]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/sched/cls_flower.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
skbuff: add and use skb_nfct helper
[mirror_ubuntu-artful-kernel.git] / net / sched / cls_flower.c
1 /*
2 * net/sched/cls_flower.c Flower classifier
3 *
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
17
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
20 #include <linux/ip.h>
21
22 #include <net/sch_generic.h>
23 #include <net/pkt_cls.h>
24 #include <net/ip.h>
25 #include <net/flow_dissector.h>
26
27 #include <net/dst.h>
28 #include <net/dst_metadata.h>
29
30 struct fl_flow_key {
31 int indev_ifindex;
32 struct flow_dissector_key_control control;
33 struct flow_dissector_key_control enc_control;
34 struct flow_dissector_key_basic basic;
35 struct flow_dissector_key_eth_addrs eth;
36 struct flow_dissector_key_vlan vlan;
37 union {
38 struct flow_dissector_key_ipv4_addrs ipv4;
39 struct flow_dissector_key_ipv6_addrs ipv6;
40 };
41 struct flow_dissector_key_ports tp;
42 struct flow_dissector_key_icmp icmp;
43 struct flow_dissector_key_keyid enc_key_id;
44 union {
45 struct flow_dissector_key_ipv4_addrs enc_ipv4;
46 struct flow_dissector_key_ipv6_addrs enc_ipv6;
47 };
48 struct flow_dissector_key_ports enc_tp;
49 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
50
51 struct fl_flow_mask_range {
52 unsigned short int start;
53 unsigned short int end;
54 };
55
56 struct fl_flow_mask {
57 struct fl_flow_key key;
58 struct fl_flow_mask_range range;
59 struct rcu_head rcu;
60 };
61
62 struct cls_fl_head {
63 struct rhashtable ht;
64 struct fl_flow_mask mask;
65 struct flow_dissector dissector;
66 u32 hgen;
67 bool mask_assigned;
68 struct list_head filters;
69 struct rhashtable_params ht_params;
70 union {
71 struct work_struct work;
72 struct rcu_head rcu;
73 };
74 };
75
76 struct cls_fl_filter {
77 struct rhash_head ht_node;
78 struct fl_flow_key mkey;
79 struct tcf_exts exts;
80 struct tcf_result res;
81 struct fl_flow_key key;
82 struct list_head list;
83 u32 handle;
84 u32 flags;
85 struct rcu_head rcu;
86 struct tc_to_netdev tc;
87 struct net_device *hw_dev;
88 };
89
90 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
91 {
92 return mask->range.end - mask->range.start;
93 }
94
95 static void fl_mask_update_range(struct fl_flow_mask *mask)
96 {
97 const u8 *bytes = (const u8 *) &mask->key;
98 size_t size = sizeof(mask->key);
99 size_t i, first = 0, last = size - 1;
100
101 for (i = 0; i < sizeof(mask->key); i++) {
102 if (bytes[i]) {
103 if (!first && i)
104 first = i;
105 last = i;
106 }
107 }
108 mask->range.start = rounddown(first, sizeof(long));
109 mask->range.end = roundup(last + 1, sizeof(long));
110 }
111
112 static void *fl_key_get_start(struct fl_flow_key *key,
113 const struct fl_flow_mask *mask)
114 {
115 return (u8 *) key + mask->range.start;
116 }
117
118 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
119 struct fl_flow_mask *mask)
120 {
121 const long *lkey = fl_key_get_start(key, mask);
122 const long *lmask = fl_key_get_start(&mask->key, mask);
123 long *lmkey = fl_key_get_start(mkey, mask);
124 int i;
125
126 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
127 *lmkey++ = *lkey++ & *lmask++;
128 }
129
130 static void fl_clear_masked_range(struct fl_flow_key *key,
131 struct fl_flow_mask *mask)
132 {
133 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
134 }
135
136 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
137 struct tcf_result *res)
138 {
139 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
140 struct cls_fl_filter *f;
141 struct fl_flow_key skb_key;
142 struct fl_flow_key skb_mkey;
143 struct ip_tunnel_info *info;
144
145 if (!atomic_read(&head->ht.nelems))
146 return -1;
147
148 fl_clear_masked_range(&skb_key, &head->mask);
149
150 info = skb_tunnel_info(skb);
151 if (info) {
152 struct ip_tunnel_key *key = &info->key;
153
154 switch (ip_tunnel_info_af(info)) {
155 case AF_INET:
156 skb_key.enc_ipv4.src = key->u.ipv4.src;
157 skb_key.enc_ipv4.dst = key->u.ipv4.dst;
158 break;
159 case AF_INET6:
160 skb_key.enc_ipv6.src = key->u.ipv6.src;
161 skb_key.enc_ipv6.dst = key->u.ipv6.dst;
162 break;
163 }
164
165 skb_key.enc_key_id.keyid = tunnel_id_to_key32(key->tun_id);
166 skb_key.enc_tp.src = key->tp_src;
167 skb_key.enc_tp.dst = key->tp_dst;
168 }
169
170 skb_key.indev_ifindex = skb->skb_iif;
171 /* skb_flow_dissect() does not set n_proto in case an unknown protocol,
172 * so do it rather here.
