fl_set_enc_opt(tb, key, mask, extack);
1174 if (ret)
1175 return ret;
1176 }
1177
d9724772
OG		 1178 if (tb[TCA_FLOWER_KEY_FLAGS])
1179 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
faa3ffce 1180
d9724772 1181 return ret;
77b9900e
JP		 1182}
1183
05cd271f
PB		 1184static void fl_mask_copy(struct fl_flow_mask *dst,
1185 struct fl_flow_mask *src)
77b9900e 1186{
05cd271f
PB		 1187 const void *psrc = fl_key_get_start(&src->key, src);
1188 void *pdst = fl_key_get_start(&dst->key, src);
77b9900e 1189
05cd271f
PB		 1190 memcpy(pdst, psrc, fl_mask_range(src));
1191 dst->range = src->range;
77b9900e
JP		 1192}
1193
1194static const struct rhashtable_params fl_ht_params = {
1195 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
1196 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1197 .automatic_shrinking = true,
1198};
1199
05cd271f 1200static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
77b9900e 1201{
05cd271f
PB		 1202 mask->filter_ht_params = fl_ht_params;
1203 mask->filter_ht_params.key_len = fl_mask_range(mask);
1204 mask->filter_ht_params.key_offset += mask->range.start;
77b9900e 1205
05cd271f 1206 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
77b9900e
JP		 1207}
1208
1209#define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
cb205a81 1210#define FL_KEY_MEMBER_SIZE(member) FIELD_SIZEOF(struct fl_flow_key, member)
77b9900e 1211
339ba878
HHZ		 1212#define FL_KEY_IS_MASKED(mask, member) \
1213 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1214 0, FL_KEY_MEMBER_SIZE(member)) \
77b9900e
JP		 1215
1216#define FL_KEY_SET(keys, cnt, id, member) \
1217 do { \
1218 keys[cnt].key_id = id; \
1219 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1220 cnt++; \
1221 } while(0);
1222
339ba878 1223#define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
77b9900e 1224 do { \
339ba878 1225 if (FL_KEY_IS_MASKED(mask, member)) \
77b9900e
JP		 1226 FL_KEY_SET(keys, cnt, id, member); \
1227 } while(0);
1228
33fb5cba
JP		 1229static void fl_init_dissector(struct flow_dissector *dissector,
1230 struct fl_flow_key *mask)
77b9900e
JP		 1231{
1232 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1233 size_t cnt = 0;
1234
42aecaa9 1235 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
77b9900e 1236 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
33fb5cba 1237 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
339ba878 1238 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
33fb5cba 1239 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
339ba878 1240 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
33fb5cba 1241 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
339ba878 1242 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
5c72299f
AN		 1243 if (FL_KEY_IS_MASKED(mask, tp) ||
1244 FL_KEY_IS_MASKED(mask, tp_min) || FL_KEY_IS_MASKED(mask, tp_max))
1245 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_PORTS, tp);
33fb5cba 1246 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
4d80cc0a 1247 FLOW_DISSECTOR_KEY_IP, ip);
33fb5cba 1248 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
fdfc7dd6 1249 FLOW_DISSECTOR_KEY_TCP, tcp);
33fb5cba 1250 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
7b684884 1251 FLOW_DISSECTOR_KEY_ICMP, icmp);
33fb5cba 1252 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
99d31326 1253 FLOW_DISSECTOR_KEY_ARP, arp);
33fb5cba 1254 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
a577d8f7 1255 FLOW_DISSECTOR_KEY_MPLS, mpls);
33fb5cba 1256 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
9399ae9a 1257 FLOW_DISSECTOR_KEY_VLAN, vlan);
33fb5cba 1258 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
d64efd09 1259 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
33fb5cba 1260 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
519d1052 1261 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
33fb5cba 1262 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
519d1052 1263 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
33fb5cba 1264 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
