[mirror_ubuntu-bionic-kernel.git] / net / sched / sch_ingress.c

/* net/sched/sch_ingress.c - Ingress qdisc
 *              This program is free software; you can redistribute it and/or
 *              modify it under the terms of the GNU General Public License
 *              as published by the Free Software Foundation; either version
 *              2 of the License, or (at your option) any later version.
 *
 * Authors:     Jamal Hadi Salim 1999
 */

#include <linux/module.h>
#include <linux/types.h>
#include <linux/list.h>
#include <linux/skbuff.h>
#include <linux/rtnetlink.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter.h>
#include <net/netlink.h>
#include <net/pkt_sched.h>


/* Thanks to Doron Oz for this hack */
#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
static int nf_registered;
#endif

struct ingress_qdisc_data {
	struct tcf_proto	*filter_list;
};

/* ------------------------- Class/flow operations ------------------------- */

static int ingress_graft(struct Qdisc *sch, unsigned long arg,
			 struct Qdisc *new, struct Qdisc **old)
{
	return -EOPNOTSUPP;
}

static struct Qdisc *ingress_leaf(struct Qdisc *sch, unsigned long arg)
{
	return NULL;
}

static unsigned long ingress_get(struct Qdisc *sch, u32 classid)
{
	return TC_H_MIN(classid) + 1;
}

static unsigned long ingress_bind_filter(struct Qdisc *sch,
					 unsigned long parent, u32 classid)
{
	return ingress_get(sch, classid);
}

static void ingress_put(struct Qdisc *sch, unsigned long cl)
{
}

static int ingress_change(struct Qdisc *sch, u32 classid, u32 parent,
			  struct nlattr **tca, unsigned long *arg)
{
	return 0;
}

static void ingress_walk(struct Qdisc *sch, struct qdisc_walker *walker)
{
	return;
}

static struct tcf_proto **ingress_find_tcf(struct Qdisc *sch, unsigned long cl)
{
	struct ingress_qdisc_data *p = qdisc_priv(sch);

	return &p->filter_list;
}

/* --------------------------- Qdisc operations ---------------------------- */

static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
{
	struct ingress_qdisc_data *p = qdisc_priv(sch);
	struct tcf_result res;
	int result;

	result = tc_classify(skb, p->filter_list, &res);

	/*
	 * Unlike normal "enqueue" functions, ingress_enqueue returns a
	 * firewall FW_* code.
	 */
#ifdef CONFIG_NET_CLS_ACT
	sch->bstats.packets++;
	sch->bstats.bytes += skb->len;
	switch (result) {
	case TC_ACT_SHOT:
		result = TC_ACT_SHOT;
		sch->qstats.drops++;
		break;
	case TC_ACT_STOLEN:
	case TC_ACT_QUEUED:
		result = TC_ACT_STOLEN;
		break;
	case TC_ACT_RECLASSIFY:
	case TC_ACT_OK:
		skb->tc_index = TC_H_MIN(res.classid);
	default:
		result = TC_ACT_OK;
		break;
	}
#else
	result = NF_ACCEPT;
	sch->bstats.packets++;
	sch->bstats.bytes += skb->len;
#endif

	return result;
}

#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb,
			     const struct net_device *indev,
			     const struct net_device *outdev,
			     int (*okfn)(struct sk_buff *))
{

	struct Qdisc *q;
	struct net_device *dev = skb->dev;
	int fwres = NF_ACCEPT;

	if (dev->qdisc_ingress) {
		spin_lock(&dev->ingress_lock);
		if ((q = dev->qdisc_ingress) != NULL)
			fwres = q->enqueue(skb, q);
		spin_unlock(&dev->ingress_lock);
	}

	return fwres;
}

/* after ipt_filter */
static struct nf_hook_ops ing_ops[] __read_mostly = {
	{
		.hook           = ing_hook,
		.owner		= THIS_MODULE,
		.pf             = PF_INET,
		.hooknum        = NF_INET_PRE_ROUTING,
		.priority       = NF_IP_PRI_FILTER + 1,
	},
	{
		.hook           = ing_hook,
		.owner		= THIS_MODULE,
		.pf             = PF_INET6,
		.hooknum        = NF_INET_PRE_ROUTING,
		.priority       = NF_IP6_PRI_FILTER + 1,
	},
};
#endif

static int ingress_init(struct Qdisc *sch, struct nlattr *opt)
{
#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
	printk("Ingress scheduler: Classifier actions prefered over netfilter\n");

	if (!nf_registered) {
		if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
			printk("ingress qdisc registration error \n");
			return -EINVAL;
		}
		nf_registered++;
	}
#endif
	return 0;
}

