]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/sched/cls_api.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net_sched: initialize net pointer inside tcf_exts_init()
[mirror_ubuntu-bionic-kernel.git] / net / sched / cls_api.c
1 /*
2 * net/sched/cls_api.c Packet classifier API.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10 *
11 * Changes:
12 *
13 * Eduardo J. Blanco <ejbs@netlabs.com.uy> :990222: kmod support
14 *
15 */
16
17 #include <linux/module.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/string.h>
21 #include <linux/errno.h>
22 #include <linux/err.h>
23 #include <linux/skbuff.h>
24 #include <linux/init.h>
25 #include <linux/kmod.h>
26 #include <linux/slab.h>
27 #include <net/net_namespace.h>
28 #include <net/sock.h>
29 #include <net/netlink.h>
30 #include <net/pkt_sched.h>
31 #include <net/pkt_cls.h>
32
33 /* The list of all installed classifier types */
34 static LIST_HEAD(tcf_proto_base);
35
36 /* Protects list of registered TC modules. It is pure SMP lock. */
37 static DEFINE_RWLOCK(cls_mod_lock);
38
39 /* Find classifier type by string name */
40
41 static const struct tcf_proto_ops *tcf_proto_lookup_ops(const char *kind)
42 {
43 const struct tcf_proto_ops *t, *res = NULL;
44
45 if (kind) {
46 read_lock(&cls_mod_lock);
47 list_for_each_entry(t, &tcf_proto_base, head) {
48 if (strcmp(kind, t->kind) == 0) {
49 if (try_module_get(t->owner))
50 res = t;
51 break;
52 }
53 }
54 read_unlock(&cls_mod_lock);
55 }
56 return res;
57 }
58
59 /* Register(unregister) new classifier type */
60
61 int register_tcf_proto_ops(struct tcf_proto_ops *ops)
62 {
63 struct tcf_proto_ops *t;
64 int rc = -EEXIST;
65
66 write_lock(&cls_mod_lock);
67 list_for_each_entry(t, &tcf_proto_base, head)
68 if (!strcmp(ops->kind, t->kind))
69 goto out;
70
71 list_add_tail(&ops->head, &tcf_proto_base);
72 rc = 0;
73 out:
74 write_unlock(&cls_mod_lock);
75 return rc;
76 }
77 EXPORT_SYMBOL(register_tcf_proto_ops);
78
79 static struct workqueue_struct *tc_filter_wq;
80
81 int unregister_tcf_proto_ops(struct tcf_proto_ops *ops)
82 {
83 struct tcf_proto_ops *t;
84 int rc = -ENOENT;
85
86 /* Wait for outstanding call_rcu()s, if any, from a
87 * tcf_proto_ops's destroy() handler.
88 */
89 rcu_barrier();
90 flush_workqueue(tc_filter_wq);
91
92 write_lock(&cls_mod_lock);
93 list_for_each_entry(t, &tcf_proto_base, head) {
94 if (t == ops) {
95 list_del(&t->head);
96 rc = 0;
97 break;
98 }
99 }
100 write_unlock(&cls_mod_lock);
101 return rc;
102 }
103 EXPORT_SYMBOL(unregister_tcf_proto_ops);
104
105 bool tcf_queue_work(struct rcu_work *rwork, work_func_t func)
106 {
107 INIT_RCU_WORK(rwork, func);
108 return queue_rcu_work(tc_filter_wq, rwork);
109 }
110 EXPORT_SYMBOL(tcf_queue_work);
111
112 /* Select new prio value from the range, managed by kernel. */
113
114 static inline u32 tcf_auto_prio(struct tcf_proto *tp)
115 {
116 u32 first = TC_H_MAKE(0xC0000000U, 0U);
117
118 if (tp)
119 first = tp->prio - 1;
120
121 return TC_H_MAJ(first);
122 }
123
124 static struct tcf_proto *tcf_proto_create(const char *kind, u32 protocol,
125 u32 prio, u32 parent, struct Qdisc *q,
126 struct tcf_chain *chain)
127 {
128 struct tcf_proto *tp;
129 int err;
130
131 tp = kzalloc(sizeof(*tp), GFP_KERNEL);
132 if (!tp)
133 return ERR_PTR(-ENOBUFS);
134
135 err = -ENOENT;
136 tp->ops = tcf_proto_lookup_ops(kind);
137 if (!tp->ops) {
138 #ifdef CONFIG_MODULES
139 rtnl_unlock();
140 request_module("cls_%s", kind);
141 rtnl_lock();
142 tp->ops = tcf_proto_lookup_ops(kind);
143 /* We dropped the RTNL semaphore in order to perform
144 * the module load. So, even if we succeeded in loading
145 * the module we have to replay the request. We indicate
146 * this using -EAGAIN.