173 */
174 skb_key.basic.n_proto = skb->protocol;
175 skb_flow_dissect(skb, &head->dissector, &skb_key, 0);
176
177 fl_set_masked_key(&skb_mkey, &skb_key, &head->mask);
178
179 f = rhashtable_lookup_fast(&head->ht,
180 fl_key_get_start(&skb_mkey, &head->mask),
181 head->ht_params);
182 if (f && !tc_skip_sw(f->flags)) {
183 *res = f->res;
184 return tcf_exts_exec(skb, &f->exts, res);
185 }
186 return -1;
187 }
188
189 static int fl_init(struct tcf_proto *tp)
190 {
191 struct cls_fl_head *head;
192
193 head = kzalloc(sizeof(*head), GFP_KERNEL);
194 if (!head)
195 return -ENOBUFS;
196
197 INIT_LIST_HEAD_RCU(&head->filters);
198 rcu_assign_pointer(tp->root, head);
199
200 return 0;
201 }
202
203 static void fl_destroy_filter(struct rcu_head *head)
204 {
205 struct cls_fl_filter *f = container_of(head, struct cls_fl_filter, rcu);
206
207 tcf_exts_destroy(&f->exts);
208 kfree(f);
209 }
210
211 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f)
212 {
213 struct tc_cls_flower_offload offload = {0};
214 struct net_device *dev = f->hw_dev;
215 struct tc_to_netdev *tc = &f->tc;
216
217 if (!tc_can_offload(dev, tp))
218 return;
219
220 offload.command = TC_CLSFLOWER_DESTROY;
221 offload.cookie = (unsigned long)f;
222
223 tc->type = TC_SETUP_CLSFLOWER;
224 tc->cls_flower = &offload;
225
226 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, tc);
227 }
228
229 static int fl_hw_replace_filter(struct tcf_proto *tp,
230 struct flow_dissector *dissector,
231 struct fl_flow_key *mask,
232 struct cls_fl_filter *f)
233 {
234 struct net_device *dev = tp->q->dev_queue->dev;
235 struct tc_cls_flower_offload offload = {0};
236 struct tc_to_netdev *tc = &f->tc;
237 int err;
238
239 if (!tc_can_offload(dev, tp)) {
240 if (tcf_exts_get_dev(dev, &f->exts, &f->hw_dev) ||
241 (f->hw_dev && !tc_can_offload(f->hw_dev, tp))) {
242 f->hw_dev = dev;
243 return tc_skip_sw(f->flags) ? -EINVAL : 0;
244 }
245 dev = f->hw_dev;
246 tc->egress_dev = true;
247 } else {
248 f->hw_dev = dev;
249 }
250
251 offload.command = TC_CLSFLOWER_REPLACE;
252 offload.cookie = (unsigned long)f;
253 offload.dissector = dissector;
254 offload.mask = mask;
255 offload.key = &f->mkey;
256 offload.exts = &f->exts;
257
258 tc->type = TC_SETUP_CLSFLOWER;
259 tc->cls_flower = &offload;
260
261 err = dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol,
262 tc);
263
264 if (tc_skip_sw(f->flags))
265 return err;
266 return 0;
267 }
268
269 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
270 {
271 struct tc_cls_flower_offload offload = {0};
272 struct net_device *dev = f->hw_dev;
273 struct tc_to_netdev *tc = &f->tc;
274
275 if (!tc_can_offload(dev, tp))
276 return;
277
278 offload.command = TC_CLSFLOWER_STATS;
279 offload.cookie = (unsigned long)f;
280 offload.exts = &f->exts;
281
282 tc->type = TC_SETUP_CLSFLOWER;
283 tc->cls_flower = &offload;
284
285 dev->netdev_ops->ndo_setup_tc(dev, tp->q->handle, tp->protocol, tc);
286 }
287
288 static void __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f)
289 {
290 list_del_rcu(&f->list);
291 if (!tc_skip_hw(f->flags))
292 fl_hw_destroy_filter(tp, f);
293 tcf_unbind_filter(tp, &f->res);
294 call_rcu(&f->rcu, fl_destroy_filter);
295 }
296
297 static void fl_destroy_sleepable(struct work_struct *work)
298 {
299 struct cls_fl_head *head = container_of(work, struct cls_fl_head,
300 work);
301 if (head->mask_assigned)
302 rhashtable_destroy(&head->ht);
303 kfree(head);
304 module_put(THIS_MODULE);
305 }
306
307 static void fl_destroy_rcu(struct rcu_head *rcu)
308 {
309 struct cls_fl_head *head = container_of(rcu, struct cls_fl_head, rcu);
310
311 INIT_WORK(&head->work, fl_destroy_sleepable);
312 schedule_work(&head->work);
313 }
314
315 static bool fl_destroy(struct tcf_proto *tp, bool force)
316 {
317 struct cls_fl_head *head = rtnl_dereference(tp->root);
318 struct cls_fl_filter *f, *next;
319
320 if (!force && !list_empty(&head->filters))
321 return false;
322
323 list_for_each_entry_safe(f, next, &head->filters, list)
324 __fl_delete(tp, f);
325
326 __module_get(THIS_MODULE);
327 call_rcu(&head->rcu, fl_destroy_rcu);
328
329 return true;
330 }
331
332 static unsigned long fl_get(struct tcf_proto *tp, u32 handle)
333 {
334 struct cls_fl_head *head = rtnl_dereference(tp->root);
335 struct cls_fl_filter *f;
336
337 list_for_each_entry(f, &head->filters, list)
338 if (f->handle == handle)
339 return (unsigned long) f;
340 return 0;
341 }
342
343 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
344 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
345 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
346 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
347 .len = IFNAMSIZ },
348 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