519d1052 1265 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
33fb5cba
JP		 1266 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1267 FL_KEY_IS_MASKED(mask, enc_ipv6))
519d1052
HHZ		 1268 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1269 enc_control);
33fb5cba 1270 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
f4d997fd 1271 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
33fb5cba 1272 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
0e2c17b6 1273 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
0a6e7778
PJV		 1274 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1275 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
77b9900e 1276
33fb5cba 1277 skb_flow_dissector_init(dissector, keys, cnt);
05cd271f
PB		 1278}
1279
1280static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1281 struct fl_flow_mask *mask)
1282{
1283 struct fl_flow_mask *newmask;
1284 int err;
1285
1286 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1287 if (!newmask)
1288 return ERR_PTR(-ENOMEM);
1289
1290 fl_mask_copy(newmask, mask);
1291
5c72299f
AN		 1292 if ((newmask->key.tp_min.dst && newmask->key.tp_max.dst) ||
1293 (newmask->key.tp_min.src && newmask->key.tp_max.src))
1294 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
1295
05cd271f
PB		 1296 err = fl_init_mask_hashtable(newmask);
1297 if (err)
1298 goto errout_free;
1299
33fb5cba 1300 fl_init_dissector(&newmask->dissector, &newmask->key);
05cd271f
PB		 1301
1302 INIT_LIST_HEAD_RCU(&newmask->filters);
1303
1304 err = rhashtable_insert_fast(&head->ht, &newmask->ht_node,
1305 mask_ht_params);
1306 if (err)
1307 goto errout_destroy;
1308
1309 list_add_tail_rcu(&newmask->list, &head->masks);
1310
1311 return newmask;
1312
1313errout_destroy:
1314 rhashtable_destroy(&newmask->ht);
1315errout_free:
1316 kfree(newmask);
1317
1318 return ERR_PTR(err);
77b9900e
JP		 1319}
1320
1321static int fl_check_assign_mask(struct cls_fl_head *head,
05cd271f
PB		 1322 struct cls_fl_filter *fnew,
1323 struct cls_fl_filter *fold,
77b9900e
JP		 1324 struct fl_flow_mask *mask)
1325{
05cd271f 1326 struct fl_flow_mask *newmask;
77b9900e 1327
05cd271f
PB		 1328 fnew->mask = rhashtable_lookup_fast(&head->ht, mask, mask_ht_params);
1329 if (!fnew->mask) {
1330 if (fold)
77b9900e 1331 return -EINVAL;
77b9900e 1332
05cd271f
PB		 1333 newmask = fl_create_new_mask(head, mask);
1334 if (IS_ERR(newmask))
1335 return PTR_ERR(newmask);
77b9900e 1336
05cd271f 1337 fnew->mask = newmask;
f6521c58 1338 } else if (fold && fold->mask != fnew->mask) {
05cd271f
PB		 1339 return -EINVAL;
1340 }
77b9900e
JP		 1341
1342 return 0;
1343}
1344
1345static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1346 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1347 unsigned long base, struct nlattr **tb,
50a56190 1348 struct nlattr *est, bool ovr,
b95ec7eb 1349 struct fl_flow_tmplt *tmplt,
50a56190 1350 struct netlink_ext_ack *extack)
77b9900e 1351{
77b9900e
JP		 1352 int err;
1353
ec6743a1
VB		 1354 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, true,
1355 extack);
77b9900e
JP		 1356 if (err < 0)
1357 return err;
1358
1359 if (tb[TCA_FLOWER_CLASSID]) {
1360 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1361 tcf_bind_filter(tp, &f->res, base);
1362 }
1363
1057c55f 1364 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
77b9900e 1365 if (err)
45507529 1366 return err;
77b9900e
JP		 1367
1368 fl_mask_update_range(mask);
1369 fl_set_masked_key(&f->mkey, &f->key, mask);
1370
b95ec7eb
JP		 1371 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1372 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1373 return -EINVAL;
1374 }
1375
77b9900e 1376 return 0;
77b9900e
JP		 1377}
1378
77b9900e
JP		 1379static int fl_change(struct net *net, struct sk_buff *in_skb,
1380 struct tcf_proto *tp, unsigned long base,
1381 u32 handle, struct nlattr **tca,
12db03b6
VB		 1382 void **arg, bool ovr, bool rtnl_held,
1383 struct netlink_ext_ack *extack)
77b9900e 1384{
e474619a 1385 struct cls_fl_head *head = fl_head_dereference(tp);
8113c095 1386 struct cls_fl_filter *fold = *arg;
77b9900e 1387 struct cls_fl_filter *fnew;