147 */
148 if (tp->ops) {
149 module_put(tp->ops->owner);
150 err = -EAGAIN;
151 } else {
152 err = -ENOENT;
153 }
154 #endif
155 goto errout;
156 }
157 tp->classify = tp->ops->classify;
158 tp->protocol = protocol;
159 tp->prio = prio;
160 tp->classid = parent;
161 tp->q = q;
162 tp->chain = chain;
163
164 err = tp->ops->init(tp);
165 if (err) {
166 module_put(tp->ops->owner);
167 goto errout;
168 }
169 return tp;
170
171 errout:
172 kfree(tp);
173 return ERR_PTR(err);
174 }
175
176 static void tcf_proto_destroy(struct tcf_proto *tp)
177 {
178 tp->ops->destroy(tp);
179 module_put(tp->ops->owner);
180 kfree_rcu(tp, rcu);
181 }
182
183 static struct tcf_chain *tcf_chain_create(struct tcf_block *block,
184 u32 chain_index)
185 {
186 struct tcf_chain *chain;
187
188 chain = kzalloc(sizeof(*chain), GFP_KERNEL);
189 if (!chain)
190 return NULL;
191 list_add_tail(&chain->list, &block->chain_list);
192 chain->block = block;
193 chain->index = chain_index;
194 chain->refcnt = 1;
195 return chain;
196 }
197
198 static void tcf_chain_head_change(struct tcf_chain *chain,
199 struct tcf_proto *tp_head)
200 {
201 if (chain->chain_head_change)
202 chain->chain_head_change(tp_head,
203 chain->chain_head_change_priv);
204 }
205
206 static void tcf_chain_flush(struct tcf_chain *chain)
207 {
208 struct tcf_proto *tp = rtnl_dereference(chain->filter_chain);
209
210 tcf_chain_head_change(chain, NULL);
211 while (tp) {
212 RCU_INIT_POINTER(chain->filter_chain, tp->next);
213 tcf_proto_destroy(tp);
214 tp = rtnl_dereference(chain->filter_chain);
215 tcf_chain_put(chain);
216 }
217 }
218
219 static void tcf_chain_destroy(struct tcf_chain *chain)
220 {
221 struct tcf_block *block = chain->block;
222
223 list_del(&chain->list);
224 kfree(chain);
225 if (list_empty(&block->chain_list))
226 kfree(block);
227 }
228
229 static void tcf_chain_hold(struct tcf_chain *chain)
230 {
231 ++chain->refcnt;
232 }
233
234 struct tcf_chain *tcf_chain_get(struct tcf_block *block, u32 chain_index,
235 bool create)
236 {
237 struct tcf_chain *chain;
238
239 list_for_each_entry(chain, &block->chain_list, list) {
240 if (chain->index == chain_index) {
241 tcf_chain_hold(chain);
242 return chain;
243 }
244 }
245
246 return create ? tcf_chain_create(block, chain_index) : NULL;
247 }
248 EXPORT_SYMBOL(tcf_chain_get);
249
250 void tcf_chain_put(struct tcf_chain *chain)
251 {
252 if (--chain->refcnt == 0)
253 tcf_chain_destroy(chain);
254 }
255 EXPORT_SYMBOL(tcf_chain_put);
256
257 static void tcf_block_offload_cmd(struct tcf_block *block, struct Qdisc *q,
258 struct tcf_block_ext_info *ei,
259 enum tc_block_command command)
260 {
261 struct net_device *dev = q->dev_queue->dev;
262 struct tc_block_offload bo = {};
263
264 if (!dev->netdev_ops->ndo_setup_tc)
265 return;
266 bo.command = command;
267 bo.binder_type = ei->binder_type;
268 bo.block = block;
269 dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_BLOCK, &bo);
270 }
271
272 static void tcf_block_offload_bind(struct tcf_block *block, struct Qdisc *q,
273 struct tcf_block_ext_info *ei)
274 {
275 tcf_block_offload_cmd(block, q, ei, TC_BLOCK_BIND);
276 }
277
278 static void tcf_block_offload_unbind(struct tcf_block *block, struct Qdisc *q,
279 struct tcf_block_ext_info *ei)
280 {
281 tcf_block_offload_cmd(block, q, ei, TC_BLOCK_UNBIND);
282 }
283
284 int tcf_block_get_ext(struct tcf_block **p_block, struct Qdisc *q,
285 struct tcf_block_ext_info *ei)
286 {
287 struct tcf_block *block = kzalloc(sizeof(*block), GFP_KERNEL);
288 struct tcf_chain *chain;
289 int err;
290
291 if (!block)
292 return -ENOMEM;
293 INIT_LIST_HEAD(&block->chain_list);
294 INIT_LIST_HEAD(&block->cb_list);
295
296 /* Create chain 0 by default, it has to be always present. */
297 chain = tcf_chain_create(block, 0);
298 if (!chain) {
299 err = -ENOMEM;
300 goto err_chain_create;
301 }
302 WARN_ON(!ei->chain_head_change);
303 chain->chain_head_change = ei->chain_head_change;
304 chain->chain_head_change_priv = ei->chain_head_change_priv;
305 block->net = qdisc_net(q);
306 block->q = q;
307 tcf_block_offload_bind(block, q, ei);
308 *p_block = block;
309 return 0;
310
311 err_chain_create:
312 kfree(block);
313 return err;
314 }
315 EXPORT_SYMBOL(tcf_block_get_ext);
316
317 static void tcf_chain_head_change_dflt(struct tcf_proto *tp_head, void *priv)
318 {
319 struct tcf_proto __rcu **p_filter_chain = priv;
320
321 rcu_assign_pointer(*p_filter_chain, tp_head);
322 }
323
324 int tcf_block_get(struct tcf_block **p_block,
325 struct tcf_proto __rcu **p_filter_chain, struct Qdisc *q)
326 {
327 struct tcf_block_ext_info ei = {
328 .chain_head_change = tcf_chain_head_change_dflt,
329 .chain_head_change_priv = p_filter_chain,
330 };
331
332 WARN_ON(!p_filter_chain);
333 return tcf_block_get_ext(p_block, q, &ei);
334 }
335 EXPORT_SYMBOL(tcf_block_get);
336
337 /* XXX: Standalone actions are not allowed to jump to any chain, and bound
338 * actions should be all removed after flushing.