349 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
350 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
351 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
352 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
353 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
354 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
355 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
356 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
357 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
358 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
359 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
360 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
361 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
362 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
363 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
364 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
365 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
366 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
367 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
368 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
369 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
370 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
371 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
372 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
373 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
374 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
375 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
376 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
377 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
378 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
379 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
380 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
381 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
382 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
383 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
384 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
385 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
386 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
387 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
388 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
389 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
390 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
391 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
392 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
393 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
394 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
395 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
396 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
397 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
398 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
399 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
400 };
401
402 static void fl_set_key_val(struct nlattr **tb,
403 void *val, int val_type,
404 void *mask, int mask_type, int len)
405 {
406 if (!tb[val_type])
407 return;
408 memcpy(val, nla_data(tb[val_type]), len);
409 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
410 memset(mask, 0xff, len);
411 else
412 memcpy(mask, nla_data(tb[mask_type]), len);
413 }
414
415 static void fl_set_key_vlan(struct nlattr **tb,
416 struct flow_dissector_key_vlan *key_val,
417 struct flow_dissector_key_vlan *key_mask)
418 {
419 #define VLAN_PRIORITY_MASK 0x7
420
421 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
422 key_val->vlan_id =
423 nla_get_u16(tb[TCA_FLOWER_KEY_VLAN_ID]) & VLAN_VID_MASK;
424 key_mask->vlan_id = VLAN_VID_MASK;
425 }
426 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
427 key_val->vlan_priority =
428 nla_get_u8(tb[TCA_FLOWER_KEY_VLAN_PRIO]) &
429 VLAN_PRIORITY_MASK;
430 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
431 }
432 }
433
434 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
435 u32 *dissector_key, u32 *dissector_mask,
436 u32 flower_flag_bit, u32 dissector_flag_bit)
437 {
438 if (flower_mask & flower_flag_bit) {
439 *dissector_mask |= dissector_flag_bit;
440 if (flower_key & flower_flag_bit)
441 *dissector_key |= dissector_flag_bit;
442 }
443 }
444
445 static int fl_set_key_flags(struct nlattr **tb,
446 u32 *flags_key, u32 *flags_mask)
447 {
448 u32 key, mask;
449
450 /* mask is mandatory for flags */
451 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
452 return -EINVAL;
453
454 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
455 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
456
457 *flags_key = 0;
458 *flags_mask = 0;
459
460 fl_set_key_flag(key, mask, flags_key, flags_mask,
461 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