/* ------------------------------------------------------------- */

static void ingress_destroy(struct Qdisc *sch)
{
	struct ingress_qdisc_data *p = qdisc_priv(sch);

	tcf_destroy_chain(p->filter_list);
}

static int ingress_dump(struct Qdisc *sch, struct sk_buff *skb)
{
	struct nlattr *nest;

	nest = nla_nest_start(skb, TCA_OPTIONS);
	if (nest == NULL)
		goto nla_put_failure;
	nla_nest_end(skb, nest);
	return skb->len;

nla_put_failure:
	nla_nest_cancel(skb, nest);
	return -1;
}

static const struct Qdisc_class_ops ingress_class_ops = {
	.graft		=	ingress_graft,
	.leaf		=	ingress_leaf,
	.get		=	ingress_get,
	.put		=	ingress_put,
	.change		=	ingress_change,
	.walk		=	ingress_walk,
	.tcf_chain	=	ingress_find_tcf,
	.bind_tcf	=	ingress_bind_filter,
	.unbind_tcf	=	ingress_put,
};

static struct Qdisc_ops ingress_qdisc_ops __read_mostly = {
	.cl_ops		=	&ingress_class_ops,
	.id		=	"ingress",
	.priv_size	=	sizeof(struct ingress_qdisc_data),
	.enqueue	=	ingress_enqueue,
	.init		=	ingress_init,
	.destroy	=	ingress_destroy,
	.dump		=	ingress_dump,
	.owner		=	THIS_MODULE,
};

static int __init ingress_module_init(void)
{
	return register_qdisc(&ingress_qdisc_ops);
}

static void __exit ingress_module_exit(void)
{
	unregister_qdisc(&ingress_qdisc_ops);
#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
	if (nf_registered)
		nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
#endif
}