339 */
340 void tcf_block_put_ext(struct tcf_block *block, struct Qdisc *q,
341 struct tcf_block_ext_info *ei)
342 {
343 struct tcf_chain *chain, *tmp;
344
345 if (!block)
346 return;
347 /* Hold a refcnt for all chains, so that they don't disappear
348 * while we are iterating.
349 */
350 list_for_each_entry(chain, &block->chain_list, list)
351 tcf_chain_hold(chain);
352
353 list_for_each_entry(chain, &block->chain_list, list)
354 tcf_chain_flush(chain);
355
356 tcf_block_offload_unbind(block, q, ei);
357
358 /* At this point, all the chains should have refcnt >= 1. */
359 list_for_each_entry_safe(chain, tmp, &block->chain_list, list)
360 tcf_chain_put(chain);
361
362 /* Finally, put chain 0 and allow block to be freed. */
363 chain = list_first_entry(&block->chain_list, struct tcf_chain, list);
364 tcf_chain_put(chain);
365 }
366 EXPORT_SYMBOL(tcf_block_put_ext);
367
368 void tcf_block_put(struct tcf_block *block)
369 {
370 struct tcf_block_ext_info ei = {0, };
371
372 if (!block)
373 return;
374 tcf_block_put_ext(block, block->q, &ei);
375 }
376
377 EXPORT_SYMBOL(tcf_block_put);
378
379 struct tcf_block_cb {
380 struct list_head list;
381 tc_setup_cb_t *cb;
382 void *cb_ident;
383 void *cb_priv;
384 unsigned int refcnt;
385 };
386
387 void *tcf_block_cb_priv(struct tcf_block_cb *block_cb)
388 {
389 return block_cb->cb_priv;
390 }
391 EXPORT_SYMBOL(tcf_block_cb_priv);
392
393 struct tcf_block_cb *tcf_block_cb_lookup(struct tcf_block *block,
394 tc_setup_cb_t *cb, void *cb_ident)
395 { struct tcf_block_cb *block_cb;
396
397 list_for_each_entry(block_cb, &block->cb_list, list)
398 if (block_cb->cb == cb && block_cb->cb_ident == cb_ident)
399 return block_cb;
400 return NULL;
401 }
402 EXPORT_SYMBOL(tcf_block_cb_lookup);
403
404 void tcf_block_cb_incref(struct tcf_block_cb *block_cb)
405 {
406 block_cb->refcnt++;
407 }
408 EXPORT_SYMBOL(tcf_block_cb_incref);
409
410 unsigned int tcf_block_cb_decref(struct tcf_block_cb *block_cb)
411 {
412 return --block_cb->refcnt;
413 }
414 EXPORT_SYMBOL(tcf_block_cb_decref);
415
416 struct tcf_block_cb *__tcf_block_cb_register(struct tcf_block *block,
417 tc_setup_cb_t *cb, void *cb_ident,
418 void *cb_priv)
419 {
420 struct tcf_block_cb *block_cb;
421
422 block_cb = kzalloc(sizeof(*block_cb), GFP_KERNEL);
423 if (!block_cb)
424 return NULL;
425 block_cb->cb = cb;
426 block_cb->cb_ident = cb_ident;
427 block_cb->cb_priv = cb_priv;
428 list_add(&block_cb->list, &block->cb_list);
429 return block_cb;
430 }
431 EXPORT_SYMBOL(__tcf_block_cb_register);
432
433 int tcf_block_cb_register(struct tcf_block *block,
434 tc_setup_cb_t *cb, void *cb_ident,
435 void *cb_priv)
436 {
437 struct tcf_block_cb *block_cb;
438
439 block_cb = __tcf_block_cb_register(block, cb, cb_ident, cb_priv);
440 return block_cb ? 0 : -ENOMEM;
441 }
442 EXPORT_SYMBOL(tcf_block_cb_register);
443
444 void __tcf_block_cb_unregister(struct tcf_block_cb *block_cb)
445 {
446 list_del(&block_cb->list);
447 kfree(block_cb);
448 }
449 EXPORT_SYMBOL(__tcf_block_cb_unregister);
450
451 void tcf_block_cb_unregister(struct tcf_block *block,
452 tc_setup_cb_t *cb, void *cb_ident)
453 {
454 struct tcf_block_cb *block_cb;
455
456 block_cb = tcf_block_cb_lookup(block, cb, cb_ident);
457 if (!block_cb)
458 return;
459 __tcf_block_cb_unregister(block_cb);
460 }
461 EXPORT_SYMBOL(tcf_block_cb_unregister);
462
463 static int tcf_block_cb_call(struct tcf_block *block, enum tc_setup_type type,
464 void *type_data, bool err_stop)
465 {
466 struct tcf_block_cb *block_cb;
467 int ok_count = 0;
468 int err;
469
470 list_for_each_entry(block_cb, &block->cb_list, list) {
471 err = block_cb->cb(type, type_data, block_cb->cb_priv);
472 if (err) {
473 if (err_stop)
474 return err;
475 } else {
476 ok_count++;
477 }
478 }
479 return ok_count;
480 }
481
482 /* Main classifier routine: scans classifier chain attached
483 * to this qdisc, (optionally) tests for protocol and asks
484 * specific classifiers.