462
463 return 0;
464 }
465
466 static int fl_set_key(struct net *net, struct nlattr **tb,
467 struct fl_flow_key *key, struct fl_flow_key *mask)
468 {
469 __be16 ethertype;
470 int ret = 0;
471 #ifdef CONFIG_NET_CLS_IND
472 if (tb[TCA_FLOWER_INDEV]) {
473 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV]);
474 if (err < 0)
475 return err;
476 key->indev_ifindex = err;
477 mask->indev_ifindex = 0xffffffff;
478 }
479 #endif
480
481 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
482 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
483 sizeof(key->eth.dst));
484 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
485 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
486 sizeof(key->eth.src));
487
488 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
489 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
490
491 if (ethertype == htons(ETH_P_8021Q)) {
492 fl_set_key_vlan(tb, &key->vlan, &mask->vlan);
493 fl_set_key_val(tb, &key->basic.n_proto,
494 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
495 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
496 sizeof(key->basic.n_proto));
497 } else {
498 key->basic.n_proto = ethertype;
499 mask->basic.n_proto = cpu_to_be16(~0);
500 }
501 }
502
503 if (key->basic.n_proto == htons(ETH_P_IP) ||
504 key->basic.n_proto == htons(ETH_P_IPV6)) {
505 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
506 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
507 sizeof(key->basic.ip_proto));
508 }
509
510 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
511 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
512 mask->control.addr_type = ~0;
513 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
514 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
515 sizeof(key->ipv4.src));
516 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
517 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
518 sizeof(key->ipv4.dst));
519 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
520 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
521 mask->control.addr_type = ~0;
522 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
523 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
524 sizeof(key->ipv6.src));
525 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
526 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
527 sizeof(key->ipv6.dst));
528 }
529
530 if (key->basic.ip_proto == IPPROTO_TCP) {
531 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
532 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
533 sizeof(key->tp.src));
534 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
535 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
536 sizeof(key->tp.dst));
537 } else if (key->basic.ip_proto == IPPROTO_UDP) {
538 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
539 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
540 sizeof(key->tp.src));
541 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
542 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
543 sizeof(key->tp.dst));
544 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
545 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
546 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
547 sizeof(key->tp.src));
548 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
549 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
550 sizeof(key->tp.dst));
551 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
552 key->basic.ip_proto == IPPROTO_ICMP) {
553 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
554 &mask->icmp.type,
555 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
556 sizeof(key->icmp.type));
557 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
558 &mask->icmp.code,
559 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
560 sizeof(key->icmp.code));
561 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
562 key->basic.ip_proto == IPPROTO_ICMPV6) {
563 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
564 &mask->icmp.type,
565 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
566 sizeof(key->icmp.type));
567 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
568 &mask->icmp.code,
569 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
570 sizeof(key->icmp.code));
571 }
572
573 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
574 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
575 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
576 mask->enc_control.addr_type = ~0;
577 fl_set_key_val(tb, &key->enc_ipv4.src,
578 TCA_FLOWER_KEY_ENC_IPV4_SRC,
579 &mask->enc_ipv4.src,
580 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
581 sizeof(key->enc_ipv4.src));
582 fl_set_key_val(tb, &key->enc_ipv4.dst,
583 TCA_FLOWER_KEY_ENC_IPV4_DST,