2cddd201 1388 struct fl_flow_mask *mask;
39b7b6a6 1389 struct nlattr **tb;
77b9900e
JP		 1390 int err;
1391
06177558
VB		 1392 if (!tca[TCA_OPTIONS]) {
1393 err = -EINVAL;
1394 goto errout_fold;
1395 }
77b9900e 1396
2cddd201 1397 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
06177558
VB		 1398 if (!mask) {
1399 err = -ENOBUFS;
1400 goto errout_fold;
1401 }
39b7b6a6 1402
2cddd201
IV		 1403 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1404 if (!tb) {
1405 err = -ENOBUFS;
1406 goto errout_mask_alloc;
1407 }
1408
fceb6435
JB		 1409 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1410 fl_policy, NULL);
77b9900e 1411 if (err < 0)
39b7b6a6 1412 goto errout_tb;
77b9900e 1413
39b7b6a6
AB		 1414 if (fold && handle && fold->handle != handle) {
1415 err = -EINVAL;
1416 goto errout_tb;
1417 }
77b9900e
JP		 1418
1419 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
39b7b6a6
AB		 1420 if (!fnew) {
1421 err = -ENOBUFS;
1422 goto errout_tb;
1423 }
06177558 1424 refcount_set(&fnew->refcnt, 1);
77b9900e 1425
14215108 1426 err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0);
b9a24bb7
WC		 1427 if (err < 0)
1428 goto errout;
77b9900e 1429
e69985c6
AV		 1430 if (tb[TCA_FLOWER_FLAGS]) {
1431 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1432
1433 if (!tc_flags_valid(fnew->flags)) {
1434 err = -EINVAL;
ecb3dea4 1435 goto errout;
e69985c6
AV		 1436 }
1437 }
5b33f488 1438
2cddd201 1439 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
b95ec7eb 1440 tp->chain->tmplt_priv, extack);
77b9900e 1441 if (err)
ecb3dea4 1442 goto errout;
77b9900e 1443
2cddd201 1444 err = fl_check_assign_mask(head, fnew, fold, mask);
77b9900e 1445 if (err)
ecb3dea4
VB		 1446 goto errout;
1447
79685219 1448 if (!tc_skip_hw(fnew->flags)) {
05cd271f 1449 err = fl_hw_replace_filter(tp, fnew, extack);
79685219 1450 if (err)
620da486 1451 goto errout_mask;
79685219 1452 }
5b33f488 1453
55593960
OG		 1454 if (!tc_in_hw(fnew->flags))
1455 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1456
06177558 1457 refcount_inc(&fnew->refcnt);
5b33f488 1458 if (fold) {
b2552b8c
VB		 1459 /* Fold filter was deleted concurrently. Retry lookup. */
1460 if (fold->deleted) {
1461 err = -EAGAIN;
1462 goto errout_hw;
1463 }
1464
620da486
VB		 1465 fnew->handle = handle;
1466
1467 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
1468 fnew->mask->filter_ht_params);
1469 if (err)
1470 goto errout_hw;
1471
599d2570
RD		 1472 rhashtable_remove_fast(&fold->mask->ht,
1473 &fold->ht_node,
1474 fold->mask->filter_ht_params);
234a4624 1475 idr_replace(&head->handle_idr, fnew, fnew->handle);
ff3532f2 1476 list_replace_rcu(&fold->list, &fnew->list);
b2552b8c 1477 fold->deleted = true;
620da486
VB		 1478
1479 if (!tc_skip_hw(fold->flags))
1480 fl_hw_destroy_filter(tp, fold, NULL);
77b9900e 1481 tcf_unbind_filter(tp, &fold->res);
0dadc117 1482 tcf_exts_get_net(&fold->exts);
06177558
VB		 1483 /* Caller holds reference to fold, so refcnt is always > 0
1484 * after this.
1485 */
1486 refcount_dec(&fold->refcnt);
1487 __fl_put(fold);
77b9900e 1488 } else {
620da486
VB		 1489 if (__fl_lookup(fnew->mask, &fnew->mkey)) {
1490 err = -EEXIST;
1491 goto errout_hw;
1492 }
1493
1494 if (handle) {
1495 /* user specifies a handle and it doesn't exist */
1496 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1497 handle, GFP_ATOMIC);
1498 } else {
1499 handle = 1;
1500 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1501 INT_MAX, GFP_ATOMIC);
1502 }
1503 if (err)
1504 goto errout_hw;
1505
1506 fnew->handle = handle;
1507
1508 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
1509 fnew->mask->filter_ht_params);
1510 if (err)
1511 goto errout_idr;
1512
05cd271f 1513 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
77b9900e
JP		 1514 }
1515
620da486
VB		 1516 *arg = fnew;
1517
39b7b6a6 1518 kfree(tb);
2cddd201 1519 kfree(mask);
77b9900e
JP		 1520 return 0;
1521
fe2502e4 1522errout_idr:
620da486
VB		 1523 idr_remove(&head->handle_idr, fnew->handle);
1524errout_hw:
1525 if (!tc_skip_hw(fnew->flags))
1526 fl_hw_destroy_filter(tp, fnew, NULL);