485 */
486 int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp,
487 struct tcf_result *res, bool compat_mode)
488 {
489 __be16 protocol = tc_skb_protocol(skb);
490 #ifdef CONFIG_NET_CLS_ACT
491 const int max_reclassify_loop = 4;
492 const struct tcf_proto *orig_tp = tp;
493 const struct tcf_proto *first_tp;
494 int limit = 0;
495
496 reclassify:
497 #endif
498 for (; tp; tp = rcu_dereference_bh(tp->next)) {
499 int err;
500
501 if (tp->protocol != protocol &&
502 tp->protocol != htons(ETH_P_ALL))
503 continue;
504
505 err = tp->classify(skb, tp, res);
506 #ifdef CONFIG_NET_CLS_ACT
507 if (unlikely(err == TC_ACT_RECLASSIFY && !compat_mode)) {
508 first_tp = orig_tp;
509 goto reset;
510 } else if (unlikely(TC_ACT_EXT_CMP(err, TC_ACT_GOTO_CHAIN))) {
511 first_tp = res->goto_tp;
512 goto reset;
513 }
514 #endif
515 if (err >= 0)
516 return err;
517 }
518
519 return TC_ACT_UNSPEC; /* signal: continue lookup */
520 #ifdef CONFIG_NET_CLS_ACT
521 reset:
522 if (unlikely(limit++ >= max_reclassify_loop)) {
523 net_notice_ratelimited("%s: reclassify loop, rule prio %u, protocol %02x\n",
524 tp->q->ops->id, tp->prio & 0xffff,
525 ntohs(tp->protocol));
526 return TC_ACT_SHOT;
527 }
528
529 tp = first_tp;
530 protocol = tc_skb_protocol(skb);
531 goto reclassify;
532 #endif
533 }
534 EXPORT_SYMBOL(tcf_classify);
535
536 struct tcf_chain_info {
537 struct tcf_proto __rcu **pprev;
538 struct tcf_proto __rcu *next;
539 };
540
541 static struct tcf_proto *tcf_chain_tp_prev(struct tcf_chain_info *chain_info)
542 {
543 return rtnl_dereference(*chain_info->pprev);
544 }
545
546 static void tcf_chain_tp_insert(struct tcf_chain *chain,
547 struct tcf_chain_info *chain_info,
548 struct tcf_proto *tp)
549 {
550 if (*chain_info->pprev == chain->filter_chain)
551 tcf_chain_head_change(chain, tp);
552 RCU_INIT_POINTER(tp->next, tcf_chain_tp_prev(chain_info));
553 rcu_assign_pointer(*chain_info->pprev, tp);
554 tcf_chain_hold(chain);
555 }
556
557 static void tcf_chain_tp_remove(struct tcf_chain *chain,
558 struct tcf_chain_info *chain_info,
559 struct tcf_proto *tp)
560 {
561 struct tcf_proto *next = rtnl_dereference(chain_info->next);
562
563 if (tp == chain->filter_chain)
564 tcf_chain_head_change(chain, next);
565 RCU_INIT_POINTER(*chain_info->pprev, next);
566 tcf_chain_put(chain);
567 }
568
569 static struct tcf_proto *tcf_chain_tp_find(struct tcf_chain *chain,
570 struct tcf_chain_info *chain_info,
571 u32 protocol, u32 prio,
572 bool prio_allocate)
573 {
574 struct tcf_proto **pprev;
575 struct tcf_proto *tp;
576
577 /* Check the chain for existence of proto-tcf with this priority */
578 for (pprev = &chain->filter_chain;
579 (tp = rtnl_dereference(*pprev)); pprev = &tp->next) {
580 if (tp->prio >= prio) {
581 if (tp->prio == prio) {
582 if (prio_allocate ||
583 (tp->protocol != protocol && protocol))
584 return ERR_PTR(-EINVAL);
585 } else {
586 tp = NULL;
587 }
588 break;
589 }
590 }
591 chain_info->pprev = pprev;
592 chain_info->next = tp ? tp->next : NULL;
593 return tp;
594 }
595
596 static int tcf_fill_node(struct net *net, struct sk_buff *skb,
597 struct tcf_proto *tp, struct Qdisc *q, u32 parent,
598 void *fh, u32 portid, u32 seq, u16 flags, int event)
599 {
600 struct tcmsg *tcm;
601 struct nlmsghdr *nlh;
602 unsigned char *b = skb_tail_pointer(skb);
603
604 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*tcm), flags);
605 if (!nlh)
606 goto out_nlmsg_trim;
607 tcm = nlmsg_data(nlh);
608 tcm->tcm_family = AF_UNSPEC;
609 tcm->tcm__pad1 = 0;
610 tcm->tcm__pad2 = 0;
611 tcm->tcm_ifindex = qdisc_dev(q)->ifindex;
612 tcm->tcm_parent = parent;
613 tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol);
614 if (nla_put_string(skb, TCA_KIND, tp->ops->kind))