584 &mask->enc_ipv4.dst,
585 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
586 sizeof(key->enc_ipv4.dst));
587 }
588
589 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
590 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
591 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
592 mask->enc_control.addr_type = ~0;
593 fl_set_key_val(tb, &key->enc_ipv6.src,
594 TCA_FLOWER_KEY_ENC_IPV6_SRC,
595 &mask->enc_ipv6.src,
596 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
597 sizeof(key->enc_ipv6.src));
598 fl_set_key_val(tb, &key->enc_ipv6.dst,
599 TCA_FLOWER_KEY_ENC_IPV6_DST,
600 &mask->enc_ipv6.dst,
601 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
602 sizeof(key->enc_ipv6.dst));
603 }
604
605 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
606 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
607 sizeof(key->enc_key_id.keyid));
608
609 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
610 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
611 sizeof(key->enc_tp.src));
612
613 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
614 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
615 sizeof(key->enc_tp.dst));
616
617 if (tb[TCA_FLOWER_KEY_FLAGS])
618 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
619
620 return ret;
621 }
622
623 static bool fl_mask_eq(struct fl_flow_mask *mask1,
624 struct fl_flow_mask *mask2)
625 {
626 const long *lmask1 = fl_key_get_start(&mask1->key, mask1);
627 const long *lmask2 = fl_key_get_start(&mask2->key, mask2);
628
629 return !memcmp(&mask1->range, &mask2->range, sizeof(mask1->range)) &&
630 !memcmp(lmask1, lmask2, fl_mask_range(mask1));
631 }
632
633 static const struct rhashtable_params fl_ht_params = {
634 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
635 .head_offset = offsetof(struct cls_fl_filter, ht_node),
636 .automatic_shrinking = true,
637 };
638
639 static int fl_init_hashtable(struct cls_fl_head *head,
640 struct fl_flow_mask *mask)
641 {
642 head->ht_params = fl_ht_params;
643 head->ht_params.key_len = fl_mask_range(mask);
644 head->ht_params.key_offset += mask->range.start;
645
646 return rhashtable_init(&head->ht, &head->ht_params);
647 }
648
649 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
650 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
651
652 #define FL_KEY_IS_MASKED(mask, member) \
653 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
654 0, FL_KEY_MEMBER_SIZE(member)) \
655
656 #define FL_KEY_SET(keys, cnt, id, member) \
657 do { \
658 keys[cnt].key_id = id; \
659 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
660 cnt++; \
661 } while(0);
662
663 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
664 do { \
665 if (FL_KEY_IS_MASKED(mask, member)) \
666 FL_KEY_SET(keys, cnt, id, member); \
667 } while(0);
668
669 static void fl_init_dissector(struct cls_fl_head *head,
670 struct fl_flow_mask *mask)
671 {
672 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
673 size_t cnt = 0;
674
675 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
676 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
677 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
678 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
679 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
680 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
681 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
682 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
683 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
684 FLOW_DISSECTOR_KEY_PORTS, tp);
685 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
686 FLOW_DISSECTOR_KEY_ICMP, icmp);
687 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
688 FLOW_DISSECTOR_KEY_VLAN, vlan);
689 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
690 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
691 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
692 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
693 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
694 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
695 if (FL_KEY_IS_MASKED(&mask->key, enc_ipv4) ||
696 FL_KEY_IS_MASKED(&mask->key, enc_ipv6))
697 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
698 enc_control);
699 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
700 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
701
702 skb_flow_dissector_init(&head->dissector, keys, cnt);
703 }
704
705 static int fl_check_assign_mask(struct cls_fl_head *head,
706 struct fl_flow_mask *mask)
707 {
708 int err;
709
710 if (head->mask_assigned) {
711 if (!fl_mask_eq(&head->mask, mask))
712 return -EINVAL;
713 else
714 return 0;
715 }
716
717 /* Mask is not assigned yet. So assign it and init hashtable
718 * according to that.