ecb3dea4
VB		 1527errout_mask:
1528 fl_mask_put(head, fnew->mask, false);
77b9900e 1529errout:
b9a24bb7 1530 tcf_exts_destroy(&fnew->exts);
77b9900e 1531 kfree(fnew);
39b7b6a6
AB		 1532errout_tb:
1533 kfree(tb);
2cddd201
IV		 1534errout_mask_alloc:
1535 kfree(mask);
06177558
VB		 1536errout_fold:
1537 if (fold)
1538 __fl_put(fold);
77b9900e
JP		 1539 return err;
1540}
1541
571acf21 1542static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
12db03b6 1543 bool rtnl_held, struct netlink_ext_ack *extack)
77b9900e 1544{
e474619a 1545 struct cls_fl_head *head = fl_head_dereference(tp);
8113c095 1546 struct cls_fl_filter *f = arg;
b2552b8c
VB		 1547 bool last_on_mask;
1548 int err = 0;
77b9900e 1549
b2552b8c 1550 err = __fl_delete(tp, f, &last_on_mask, extack);
05cd271f 1551 *last = list_empty(&head->masks);
06177558
VB		 1552 __fl_put(f);
1553
b2552b8c 1554 return err;
77b9900e
JP		 1555}
1556
12db03b6
VB		 1557static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg,
1558 bool rtnl_held)
77b9900e 1559{
77b9900e 1560 struct cls_fl_filter *f;
05cd271f 1561
01683a14
VB		 1562 arg->count = arg->skip;
1563
06177558 1564 while ((f = fl_get_next_filter(tp, &arg->cookie)) != NULL) {
01683a14 1565 if (arg->fn(tp, f, arg) < 0) {
06177558 1566 __fl_put(f);
01683a14
VB		 1567 arg->stop = 1;
1568 break;
05cd271f 1569 }
06177558
VB		 1570 __fl_put(f);
1571 arg->cookie++;
01683a14 1572 arg->count++;
77b9900e
JP		 1573 }
1574}
1575
31533cba
JH		 1576static int fl_reoffload(struct tcf_proto *tp, bool add, tc_setup_cb_t *cb,
1577 void *cb_priv, struct netlink_ext_ack *extack)
1578{
e474619a 1579 struct cls_fl_head *head = fl_head_dereference(tp);
31533cba
JH		 1580 struct tc_cls_flower_offload cls_flower = {};
1581 struct tcf_block *block = tp->chain->block;
1582 struct fl_flow_mask *mask;
1583 struct cls_fl_filter *f;
1584 int err;
1585
1586 list_for_each_entry(mask, &head->masks, list) {
1587 list_for_each_entry(f, &mask->filters, list) {
1588 if (tc_skip_hw(f->flags))
1589 continue;
1590
e3ab786b
PNA		 1591 cls_flower.rule =
1592 flow_rule_alloc(tcf_exts_num_actions(&f->exts));
8f256622
PNA		 1593 if (!cls_flower.rule)
1594 return -ENOMEM;
1595
31533cba
JH		 1596 tc_cls_common_offload_init(&cls_flower.common, tp,
1597 f->flags, extack);
1598 cls_flower.command = add ?
1599 TC_CLSFLOWER_REPLACE : TC_CLSFLOWER_DESTROY;
1600 cls_flower.cookie = (unsigned long)f;
8f256622
PNA		 1601 cls_flower.rule->match.dissector = &mask->dissector;
1602 cls_flower.rule->match.mask = &mask->key;
1603 cls_flower.rule->match.key = &f->mkey;
3a7b6861
PNA		 1604
1605 err = tc_setup_flow_action(&cls_flower.rule->action,
1606 &f->exts);
1607 if (err) {
1608 kfree(cls_flower.rule);
1f15bb4f
VB		 1609 if (tc_skip_sw(f->flags)) {
1610 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
1611 return err;
1612 }
1613 continue;
3a7b6861
PNA		 1614 }
1615
31533cba
JH		 1616 cls_flower.classid = f->res.classid;
1617
1618 err = cb(TC_SETUP_CLSFLOWER, &cls_flower, cb_priv);
8f256622
PNA		 1619 kfree(cls_flower.rule);
1620
31533cba
JH		 1621 if (err) {
1622 if (add && tc_skip_sw(f->flags))
1623 return err;
1624 continue;
1625 }
1626
1627 tc_cls_offload_cnt_update(block, &f->in_hw_count,
1628 &f->flags, add);
1629 }
1630 }
1631
1632 return 0;
1633}
1634
8f256622
PNA		 1635static int fl_hw_create_tmplt(struct tcf_chain *chain,
1636 struct fl_flow_tmplt *tmplt)
34738452
JP		 1637{
1638 struct tc_cls_flower_offload cls_flower = {};
1639 struct tcf_block *block = chain->block;
34738452 1640
e3ab786b 1641 cls_flower.rule = flow_rule_alloc(0);
8f256622
PNA		 1642 if (!cls_flower.rule)
1643 return -ENOMEM;
1644
34738452
JP		 1645 cls_flower.common.chain_index = chain->index;
1646 cls_flower.command = TC_CLSFLOWER_TMPLT_CREATE;
1647 cls_flower.cookie = (unsigned long) tmplt;
8f256622
PNA		 1648 cls_flower.rule->match.dissector = &tmplt->dissector;
1649 cls_flower.rule->match.mask = &tmplt->mask;
1650 cls_flower.rule->match.key = &tmplt->dummy_key;
34738452
JP		 1651
1652 /* We don't care if driver (any of them) fails to handle this
1653 * call. It serves just as a hint for it.