615 goto nla_put_failure;
616 if (nla_put_u32(skb, TCA_CHAIN, tp->chain->index))
617 goto nla_put_failure;
618 if (!fh) {
619 tcm->tcm_handle = 0;
620 } else {
621 if (tp->ops->dump && tp->ops->dump(net, tp, fh, skb, tcm) < 0)
622 goto nla_put_failure;
623 }
624 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
625 return skb->len;
626
627 out_nlmsg_trim:
628 nla_put_failure:
629 nlmsg_trim(skb, b);
630 return -1;
631 }
632
633 static int tfilter_notify(struct net *net, struct sk_buff *oskb,
634 struct nlmsghdr *n, struct tcf_proto *tp,
635 struct Qdisc *q, u32 parent,
636 void *fh, int event, bool unicast)
637 {
638 struct sk_buff *skb;
639 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
640
641 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
642 if (!skb)
643 return -ENOBUFS;
644
645 if (tcf_fill_node(net, skb, tp, q, parent, fh, portid, n->nlmsg_seq,
646 n->nlmsg_flags, event) <= 0) {
647 kfree_skb(skb);
648 return -EINVAL;
649 }
650
651 if (unicast)
652 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
653
654 return rtnetlink_send(skb, net, portid, RTNLGRP_TC,
655 n->nlmsg_flags & NLM_F_ECHO);
656 }
657
658 static int tfilter_del_notify(struct net *net, struct sk_buff *oskb,
659 struct nlmsghdr *n, struct tcf_proto *tp,
660 struct Qdisc *q, u32 parent,
661 void *fh, bool unicast, bool *last)
662 {
663 struct sk_buff *skb;
664 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
665 int err;
666
667 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
668 if (!skb)
669 return -ENOBUFS;
670
671 if (tcf_fill_node(net, skb, tp, q, parent, fh, portid, n->nlmsg_seq,
672 n->nlmsg_flags, RTM_DELTFILTER) <= 0) {
673 kfree_skb(skb);
674 return -EINVAL;
675 }
676
677 err = tp->ops->delete(tp, fh, last);
678 if (err) {
679 kfree_skb(skb);
680 return err;
681 }
682
683 if (unicast)
684 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
685
686 return rtnetlink_send(skb, net, portid, RTNLGRP_TC,
687 n->nlmsg_flags & NLM_F_ECHO);
688 }
689
690 static void tfilter_notify_chain(struct net *net, struct sk_buff *oskb,
691 struct Qdisc *q, u32 parent,
692 struct nlmsghdr *n,
693 struct tcf_chain *chain, int event)
694 {
695 struct tcf_proto *tp;
696
697 for (tp = rtnl_dereference(chain->filter_chain);
698 tp; tp = rtnl_dereference(tp->next))
699 tfilter_notify(net, oskb, n, tp, q, parent, 0, event, false);
700 }
701
702 /* Add/change/delete/get a filter node */
703
704 static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
705 struct netlink_ext_ack *extack)
706 {
707 struct net *net = sock_net(skb->sk);
708 struct nlattr *tca[TCA_MAX + 1];
709 struct tcmsg *t;
710 u32 protocol;
711 u32 prio;
712 bool prio_allocate;
713 u32 parent;
714 u32 chain_index;
715 struct net_device *dev;
716 struct Qdisc *q;
717 struct tcf_chain_info chain_info;
718 struct tcf_chain *chain = NULL;
719 struct tcf_block *block;
720 struct tcf_proto *tp;
721 const struct Qdisc_class_ops *cops;
722 unsigned long cl;
723 void *fh;
724 int err;
725 int tp_created;
726
727 if ((n->nlmsg_type != RTM_GETTFILTER) &&
728 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
729 return -EPERM;
730
731 replay:
732 tp_created = 0;
733
734 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL, extack);
735 if (err < 0)
736 return err;
737
738 t = nlmsg_data(n);
739 protocol = TC_H_MIN(t->tcm_info);
740 prio = TC_H_MAJ(t->tcm_info);
741 prio_allocate = false;
742 parent = t->tcm_parent;
743 cl = 0;
744
745 if (prio == 0) {
746 switch (n->nlmsg_type) {
747 case RTM_DELTFILTER:
748 if (protocol || t->tcm_handle || tca[TCA_KIND])
749 return -ENOENT;
750 break;
751 case RTM_NEWTFILTER:
752 /* If no priority is provided by the user,
753 * we allocate one.