719 */
720 err = fl_init_hashtable(head, mask);
721 if (err)
722 return err;
723 memcpy(&head->mask, mask, sizeof(head->mask));
724 head->mask_assigned = true;
725
726 fl_init_dissector(head, mask);
727
728 return 0;
729 }
730
731 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
732 struct cls_fl_filter *f, struct fl_flow_mask *mask,
733 unsigned long base, struct nlattr **tb,
734 struct nlattr *est, bool ovr)
735 {
736 struct tcf_exts e;
737 int err;
738
739 err = tcf_exts_init(&e, TCA_FLOWER_ACT, 0);
740 if (err < 0)
741 return err;
742 err = tcf_exts_validate(net, tp, tb, est, &e, ovr);
743 if (err < 0)
744 goto errout;
745
746 if (tb[TCA_FLOWER_CLASSID]) {
747 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
748 tcf_bind_filter(tp, &f->res, base);
749 }
750
751 err = fl_set_key(net, tb, &f->key, &mask->key);
752 if (err)
753 goto errout;
754
755 fl_mask_update_range(mask);
756 fl_set_masked_key(&f->mkey, &f->key, mask);
757
758 tcf_exts_change(tp, &f->exts, &e);
759
760 return 0;
761 errout:
762 tcf_exts_destroy(&e);
763 return err;
764 }
765
766 static u32 fl_grab_new_handle(struct tcf_proto *tp,
767 struct cls_fl_head *head)
768 {
769 unsigned int i = 0x80000000;
770 u32 handle;
771
772 do {
773 if (++head->hgen == 0x7FFFFFFF)
774 head->hgen = 1;
775 } while (--i > 0 && fl_get(tp, head->hgen));
776
777 if (unlikely(i == 0)) {
778 pr_err("Insufficient number of handles\n");
779 handle = 0;
780 } else {
781 handle = head->hgen;
782 }
783
784 return handle;
785 }
786
787 static int fl_change(struct net *net, struct sk_buff *in_skb,
788 struct tcf_proto *tp, unsigned long base,
789 u32 handle, struct nlattr **tca,
790 unsigned long *arg, bool ovr)
791 {
792 struct cls_fl_head *head = rtnl_dereference(tp->root);
793 struct cls_fl_filter *fold = (struct cls_fl_filter *) *arg;
794 struct cls_fl_filter *fnew;
795 struct nlattr *tb[TCA_FLOWER_MAX + 1];
796 struct fl_flow_mask mask = {};
797 int err;
798
799 if (!tca[TCA_OPTIONS])
800 return -EINVAL;
801
802 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS], fl_policy);
803 if (err < 0)
804 return err;
805
806 if (fold && handle && fold->handle != handle)
807 return -EINVAL;
808
809 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
810 if (!fnew)
811 return -ENOBUFS;
812
813 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
814 if (err < 0)
815 goto errout;
816
817 if (!handle) {
818 handle = fl_grab_new_handle(tp, head);
819 if (!handle) {
820 err = -EINVAL;
821 goto errout;
822 }
823 }
824 fnew->handle = handle;
825
826 if (tb[TCA_FLOWER_FLAGS]) {
827 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
828
829 if (!tc_flags_valid(fnew->flags)) {
830 err = -EINVAL;
831 goto errout;
832 }
833 }
834
835 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr);
836 if (err)
837 goto errout;
838
839 err = fl_check_assign_mask(head, &mask);
840 if (err)
841 goto errout;
842
843 if (!tc_skip_sw(fnew->flags)) {
844 err = rhashtable_insert_fast(&head->ht, &fnew->ht_node,
845 head->ht_params);
846 if (err)
847 goto errout;
848 }
849
850 if (!tc_skip_hw(fnew->flags)) {
851 err = fl_hw_replace_filter(tp,
852 &head->dissector,
853 &mask.key,
854 fnew);
855 if (err)
856 goto errout;
857 }
858
859 if (fold) {
860 if (!tc_skip_sw(fold->flags))
861 rhashtable_remove_fast(&head->ht, &fold->ht_node,
862 head->ht_params);
863 if (!tc_skip_hw(fold->flags))
864 fl_hw_destroy_filter(tp, fold);
865 }
866
867 *arg = (unsigned long) fnew;
868
869 if (fold) {
870 list_replace_rcu(&fold->list, &fnew->list);
871 tcf_unbind_filter(tp, &fold->res);
872 call_rcu(&fold->rcu, fl_destroy_filter);
873 } else {
874 list_add_tail_rcu(&fnew->list, &head->filters);
875 }
876
877 return 0;
878
879 errout:
880 tcf_exts_destroy(&fnew->exts);
881 kfree(fnew);
882 return err;
883 }
884
885 static int fl_delete(struct tcf_proto *tp, unsigned long arg)
886 {
887 struct cls_fl_head *head = rtnl_dereference(tp->root);
888 struct cls_fl_filter *f = (struct cls_fl_filter *) arg;
889
890 if (!tc_skip_sw(f->flags))
891 rhashtable_remove_fast(&head->ht, &f->ht_node,
892 head->ht_params);
893 __fl_delete(tp, f);
894 return 0;
895 }
896
897 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
898 {
899 struct cls_fl_head *head = rtnl_dereference(tp->root);
900 struct cls_fl_filter *f;
901
902 list_for_each_entry_rcu(f, &head->filters, list) {
903 if (arg->count < arg->skip)
904 goto skip;
905 if (arg->fn(tp, (unsigned long) f, arg) < 0) {
906 arg->stop = 1;
907 break;
908 }
909 skip:
910 arg->count++;
911 }
912 }
913
914 static int fl_dump_key_val(struct sk_buff *skb,
915 void *val, int val_type,
916 void *mask, int mask_type, int len)