1654 */
aeb3fecd 1655 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
8f256622
PNA		 1656 kfree(cls_flower.rule);
1657
1658 return 0;
34738452
JP		 1659}
1660
1661static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
1662 struct fl_flow_tmplt *tmplt)
1663{
1664 struct tc_cls_flower_offload cls_flower = {};
1665 struct tcf_block *block = chain->block;
1666
1667 cls_flower.common.chain_index = chain->index;
1668 cls_flower.command = TC_CLSFLOWER_TMPLT_DESTROY;
1669 cls_flower.cookie = (unsigned long) tmplt;
1670
aeb3fecd 1671 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
34738452
JP		 1672}
1673
b95ec7eb
JP		 1674static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
1675 struct nlattr **tca,
1676 struct netlink_ext_ack *extack)
1677{
1678 struct fl_flow_tmplt *tmplt;
1679 struct nlattr **tb;
1680 int err;
1681
1682 if (!tca[TCA_OPTIONS])
1683 return ERR_PTR(-EINVAL);
1684
1685 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1686 if (!tb)
1687 return ERR_PTR(-ENOBUFS);
1688 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1689 fl_policy, NULL);
1690 if (err)
1691 goto errout_tb;
1692
1693 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
1cbc36a5
DC		 1694 if (!tmplt) {
1695 err = -ENOMEM;
b95ec7eb 1696 goto errout_tb;
1cbc36a5 1697 }
b95ec7eb
JP		 1698 tmplt->chain = chain;
1699 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
1700 if (err)
1701 goto errout_tmplt;
b95ec7eb
JP		 1702
1703 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
1704
8f256622
PNA		 1705 err = fl_hw_create_tmplt(chain, tmplt);
1706 if (err)
1707 goto errout_tmplt;
34738452 1708
8f256622 1709 kfree(tb);
b95ec7eb
JP		 1710 return tmplt;
1711
1712errout_tmplt:
1713 kfree(tmplt);
1714errout_tb:
1715 kfree(tb);
1716 return ERR_PTR(err);
1717}
1718
ec3ed293
VB		 1719static void fl_tmplt_destroy(void *tmplt_priv)
1720{
1721 struct fl_flow_tmplt *tmplt = tmplt_priv;
1722
95278dda
CW		 1723 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
1724 kfree(tmplt);
ec3ed293
VB		 1725}
1726
77b9900e
JP		 1727static int fl_dump_key_val(struct sk_buff *skb,
1728 void *val, int val_type,
1729 void *mask, int mask_type, int len)
1730{
1731 int err;
1732
1733 if (!memchr_inv(mask, 0, len))
1734 return 0;
1735 err = nla_put(skb, val_type, len, val);
1736 if (err)
1737 return err;
1738 if (mask_type != TCA_FLOWER_UNSPEC) {
1739 err = nla_put(skb, mask_type, len, mask);
1740 if (err)
1741 return err;
1742 }
1743 return 0;
1744}
1745
5c72299f
AN		 1746static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
1747 struct fl_flow_key *mask)
1748{
1749 if (fl_dump_key_val(skb, &key->tp_min.dst, TCA_FLOWER_KEY_PORT_DST_MIN,
1750 &mask->tp_min.dst, TCA_FLOWER_UNSPEC,
1751 sizeof(key->tp_min.dst)) ||
1752 fl_dump_key_val(skb, &key->tp_max.dst, TCA_FLOWER_KEY_PORT_DST_MAX,
1753 &mask->tp_max.dst, TCA_FLOWER_UNSPEC,
1754 sizeof(key->tp_max.dst)) ||
1755 fl_dump_key_val(skb, &key->tp_min.src, TCA_FLOWER_KEY_PORT_SRC_MIN,
1756 &mask->tp_min.src, TCA_FLOWER_UNSPEC,
1757 sizeof(key->tp_min.src)) ||
1758 fl_dump_key_val(skb, &key->tp_max.src, TCA_FLOWER_KEY_PORT_SRC_MAX,
1759 &mask->tp_max.src, TCA_FLOWER_UNSPEC,
1760 sizeof(key->tp_max.src)))
1761 return -1;
1762
1763 return 0;
1764}
1765
a577d8f7
BL		 1766static int fl_dump_key_mpls(struct sk_buff *skb,
1767 struct flow_dissector_key_mpls *mpls_key,
1768 struct flow_dissector_key_mpls *mpls_mask)
1769{
1770 int err;
1771
1772 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1773 return 0;
1774 if (mpls_mask->mpls_ttl) {
1775 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1776 mpls_key->mpls_ttl);
1777 if (err)
1778 return err;
1779 }
1780 if (mpls_mask->mpls_tc) {
1781 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1782 mpls_key->mpls_tc);
1783 if (err)
1784 return err;
1785 }
1786 if (mpls_mask->mpls_label) {
1787 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1788 mpls_key->mpls_label);
1789 if (err)
1790 return err;
1791 }
1792 if (mpls_mask->mpls_bos) {
1793 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1794 mpls_key->mpls_bos);
1795 if (err)
1796 return err;
1797 }
1798 return 0;
1799}
1800
0e2c17b6 1801static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
4d80cc0a
OG		 1802 struct flow_dissector_key_ip *key,
1803 struct flow_dissector_key_ip *mask)
1804{
0e2c17b6
OG		 1805 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
1806 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
1807 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
1808 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
1809
1810 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
1811 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
4d80cc0a
OG		 1812 return -1;
1813
1814 return 0;
1815}
1816
9399ae9a 1817static int fl_dump_key_vlan(struct sk_buff *skb,
d64efd09 1818 int vlan_id_key, int vlan_prio_key,
9399ae9a
HHZ		 1819 struct flow_dissector_key_vlan *vlan_key,
1820 struct flow_dissector_key_vlan *vlan_mask)
1821{
1822 int err;
1823
1824 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1825 return 0;