module_init(ingress_module_init)
module_exit(ingress_module_exit)
MODULE_LICENSE("GPL");
Commit	Line	Data
10297b99	1	/* net/sched/sch_ingress.c - Ingress qdisc
1da177e4 LT	2	* This program is free software; you can redistribute it and/or
	3	* modify it under the terms of the GNU General Public License
	4	* as published by the Free Software Foundation; either version
	5	* 2 of the License, or (at your option) any later version.
	6	*
	7	* Authors: Jamal Hadi Salim 1999
	8	*/
	9
1da177e4 LT	10	#include <linux/module.h>
1da177e4 LT	11	#include <linux/types.h>
0ba48053	12	#include <linux/list.h>
1da177e4	13	#include <linux/skbuff.h>
1da177e4 LT	14	#include <linux/rtnetlink.h>
	15	#include <linux/netfilter_ipv4.h>
	16	#include <linux/netfilter_ipv6.h>
	17	#include <linux/netfilter.h>
dc5fc579	18	#include <net/netlink.h>
1da177e4	19	#include <net/pkt_sched.h>
1da177e4 LT	20
1da177e4 LT	21
58f4df42	22	/* Thanks to Doron Oz for this hack */
13893567	23	#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
10297b99	24	static int nf_registered;
1da177e4	25	#endif
1da177e4 LT	26
1da177e4 LT	27	struct ingress_qdisc_data {
1da177e4 LT	28	struct tcf_proto *filter_list;
	29	};
	30
1da177e4 LT	31	/* ------------------------- Class/flow operations ------------------------- */
1da177e4 LT	32
58f4df42 PM	33	static int ingress_graft(struct Qdisc *sch, unsigned long arg,
58f4df42 PM	34	struct Qdisc new, struct Qdisc *old)
1da177e4	35	{
e0378347	36	return -EOPNOTSUPP;
1da177e4 LT	37	}
1da177e4 LT	38
1da177e4 LT	39	static struct Qdisc ingress_leaf(struct Qdisc sch, unsigned long arg)
	40	{
	41	return NULL;
	42	}
	43
58f4df42	44	static unsigned long ingress_get(struct Qdisc *sch, u32 classid)
1da177e4	45	{
1da177e4 LT	46	return TC_H_MIN(classid) + 1;
	47	}
	48
1da177e4	49	static unsigned long ingress_bind_filter(struct Qdisc *sch,
58f4df42	50	unsigned long parent, u32 classid)
1da177e4 LT	51	{
	52	return ingress_get(sch, classid);
	53	}
	54
1da177e4 LT	55	static void ingress_put(struct Qdisc *sch, unsigned long cl)
	56	{
	57	}
	58
1da177e4	59	static int ingress_change(struct Qdisc *sch, u32 classid, u32 parent,
1e90474c	60	struct nlattr *tca, unsigned long arg)
1da177e4	61	{
1da177e4 LT	62	return 0;
	63	}
	64
58f4df42	65	static void ingress_walk(struct Qdisc sch, struct qdisc_walker walker)
1da177e4	66	{
a4781221	67	return;
1da177e4 LT	68	}
1da177e4 LT	69
58f4df42	70	static struct tcf_proto *ingress_find_tcf(struct Qdisc sch, unsigned long cl)
1da177e4	71	{
cb53c048	72	struct ingress_qdisc_data *p = qdisc_priv(sch);
1da177e4 LT	73
	74	return &p->filter_list;
	75	}
	76
1da177e4 LT	77	/* --------------------------- Qdisc operations ---------------------------- */
1da177e4 LT	78
58f4df42	79	static int ingress_enqueue(struct sk_buff skb, struct Qdisc sch)
1da177e4	80	{
cb53c048	81	struct ingress_qdisc_data *p = qdisc_priv(sch);
1da177e4 LT	82	struct tcf_result res;
	83	int result;
	84
1da177e4	85	result = tc_classify(skb, p->filter_list, &res);
a4781221	86
1da177e4 LT	87	/*
	88	* Unlike normal "enqueue" functions, ingress_enqueue returns a
	89	* firewall FW_* code.
	90	*/
	91	#ifdef CONFIG_NET_CLS_ACT
	92	sch->bstats.packets++;
	93	sch->bstats.bytes += skb->len;
	94	switch (result) {
58f4df42 PM	95	case TC_ACT_SHOT:
	96	result = TC_ACT_SHOT;
	97	sch->qstats.drops++;
	98	break;
	99	case TC_ACT_STOLEN:
	100	case TC_ACT_QUEUED:
	101	result = TC_ACT_STOLEN;
	102	break;
	103	case TC_ACT_RECLASSIFY:
	104	case TC_ACT_OK:
	105	skb->tc_index = TC_H_MIN(res.classid);
	106	default:
	107	result = TC_ACT_OK;
	108	break;
3ff50b79	109	}
1da177e4	110	#else
1da177e4 LT	111	result = NF_ACCEPT;
	112	sch->bstats.packets++;
	113	sch->bstats.bytes += skb->len;
1da177e4 LT	114	#endif
	115
	116	return result;
	117	}
	118
13893567	119	#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