917 {
918 int err;
919
920 if (!memchr_inv(mask, 0, len))
921 return 0;
922 err = nla_put(skb, val_type, len, val);
923 if (err)
924 return err;
925 if (mask_type != TCA_FLOWER_UNSPEC) {
926 err = nla_put(skb, mask_type, len, mask);
927 if (err)
928 return err;
929 }
930 return 0;
931 }
932
933 static int fl_dump_key_vlan(struct sk_buff *skb,
934 struct flow_dissector_key_vlan *vlan_key,
935 struct flow_dissector_key_vlan *vlan_mask)
936 {
937 int err;
938
939 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
940 return 0;
941 if (vlan_mask->vlan_id) {
942 err = nla_put_u16(skb, TCA_FLOWER_KEY_VLAN_ID,
943 vlan_key->vlan_id);
944 if (err)
945 return err;
946 }
947 if (vlan_mask->vlan_priority) {
948 err = nla_put_u8(skb, TCA_FLOWER_KEY_VLAN_PRIO,
949 vlan_key->vlan_priority);
950 if (err)
951 return err;
952 }
953 return 0;
954 }
955
956 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
957 u32 *flower_key, u32 *flower_mask,
958 u32 flower_flag_bit, u32 dissector_flag_bit)
959 {
960 if (dissector_mask & dissector_flag_bit) {
961 *flower_mask |= flower_flag_bit;
962 if (dissector_key & dissector_flag_bit)
963 *flower_key |= flower_flag_bit;
964 }
965 }
966
967 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
968 {
969 u32 key, mask;
970 __be32 _key, _mask;
971 int err;
972
973 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
974 return 0;
975
976 key = 0;
977 mask = 0;
978
979 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
980 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
981
982 _key = cpu_to_be32(key);
983 _mask = cpu_to_be32(mask);
984
985 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
986 if (err)
987 return err;
988
989 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
990 }
991
992 static int fl_dump(struct net *net, struct tcf_proto *tp, unsigned long fh,
993 struct sk_buff *skb, struct tcmsg *t)
994 {
995 struct cls_fl_head *head = rtnl_dereference(tp->root);
996 struct cls_fl_filter *f = (struct cls_fl_filter *) fh;
997 struct nlattr *nest;
998 struct fl_flow_key *key, *mask;
999
1000 if (!f)
1001 return skb->len;
1002
1003 t->tcm_handle = f->handle;
1004
1005 nest = nla_nest_start(skb, TCA_OPTIONS);
1006 if (!nest)
1007 goto nla_put_failure;
1008
1009 if (f->res.classid &&
1010 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
1011 goto nla_put_failure;
1012
1013 key = &f->key;
1014 mask = &head->mask.key;
1015
1016 if (mask->indev_ifindex) {
1017 struct net_device *dev;
1018
1019 dev = __dev_get_by_index(net, key->indev_ifindex);
1020 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1021 goto nla_put_failure;
1022 }
1023
1024 if (!tc_skip_hw(f->flags))
1025 fl_hw_update_stats(tp, f);
1026
1027 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1028 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1029 sizeof(key->eth.dst)) ||
1030 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1031 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1032 sizeof(key->eth.src)) ||
1033 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1034 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1035 sizeof(key->basic.n_proto)))
1036 goto nla_put_failure;
1037
1038 if (fl_dump_key_vlan(skb, &key->vlan, &mask->vlan))
1039 goto nla_put_failure;
1040
1041 if ((key->basic.n_proto == htons(ETH_P_IP) ||
1042 key->basic.n_proto == htons(ETH_P_IPV6)) &&
1043 fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1044 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1045 sizeof(key->basic.ip_proto)))
1046 goto nla_put_failure;
1047
1048 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1049 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1050 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1051 sizeof(key->ipv4.src)) ||
1052 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1053 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1054 sizeof(key->ipv4.dst))))
1055 goto nla_put_failure;
1056 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1057 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1058 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1059 sizeof(key->ipv6.src)) ||
1060 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1061 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1062 sizeof(key->ipv6.dst))))
1063 goto nla_put_failure;
1064
1065 if (key->basic.ip_proto == IPPROTO_TCP &&
1066 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1067 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1068 sizeof(key->tp.src)) ||
1069 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1070 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1071 sizeof(key->tp.dst))))