1826 if (vlan_mask->vlan_id) {
d64efd09 1827 err = nla_put_u16(skb, vlan_id_key,
9399ae9a
HHZ		 1828 vlan_key->vlan_id);
1829 if (err)
1830 return err;
1831 }
1832 if (vlan_mask->vlan_priority) {
d64efd09 1833 err = nla_put_u8(skb, vlan_prio_key,
9399ae9a
HHZ		 1834 vlan_key->vlan_priority);
1835 if (err)
1836 return err;
1837 }
1838 return 0;
1839}
1840
faa3ffce
OG		 1841static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
1842 u32 *flower_key, u32 *flower_mask,
1843 u32 flower_flag_bit, u32 dissector_flag_bit)
1844{
1845 if (dissector_mask & dissector_flag_bit) {
1846 *flower_mask |= flower_flag_bit;
1847 if (dissector_key & dissector_flag_bit)
1848 *flower_key |= flower_flag_bit;
1849 }
1850}
1851
1852static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
1853{
1854 u32 key, mask;
1855 __be32 _key, _mask;
1856 int err;
1857
1858 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
1859 return 0;
1860
1861 key = 0;
1862 mask = 0;
1863
1864 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1865 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
459d153d
PJV		 1866 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1867 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
1868 FLOW_DIS_FIRST_FRAG);
faa3ffce
OG		 1869
1870 _key = cpu_to_be32(key);
1871 _mask = cpu_to_be32(mask);
1872
1873 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
1874 if (err)
1875 return err;
1876
1877 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
1878}
1879
0a6e7778
PJV		 1880static int fl_dump_key_geneve_opt(struct sk_buff *skb,
1881 struct flow_dissector_key_enc_opts *enc_opts)
1882{
1883 struct geneve_opt *opt;
1884 struct nlattr *nest;
1885 int opt_off = 0;
1886
1887 nest = nla_nest_start(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
1888 if (!nest)
1889 goto nla_put_failure;
1890
1891 while (enc_opts->len > opt_off) {
1892 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
1893
1894 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
1895 opt->opt_class))
1896 goto nla_put_failure;
1897 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
1898 opt->type))
1899 goto nla_put_failure;
1900 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
1901 opt->length * 4, opt->opt_data))
1902 goto nla_put_failure;
1903
1904 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
1905 }
1906 nla_nest_end(skb, nest);
1907 return 0;
1908
1909nla_put_failure:
1910 nla_nest_cancel(skb, nest);
1911 return -EMSGSIZE;
1912}
1913
1914static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
1915 struct flow_dissector_key_enc_opts *enc_opts)
1916{
1917 struct nlattr *nest;
1918 int err;
1919
1920 if (!enc_opts->len)
1921 return 0;
1922
1923 nest = nla_nest_start(skb, enc_opt_type);
1924 if (!nest)
1925 goto nla_put_failure;
1926
1927 switch (enc_opts->dst_opt_type) {
1928 case TUNNEL_GENEVE_OPT:
1929 err = fl_dump_key_geneve_opt(skb, enc_opts);
1930 if (err)
1931 goto nla_put_failure;
1932 break;
1933 default:
1934 goto nla_put_failure;
1935 }
1936 nla_nest_end(skb, nest);
1937 return 0;
1938
1939nla_put_failure:
1940 nla_nest_cancel(skb, nest);
1941 return -EMSGSIZE;
1942}
1943
1944static int fl_dump_key_enc_opt(struct sk_buff *skb,
1945 struct flow_dissector_key_enc_opts *key_opts,
1946 struct flow_dissector_key_enc_opts *msk_opts)
1947{
1948 int err;
1949
1950 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
1951 if (err)
1952 return err;
1953
1954 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
1955}
1956
f5749081
JP		 1957static int fl_dump_key(struct sk_buff *skb, struct net *net,
1958 struct fl_flow_key *key, struct fl_flow_key *mask)
77b9900e 1959{
77b9900e
JP		 1960 if (mask->indev_ifindex) {
1961 struct net_device *dev;
1962
1963 dev = __dev_get_by_index(net, key->indev_ifindex);
1964 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1965 goto nla_put_failure;
1966 }
1967
1968 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1969 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1970 sizeof(key->eth.dst)) ||
1971 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1972 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1973 sizeof(key->eth.src)) ||
1974 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1975 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1976 sizeof(key->basic.n_proto)))
1977 goto nla_put_failure;
9399ae9a 1978
a577d8f7
BL		 1979 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
1980 goto nla_put_failure;
1981
d64efd09
JL		 1982 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
1983 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
9399ae9a
HHZ		 1984 goto nla_put_failure;
1985
d64efd09
JL		 1986 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
1987 TCA_FLOWER_KEY_CVLAN_PRIO,
1988 &key->cvlan, &mask->cvlan) ||
1989 (mask->cvlan.vlan_tpid &&
158abbf1
JL		 1990 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1991 key->cvlan.vlan_tpid)))
d3069512
JL		 1992 goto nla_put_failure;
1993
5e9a0fe4
JL		 1994 if (mask->basic.n_proto) {
1995 if (mask->cvlan.vlan_tpid) {
1996 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1997 key->basic.n_proto))