58f4df42	120	static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb,
10297b99 YH	121	const struct net_device *indev,
	122	const struct net_device *outdev,
	123	int (okfn)(struct sk_buff ))
1da177e4	124	{
10297b99	125
1da177e4	126	struct Qdisc *q;
10297b99	127	struct net_device *dev = skb->dev;
58f4df42	128	int fwres = NF_ACCEPT;
1da177e4	129
1da177e4	130	if (dev->qdisc_ingress) {
fd44de7c	131	spin_lock(&dev->ingress_lock);
1da177e4 LT	132	if ((q = dev->qdisc_ingress) != NULL)
1da177e4 LT	133	fwres = q->enqueue(skb, q);
fd44de7c	134	spin_unlock(&dev->ingress_lock);
10297b99 YH	135	}
10297b99 YH	136
1da177e4 LT	137	return fwres;
	138	}
	139
	140	/* after ipt_filter */
1999414a	141	static struct nf_hook_ops ing_ops[] __read_mostly = {
41c5b317 PM	142	{
	143	.hook = ing_hook,
	144	.owner = THIS_MODULE,
	145	.pf = PF_INET,
	146	.hooknum = NF_INET_PRE_ROUTING,
	147	.priority = NF_IP_PRI_FILTER + 1,
	148	},
	149	{
	150	.hook = ing_hook,
	151	.owner = THIS_MODULE,
	152	.pf = PF_INET6,
	153	.hooknum = NF_INET_PRE_ROUTING,
	154	.priority = NF_IP6_PRI_FILTER + 1,
	155	},
1da177e4	156	};
1da177e4	157	#endif
1da177e4	158
1e90474c	159	static int ingress_init(struct Qdisc sch, struct nlattr opt)
1da177e4	160	{
13893567	161	#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
1da177e4	162	printk("Ingress scheduler: Classifier actions prefered over netfilter\n");
10297b99	163
1da177e4	164	if (!nf_registered) {
41c5b317	165	if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
1da177e4 LT	166	printk("ingress qdisc registration error \n");
	167	return -EINVAL;
	168	}
	169	nf_registered++;
1da177e4	170	}
1da177e4	171	#endif
1da177e4 LT	172	return 0;
	173	}
	174
1da177e4 LT	175	/* ------------------------------------------------------------- */
	176
	177	static void ingress_destroy(struct Qdisc *sch)
	178	{
cb53c048	179	struct ingress_qdisc_data *p = qdisc_priv(sch);
1da177e4	180
a48b5a61	181	tcf_destroy_chain(p->filter_list);
1da177e4 LT	182	}
1da177e4 LT	183
1da177e4 LT	184	static int ingress_dump(struct Qdisc sch, struct sk_buff skb)
1da177e4 LT	185	{
4b3550ef	186	struct nlattr *nest;
1da177e4	187
4b3550ef PM	188	nest = nla_nest_start(skb, TCA_OPTIONS);
	189	if (nest == NULL)
	190	goto nla_put_failure;
	191	nla_nest_end(skb, nest);
1da177e4 LT	192	return skb->len;
1da177e4 LT	193
1e90474c	194	nla_put_failure:
4b3550ef	195	nla_nest_cancel(skb, nest);
1da177e4 LT	196	return -1;
	197	}
	198
20fea08b	199	static const struct Qdisc_class_ops ingress_class_ops = {
1da177e4 LT	200	.graft = ingress_graft,
	201	.leaf = ingress_leaf,
	202	.get = ingress_get,
	203	.put = ingress_put,
	204	.change = ingress_change,
1da177e4 LT	205	.walk = ingress_walk,
	206	.tcf_chain = ingress_find_tcf,
	207	.bind_tcf = ingress_bind_filter,
	208	.unbind_tcf = ingress_put,
1da177e4 LT	209	};
1da177e4 LT	210
20fea08b	211	static struct Qdisc_ops ingress_qdisc_ops __read_mostly = {
1da177e4 LT	212	.cl_ops = &ingress_class_ops,
	213	.id = "ingress",
	214	.priv_size = sizeof(struct ingress_qdisc_data),
	215	.enqueue = ingress_enqueue,
1da177e4	216	.init = ingress_init,
1da177e4	217	.destroy = ingress_destroy,
1da177e4 LT	218	.dump = ingress_dump,
	219	.owner = THIS_MODULE,
	220	};
	221
	222	static int __init ingress_module_init(void)
	223	{
89168764	224	return register_qdisc(&ingress_qdisc_ops);
1da177e4	225	}
58f4df42	226
10297b99	227	static void __exit ingress_module_exit(void)
1da177e4 LT	228	{
1da177e4 LT	229	unregister_qdisc(&ingress_qdisc_ops);
13893567	230	#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
41c5b317 PM	231	if (nf_registered)
41c5b317 PM	232	nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
1da177e4	233	#endif
1da177e4	234	}
58f4df42	235
1da177e4 LT	236	module_init(ingress_module_init)
	237	module_exit(ingress_module_exit)
	238	MODULE_LICENSE("GPL");