1072 goto nla_put_failure;
1073 else if (key->basic.ip_proto == IPPROTO_UDP &&
1074 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1075 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1076 sizeof(key->tp.src)) ||
1077 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1078 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1079 sizeof(key->tp.dst))))
1080 goto nla_put_failure;
1081 else if (key->basic.ip_proto == IPPROTO_SCTP &&
1082 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1083 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1084 sizeof(key->tp.src)) ||
1085 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1086 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1087 sizeof(key->tp.dst))))
1088 goto nla_put_failure;
1089 else if (key->basic.n_proto == htons(ETH_P_IP) &&
1090 key->basic.ip_proto == IPPROTO_ICMP &&
1091 (fl_dump_key_val(skb, &key->icmp.type,
1092 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
1093 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1094 sizeof(key->icmp.type)) ||
1095 fl_dump_key_val(skb, &key->icmp.code,
1096 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
1097 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1098 sizeof(key->icmp.code))))
1099 goto nla_put_failure;
1100 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1101 key->basic.ip_proto == IPPROTO_ICMPV6 &&
1102 (fl_dump_key_val(skb, &key->icmp.type,
1103 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
1104 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1105 sizeof(key->icmp.type)) ||
1106 fl_dump_key_val(skb, &key->icmp.code,
1107 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
1108 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1109 sizeof(key->icmp.code))))
1110 goto nla_put_failure;
1111
1112 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1113 (fl_dump_key_val(skb, &key->enc_ipv4.src,
1114 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
1115 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1116 sizeof(key->enc_ipv4.src)) ||
1117 fl_dump_key_val(skb, &key->enc_ipv4.dst,
1118 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
1119 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1120 sizeof(key->enc_ipv4.dst))))
1121 goto nla_put_failure;
1122 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1123 (fl_dump_key_val(skb, &key->enc_ipv6.src,
1124 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
1125 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1126 sizeof(key->enc_ipv6.src)) ||
1127 fl_dump_key_val(skb, &key->enc_ipv6.dst,
1128 TCA_FLOWER_KEY_ENC_IPV6_DST,
1129 &mask->enc_ipv6.dst,
1130 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1131 sizeof(key->enc_ipv6.dst))))
1132 goto nla_put_failure;
1133
1134 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
1135 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
1136 sizeof(key->enc_key_id)) ||
1137 fl_dump_key_val(skb, &key->enc_tp.src,
1138 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1139 &mask->enc_tp.src,
1140 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1141 sizeof(key->enc_tp.src)) ||
1142 fl_dump_key_val(skb, &key->enc_tp.dst,
1143 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1144 &mask->enc_tp.dst,
1145 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1146 sizeof(key->enc_tp.dst)))
1147 goto nla_put_failure;
1148
1149 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
1150 goto nla_put_failure;
1151
1152 nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags);
1153
1154 if (tcf_exts_dump(skb, &f->exts))
1155 goto nla_put_failure;
1156
1157 nla_nest_end(skb, nest);
1158
1159 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
1160 goto nla_put_failure;
1161
1162 return skb->len;
1163
1164 nla_put_failure:
1165 nla_nest_cancel(skb, nest);
1166 return -1;
1167 }
1168
1169 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
1170 .kind = "flower",
1171 .classify = fl_classify,
1172 .init = fl_init,
1173 .destroy = fl_destroy,
1174 .get = fl_get,
1175 .change = fl_change,
1176 .delete = fl_delete,
1177 .walk = fl_walk,
1178 .dump = fl_dump,
1179 .owner = THIS_MODULE,
1180 };
1181
1182 static int __init cls_fl_init(void)
1183 {
1184 return register_tcf_proto_ops(&cls_fl_ops);
1185 }
1186
1187 static void __exit cls_fl_exit(void)
1188 {
1189 unregister_tcf_proto_ops(&cls_fl_ops);
1190 }
1191
1192 module_init(cls_fl_init);
1193 module_exit(cls_fl_exit);
1194
1195 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
1196 MODULE_DESCRIPTION("Flower classifier");
1197 MODULE_LICENSE("GPL v2");
Ubuntu Artful kernel mirror