754 */
755 if (n->nlmsg_flags & NLM_F_CREATE) {
756 prio = TC_H_MAKE(0x80000000U, 0U);
757 prio_allocate = true;
758 break;
759 }
760 /* fall-through */
761 default:
762 return -ENOENT;
763 }
764 }
765
766 /* Find head of filter chain. */
767
768 /* Find link */
769 dev = __dev_get_by_index(net, t->tcm_ifindex);
770 if (dev == NULL)
771 return -ENODEV;
772
773 /* Find qdisc */
774 if (!parent) {
775 q = dev->qdisc;
776 parent = q->handle;
777 } else {
778 q = qdisc_lookup(dev, TC_H_MAJ(t->tcm_parent));
779 if (q == NULL)
780 return -EINVAL;
781 }
782
783 /* Is it classful? */
784 cops = q->ops->cl_ops;
785 if (!cops)
786 return -EINVAL;
787
788 if (!cops->tcf_block)
789 return -EOPNOTSUPP;
790
791 /* Do we search for filter, attached to class? */
792 if (TC_H_MIN(parent)) {
793 cl = cops->find(q, parent);
794 if (cl == 0)
795 return -ENOENT;
796 }
797
798 /* And the last stroke */
799 block = cops->tcf_block(q, cl);
800 if (!block) {
801 err = -EINVAL;
802 goto errout;
803 }
804
805 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
806 if (chain_index > TC_ACT_EXT_VAL_MASK) {
807 err = -EINVAL;
808 goto errout;
809 }
810 chain = tcf_chain_get(block, chain_index,
811 n->nlmsg_type == RTM_NEWTFILTER);
812 if (!chain) {
813 err = n->nlmsg_type == RTM_NEWTFILTER ? -ENOMEM : -EINVAL;
814 goto errout;
815 }
816
817 if (n->nlmsg_type == RTM_DELTFILTER && prio == 0) {
818 tfilter_notify_chain(net, skb, q, parent, n,
819 chain, RTM_DELTFILTER);
820 tcf_chain_flush(chain);
821 err = 0;
822 goto errout;
823 }
824
825 tp = tcf_chain_tp_find(chain, &chain_info, protocol,
826 prio, prio_allocate);
827 if (IS_ERR(tp)) {
828 err = PTR_ERR(tp);
829 goto errout;
830 }
831
832 if (tp == NULL) {
833 /* Proto-tcf does not exist, create new one */
834
835 if (tca[TCA_KIND] == NULL || !protocol) {
836 err = -EINVAL;
837 goto errout;
838 }
839
840 if (n->nlmsg_type != RTM_NEWTFILTER ||
841 !(n->nlmsg_flags & NLM_F_CREATE)) {
842 err = -ENOENT;
843 goto errout;
844 }
845
846 if (prio_allocate)
847 prio = tcf_auto_prio(tcf_chain_tp_prev(&chain_info));
848
849 tp = tcf_proto_create(nla_data(tca[TCA_KIND]),
850 protocol, prio, parent, q, chain);
851 if (IS_ERR(tp)) {
852 err = PTR_ERR(tp);
853 goto errout;
854 }
855 tp_created = 1;
856 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
857 err = -EINVAL;
858 goto errout;
859 }
860
861 fh = tp->ops->get(tp, t->tcm_handle);
862
863 if (!fh) {
864 if (n->nlmsg_type == RTM_DELTFILTER && t->tcm_handle == 0) {
865 tcf_chain_tp_remove(chain, &chain_info, tp);
866 tfilter_notify(net, skb, n, tp, q, parent, fh,
867 RTM_DELTFILTER, false);
868 tcf_proto_destroy(tp);
869 err = 0;
870 goto errout;
871 }
872
873 if (n->nlmsg_type != RTM_NEWTFILTER ||
874 !(n->nlmsg_flags & NLM_F_CREATE)) {
875 err = -ENOENT;
876 goto errout;
877 }
878 } else {
879 bool last;
880
881 switch (n->nlmsg_type) {
882 case RTM_NEWTFILTER:
883 if (n->nlmsg_flags & NLM_F_EXCL) {
884 if (tp_created)
885 tcf_proto_destroy(tp);
886 err = -EEXIST;
887 goto errout;
888 }
889 break;
890 case RTM_DELTFILTER:
891 err = tfilter_del_notify(net, skb, n, tp, q, parent,
892 fh, false, &last);
893 if (err)
894 goto errout;
895 if (last) {
896 tcf_chain_tp_remove(chain, &chain_info, tp);
897 tcf_proto_destroy(tp);
898 }
899 goto errout;
900 case RTM_GETTFILTER:
901 err = tfilter_notify(net, skb, n, tp, q, parent, fh,
902 RTM_NEWTFILTER, true);
903 goto errout;
904 default:
905 err = -EINVAL;
906 goto errout;
907 }
908 }
909
910 err = tp->ops->change(net, skb, tp, cl, t->tcm_handle, tca, &fh,
911 n->nlmsg_flags & NLM_F_CREATE ? TCA_ACT_NOREPLACE : TCA_ACT_REPLACE);
912 if (err == 0) {
913 if (tp_created)
914 tcf_chain_tp_insert(chain, &chain_info, tp);
915 tfilter_notify(net, skb, n, tp, q, parent, fh,
916 RTM_NEWTFILTER, false);
917 } else {
918 if (tp_created)
919 tcf_proto_destroy(tp);
920 }
921
922 errout:
923 if (chain)
924 tcf_chain_put(chain);
925 if (err == -EAGAIN)
926 /* Replay the request. */
927 goto replay;
928 return err;
929 }
930
931 struct tcf_dump_args {
932 struct tcf_walker w;
933 struct sk_buff *skb;
934 struct netlink_callback *cb;
935 struct Qdisc *q;
936 u32 parent;
937 };
938
939 static int tcf_node_dump(struct tcf_proto *tp, void *n, struct tcf_walker *arg)
940 {
941 struct tcf_dump_args *a = (void *)arg;