1998 goto nla_put_failure;
1999 } else if (mask->vlan.vlan_tpid) {
2000 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2001 key->basic.n_proto))
2002 goto nla_put_failure;
2003 }
d64efd09
JL		 2004 }
2005
77b9900e
JP		 2006 if ((key->basic.n_proto == htons(ETH_P_IP) ||
2007 key->basic.n_proto == htons(ETH_P_IPV6)) &&
4d80cc0a 2008 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
77b9900e 2009 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
4d80cc0a 2010 sizeof(key->basic.ip_proto)) ||
0e2c17b6 2011 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
77b9900e
JP		 2012 goto nla_put_failure;
2013
c3f83241 2014 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
77b9900e
JP		 2015 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
2016 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
2017 sizeof(key->ipv4.src)) ||
2018 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
2019 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
2020 sizeof(key->ipv4.dst))))
2021 goto nla_put_failure;
c3f83241 2022 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
77b9900e
JP		 2023 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
2024 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
2025 sizeof(key->ipv6.src)) ||
2026 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
2027 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
2028 sizeof(key->ipv6.dst))))
2029 goto nla_put_failure;
2030
2031 if (key->basic.ip_proto == IPPROTO_TCP &&
2032 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
aa72d708 2033 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
77b9900e
JP		 2034 sizeof(key->tp.src)) ||
2035 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
aa72d708 2036 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
fdfc7dd6
JP		 2037 sizeof(key->tp.dst)) ||
2038 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
2039 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
2040 sizeof(key->tcp.flags))))
77b9900e
JP		 2041 goto nla_put_failure;
2042 else if (key->basic.ip_proto == IPPROTO_UDP &&
2043 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
aa72d708 2044 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
77b9900e
JP		 2045 sizeof(key->tp.src)) ||
2046 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
aa72d708 2047 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
5976c5f4
SH		 2048 sizeof(key->tp.dst))))
2049 goto nla_put_failure;
2050 else if (key->basic.ip_proto == IPPROTO_SCTP &&
2051 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
2052 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
2053 sizeof(key->tp.src)) ||
2054 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
2055 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
77b9900e
JP		 2056 sizeof(key->tp.dst))))
2057 goto nla_put_failure;
7b684884
SH		 2058 else if (key->basic.n_proto == htons(ETH_P_IP) &&
2059 key->basic.ip_proto == IPPROTO_ICMP &&
2060 (fl_dump_key_val(skb, &key->icmp.type,
2061 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
2062 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
2063 sizeof(key->icmp.type)) ||
2064 fl_dump_key_val(skb, &key->icmp.code,
2065 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
2066 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
2067 sizeof(key->icmp.code))))
2068 goto nla_put_failure;
2069 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
2070 key->basic.ip_proto == IPPROTO_ICMPV6 &&
2071 (fl_dump_key_val(skb, &key->icmp.type,
2072 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
2073 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
2074 sizeof(key->icmp.type)) ||
2075 fl_dump_key_val(skb, &key->icmp.code,
2076 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
2077 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
2078 sizeof(key->icmp.code))))
2079 goto nla_put_failure;
99d31326
SH		 2080 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
2081 key->basic.n_proto == htons(ETH_P_RARP)) &&
2082 (fl_dump_key_val(skb, &key->arp.sip,
2083 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
2084 TCA_FLOWER_KEY_ARP_SIP_MASK,
2085 sizeof(key->arp.sip)) ||
2086 fl_dump_key_val(skb, &key->arp.tip,
2087 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
2088 TCA_FLOWER_KEY_ARP_TIP_MASK,
2089 sizeof(key->arp.tip)) ||
2090 fl_dump_key_val(skb, &key->arp.op,
2091 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
2092 TCA_FLOWER_KEY_ARP_OP_MASK,
2093 sizeof(key->arp.op)) ||
2094 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
2095 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
2096 sizeof(key->arp.sha)) ||
2097 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
2098 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
2099 sizeof(key->arp.tha))))
2100 goto nla_put_failure;
77b9900e 2101
5c72299f
AN		 2102 if ((key->basic.ip_proto == IPPROTO_TCP ||
2103 key->basic.ip_proto == IPPROTO_UDP ||
2104 key->basic.ip_proto == IPPROTO_SCTP) &&
2105 fl_dump_key_port_range(skb, key, mask))
2106 goto nla_put_failure;
2107
bc3103f1