942 struct net *net = sock_net(a->skb->sk);
943
944 return tcf_fill_node(net, a->skb, tp, a->q, a->parent,
945 n, NETLINK_CB(a->cb->skb).portid,
946 a->cb->nlh->nlmsg_seq, NLM_F_MULTI,
947 RTM_NEWTFILTER);
948 }
949
950 static bool tcf_chain_dump(struct tcf_chain *chain, struct Qdisc *q, u32 parent,
951 struct sk_buff *skb, struct netlink_callback *cb,
952 long index_start, long *p_index)
953 {
954 struct net *net = sock_net(skb->sk);
955 struct tcmsg *tcm = nlmsg_data(cb->nlh);
956 struct tcf_dump_args arg;
957 struct tcf_proto *tp;
958
959 for (tp = rtnl_dereference(chain->filter_chain);
960 tp; tp = rtnl_dereference(tp->next), (*p_index)++) {
961 if (*p_index < index_start)
962 continue;
963 if (TC_H_MAJ(tcm->tcm_info) &&
964 TC_H_MAJ(tcm->tcm_info) != tp->prio)
965 continue;
966 if (TC_H_MIN(tcm->tcm_info) &&
967 TC_H_MIN(tcm->tcm_info) != tp->protocol)
968 continue;
969 if (*p_index > index_start)
970 memset(&cb->args[1], 0,
971 sizeof(cb->args) - sizeof(cb->args[0]));
972 if (cb->args[1] == 0) {
973 if (tcf_fill_node(net, skb, tp, q, parent, 0,
974 NETLINK_CB(cb->skb).portid,
975 cb->nlh->nlmsg_seq, NLM_F_MULTI,
976 RTM_NEWTFILTER) <= 0)
977 return false;
978
979 cb->args[1] = 1;
980 }
981 if (!tp->ops->walk)
982 continue;
983 arg.w.fn = tcf_node_dump;
984 arg.skb = skb;
985 arg.cb = cb;
986 arg.q = q;
987 arg.parent = parent;
988 arg.w.stop = 0;
989 arg.w.skip = cb->args[1] - 1;
990 arg.w.count = 0;
991 tp->ops->walk(tp, &arg.w);
992 cb->args[1] = arg.w.count + 1;
993 if (arg.w.stop)
994 return false;
995 }
996 return true;
997 }
998
999 /* called with RTNL */
1000 static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
1001 {
1002 struct net *net = sock_net(skb->sk);
1003 struct nlattr *tca[TCA_MAX + 1];
1004 struct net_device *dev;
1005 struct Qdisc *q;
1006 struct tcf_block *block;
1007 struct tcf_chain *chain;
1008 struct tcmsg *tcm = nlmsg_data(cb->nlh);
1009 unsigned long cl = 0;
1010 const struct Qdisc_class_ops *cops;
1011 long index_start;
1012 long index;
1013 u32 parent;
1014 int err;
1015
1016 if (nlmsg_len(cb->nlh) < sizeof(*tcm))
1017 return skb->len;
1018
1019 err = nlmsg_parse(cb->nlh, sizeof(*tcm), tca, TCA_MAX, NULL, NULL);
1020 if (err)
1021 return err;
1022
1023 dev = __dev_get_by_index(net, tcm->tcm_ifindex);
1024 if (!dev)
1025 return skb->len;
1026
1027 parent = tcm->tcm_parent;
1028 if (!parent) {
1029 q = dev->qdisc;
1030 parent = q->handle;
1031 } else {
1032 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
1033 }
1034 if (!q)
1035 goto out;
1036 cops = q->ops->cl_ops;
1037 if (!cops)
1038 goto out;
1039 if (!cops->tcf_block)
1040 goto out;
1041 if (TC_H_MIN(tcm->tcm_parent)) {
1042 cl = cops->find(q, tcm->tcm_parent);
1043 if (cl == 0)
1044 goto out;
1045 }
1046 block = cops->tcf_block(q, cl);
1047 if (!block)
1048 goto out;
1049
1050 index_start = cb->args[0];
1051 index = 0;
1052
1053 list_for_each_entry(chain, &block->chain_list, list) {
1054 if (tca[TCA_CHAIN] &&
1055 nla_get_u32(tca[TCA_CHAIN]) != chain->index)
1056 continue;
1057 if (!tcf_chain_dump(chain, q, parent, skb, cb,
1058 index_start, &index)) {
1059 err = -EMSGSIZE;
1060 break;
1061 }
1062 }
1063
1064 cb->args[0] = index;
1065
1066 out:
1067 /* If we did no progress, the error (EMSGSIZE) is real */
1068 if (skb->len == 0 && err)
1069 return err;
1070 return skb->len;
1071 }
1072
1073 void tcf_exts_destroy(struct tcf_exts *exts)
1074 {
1075 #ifdef CONFIG_NET_CLS_ACT
1076 LIST_HEAD(actions);
1077
1078 ASSERT_RTNL();
1079 tcf_exts_to_list(exts, &actions);
1080 tcf_action_destroy(&actions, TCA_ACT_UNBIND);
1081 kfree(exts->actions);
1082 exts->nr_actions = 0;
1083 #endif
1084 }
1085 EXPORT_SYMBOL(tcf_exts_destroy);
1086
1087 int tcf_exts_validate(struct net *net, struct tcf_proto *tp, struct nlattr **tb,
1088 struct nlattr *rate_tlv, struct tcf_exts *exts, bool ovr)
1089 {
1090 #ifdef CONFIG_NET_CLS_ACT
1091 {
1092 struct tc_action *act;
1093
1094 if (exts->police && tb[exts->police]) {
1095 act = tcf_action_init_1(net, tp, tb[exts->police],
1096 rate_tlv, "police", ovr,
1097 TCA_ACT_BIND);
1098 if (IS_ERR(act))
1099 return PTR_ERR(act);
1100
1101 act->type = exts->type = TCA_OLD_COMPAT;
1102 exts->actions[0] = act;
1103 exts->nr_actions = 1;
1104 } else if (exts->action && tb[exts->action]) {
1105 LIST_HEAD(actions);
1106 int err, i = 0;
1107
1108 err = tcf_action_init(net, tp, tb[exts->action],
1109 rate_tlv, NULL, ovr, TCA_ACT_BIND,
1110 &actions);
1111 if (err)
1112 return err;
1113 list_for_each_entry(act, &actions, list)
1114 exts->actions[i++] = act;
1115 exts->nr_actions = i;
1116 }
1117 }
1118 #else
1119 if ((exts->action && tb[exts->action]) ||
1120 (exts->police && tb[exts->police]))
1121 return -EOPNOTSUPP;
1122 #endif
1123
1124 return 0;
1125 }
1126 EXPORT_SYMBOL(tcf_exts_validate);
1127
1128 void tcf_exts_change(struct tcf_exts *dst, struct tcf_exts *src)
1129 {
1130 #ifdef CONFIG_NET_CLS_ACT
1131 struct tcf_exts old = *dst;
1132
1133 *dst = *src;
1134 tcf_exts_destroy(&old);
1135 #endif
1136 }
1137 EXPORT_SYMBOL(tcf_exts_change);
1138
1139 #ifdef CONFIG_NET_CLS_ACT
1140 static struct tc_action *tcf_exts_first_act(struct tcf_exts *exts)
1141 {
1142 if (exts->nr_actions == 0)
1143 return NULL;
1144 else
1145 return exts->actions[0];
1146 }
1147 #endif
1148
1149 int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts)
1150 {
1151 #ifdef CONFIG_NET_CLS_ACT
1152 struct nlattr *nest;
1153
1154 if (exts->action && tcf_exts_has_actions(exts)) {
1155 /*
1156 * again for backward compatible mode - we want
1157 * to work with both old and new modes of entering
1158 * tc data even if iproute2 was newer - jhs
1159 */
1160 if (exts->type != TCA_OLD_COMPAT) {
1161 LIST_HEAD(actions);
1162
1163 nest = nla_nest_start(skb, exts->action);
1164 if (nest == NULL)
1165 goto nla_put_failure;
1166
1167 tcf_exts_to_list(exts, &actions);
1168 if (tcf_action_dump(skb, &actions, 0, 0) < 0)
1169 goto nla_put_failure;
1170 nla_nest_end(skb, nest);
1171 } else if (exts->police) {
1172 struct tc_action *act = tcf_exts_first_act(exts);
1173 nest = nla_nest_start(skb, exts->police);
1174 if (nest == NULL || !act)
1175 goto nla_put_failure;
1176 if (tcf_action_dump_old(skb, act, 0, 0) < 0)
1177 goto nla_put_failure;
1178 nla_nest_end(skb, nest);
1179 }
1180 }
1181 return 0;
1182
1183 nla_put_failure:
1184 nla_nest_cancel(skb, nest);
1185 return -1;
1186 #else
1187 return 0;
1188 #endif
1189 }
1190 EXPORT_SYMBOL(tcf_exts_dump);
1191
1192
1193 int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts)
1194 {
1195 #ifdef CONFIG_NET_CLS_ACT
1196 struct tc_action *a = tcf_exts_first_act(exts);
1197 if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0)
1198 return -1;
1199 #endif
1200 return 0;
1201 }
1202 EXPORT_SYMBOL(tcf_exts_dump_stats);
1203
1204 static int tc_exts_setup_cb_egdev_call(struct tcf_exts *exts,
1205 enum tc_setup_type type,
1206 void *type_data, bool err_stop)
1207 {
1208 int ok_count = 0;
1209 #ifdef CONFIG_NET_CLS_ACT
1210 const struct tc_action *a;
1211 struct net_device *dev;
1212 int i, ret;
1213
1214 if (!tcf_exts_has_actions(exts))
1215 return 0;
1216
1217 for (i = 0; i < exts->nr_actions; i++) {
1218 a = exts->actions[i];
1219 if (!a->ops->get_dev)
1220 continue;
1221 dev = a->ops->get_dev(a);
1222 if (!dev)
1223 continue;
1224 ret = tc_setup_cb_egdev_call(dev, type, type_data, err_stop);
1225 if (ret < 0)
1226 return ret;
1227 ok_count += ret;
1228 }
1229 #endif
1230 return ok_count;
1231 }
1232
1233 int tc_setup_cb_call(struct tcf_block *block, struct tcf_exts *exts,
1234 enum tc_setup_type type, void *type_data, bool err_stop)
1235 {
1236 int ok_count;
1237 int ret;
1238
1239 ret = tcf_block_cb_call(block, type, type_data, err_stop);
1240 if (ret < 0)
1241 return ret;
1242 ok_count = ret;
1243
1244 if (!exts || ok_count)
1245 return ok_count;
1246 ret = tc_exts_setup_cb_egdev_call(exts, type, type_data, err_stop);
1247 if (ret < 0)
1248 return ret;
1249 ok_count += ret;
1250
1251 return ok_count;
1252 }
1253 EXPORT_SYMBOL(tc_setup_cb_call);
1254
1255 static int __init tc_filter_init(void)
1256 {
1257 tc_filter_wq = alloc_ordered_workqueue("tc_filter_workqueue", 0);
1258 if (!tc_filter_wq)
1259 return -ENOMEM;
1260
1261 rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_ctl_tfilter, NULL, 0);
1262 rtnl_register(PF_UNSPEC, RTM_DELTFILTER, tc_ctl_tfilter, NULL, 0);
1263 rtnl_register(PF_UNSPEC, RTM_GETTFILTER, tc_ctl_tfilter,
1264 tc_dump_tfilter, 0);
1265
1266 return 0;
1267 }
1268
1269 subsys_initcall(tc_filter_init);
ubuntu-bionic-kernel mirror