AV		 2108 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2109 (fl_dump_key_val(skb, &key->enc_ipv4.src,
2110 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
2111 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
2112 sizeof(key->enc_ipv4.src)) ||
2113 fl_dump_key_val(skb, &key->enc_ipv4.dst,
2114 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
2115 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
2116 sizeof(key->enc_ipv4.dst))))
2117 goto nla_put_failure;
2118 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2119 (fl_dump_key_val(skb, &key->enc_ipv6.src,
2120 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
2121 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
2122 sizeof(key->enc_ipv6.src)) ||
2123 fl_dump_key_val(skb, &key->enc_ipv6.dst,
2124 TCA_FLOWER_KEY_ENC_IPV6_DST,
2125 &mask->enc_ipv6.dst,
2126 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
2127 sizeof(key->enc_ipv6.dst))))
2128 goto nla_put_failure;
2129
2130 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
eb523f42 2131 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
f4d997fd
HHZ		 2132 sizeof(key->enc_key_id)) ||
2133 fl_dump_key_val(skb, &key->enc_tp.src,
2134 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
2135 &mask->enc_tp.src,
2136 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
2137 sizeof(key->enc_tp.src)) ||
2138 fl_dump_key_val(skb, &key->enc_tp.dst,
2139 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
2140 &mask->enc_tp.dst,
2141 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
0e2c17b6 2142 sizeof(key->enc_tp.dst)) ||
0a6e7778
PJV		 2143 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
2144 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
bc3103f1
AV		 2145 goto nla_put_failure;
2146
faa3ffce
OG		 2147 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
2148 goto nla_put_failure;
2149
f5749081
JP		 2150 return 0;
2151
2152nla_put_failure:
2153 return -EMSGSIZE;
2154}
2155
2156static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
12db03b6 2157 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
f5749081
JP		 2158{
2159 struct cls_fl_filter *f = fh;
2160 struct nlattr *nest;
2161 struct fl_flow_key *key, *mask;
2162
2163 if (!f)
2164 return skb->len;
2165
2166 t->tcm_handle = f->handle;
2167
2168 nest = nla_nest_start(skb, TCA_OPTIONS);
2169 if (!nest)
2170 goto nla_put_failure;
2171
2172 if (f->res.classid &&
2173 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
2174 goto nla_put_failure;
2175
2176 key = &f->key;
2177 mask = &f->mask->key;
2178
2179 if (fl_dump_key(skb, net, key, mask))
2180 goto nla_put_failure;
2181
2182 if (!tc_skip_hw(f->flags))
2183 fl_hw_update_stats(tp, f);
2184
749e6720
OG		 2185 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
2186 goto nla_put_failure;
e69985c6 2187
86c55361
VB		 2188 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
2189 goto nla_put_failure;
2190
77b9900e
JP		 2191 if (tcf_exts_dump(skb, &f->exts))
2192 goto nla_put_failure;
2193
2194 nla_nest_end(skb, nest);
2195
2196 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
2197 goto nla_put_failure;
2198
2199 return skb->len;
2200
2201nla_put_failure:
2202 nla_nest_cancel(skb, nest);
2203 return -1;
2204}
2205
b95ec7eb
JP		 2206static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
2207{
2208 struct fl_flow_tmplt *tmplt = tmplt_priv;
2209 struct fl_flow_key *key, *mask;
2210 struct nlattr *nest;
2211
2212 nest = nla_nest_start(skb, TCA_OPTIONS);
2213 if (!nest)
2214 goto nla_put_failure;
2215
2216 key = &tmplt->dummy_key;
2217 mask = &tmplt->mask;
2218
2219 if (fl_dump_key(skb, net, key, mask))
2220 goto nla_put_failure;
2221
2222 nla_nest_end(skb, nest);
2223
2224 return skb->len;
2225
2226nla_put_failure:
2227 nla_nest_cancel(skb, nest);
2228 return -EMSGSIZE;
2229}
2230
07d79fc7
CW		 2231static void fl_bind_class(void *fh, u32 classid, unsigned long cl)
2232{
2233 struct cls_fl_filter *f = fh;
2234
2235 if (f && f->res.classid == classid)
2236 f->res.class = cl;
2237}
2238
77b9900e
JP		 2239static struct tcf_proto_ops cls_fl_ops __read_mostly = {
2240 .kind = "flower",
2241 .classify = fl_classify,
2242 .init = fl_init,
2243 .destroy = fl_destroy,
2244 .get = fl_get,
06177558 2245 .put = fl_put,
77b9900e
JP		 2246 .change = fl_change,
2247 .delete = fl_delete,
2248 .walk = fl_walk,
31533cba 2249 .reoffload = fl_reoffload,
77b9900e 2250 .dump = fl_dump,
07d79fc7 2251 .bind_class = fl_bind_class,
b95ec7eb
JP		 2252 .tmplt_create = fl_tmplt_create,
2253 .tmplt_destroy = fl_tmplt_destroy,
2254 .tmplt_dump = fl_tmplt_dump,
77b9900e
JP		 2255 .owner = THIS_MODULE,
2256};
2257
2258static int __init cls_fl_init(void)
2259{
2260 return register_tcf_proto_ops(&cls_fl_ops);
2261}
2262
2263static void __exit cls_fl_exit(void)
2264{
2265 unregister_tcf_proto_ops(&cls_fl_ops);
2266}
2267
2268module_init(cls_fl_init);
2269module_exit(cls_fl_exit);
2270
2271MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2272MODULE_DESCRIPTION("Flower classifier");
2273MODULE_LICENSE("GPL v2");
Ubuntu Hirsute Linux kernel mirror