[thirdparty/linux.git] / net / netfilter / nft_bitwise.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
 *
 * Development of this code funded by Astaro AG (http://www.astaro.com/)
 */

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/netlink.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables_core.h>
#include <net/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables_offload.h>

struct nft_bitwise {
	enum nft_registers	sreg:8;
	enum nft_registers	dreg:8;
	enum nft_bitwise_ops	op:8;
	u8			len;
	struct nft_data		mask;
	struct nft_data		xor;
};

void nft_bitwise_eval(const struct nft_expr *expr,
		      struct nft_regs *regs, const struct nft_pktinfo *pkt)
{
	const struct nft_bitwise *priv = nft_expr_priv(expr);
	const u32 *src = &regs->data[priv->sreg];
	u32 *dst = &regs->data[priv->dreg];
	unsigned int i;

	for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++)
		dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i];
}

static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
	[NFTA_BITWISE_SREG]	= { .type = NLA_U32 },
	[NFTA_BITWISE_DREG]	= { .type = NLA_U32 },
	[NFTA_BITWISE_LEN]	= { .type = NLA_U32 },
	[NFTA_BITWISE_MASK]	= { .type = NLA_NESTED },
	[NFTA_BITWISE_XOR]	= { .type = NLA_NESTED },
	[NFTA_BITWISE_OP]	= { .type = NLA_U32 },
};

static int nft_bitwise_init(const struct nft_ctx *ctx,
			    const struct nft_expr *expr,
			    const struct nlattr * const tb[])
{
	struct nft_bitwise *priv = nft_expr_priv(expr);
	struct nft_data_desc d1, d2;
	u32 len;
	int err;

	if (!tb[NFTA_BITWISE_SREG] ||
	    !tb[NFTA_BITWISE_DREG] ||
	    !tb[NFTA_BITWISE_LEN]  ||
	    !tb[NFTA_BITWISE_MASK] ||
	    !tb[NFTA_BITWISE_XOR])
		return -EINVAL;

	err = nft_parse_u32_check(tb[NFTA_BITWISE_LEN], U8_MAX, &len);
	if (err < 0)
		return err;

	priv->len = len;

	priv->sreg = nft_parse_register(tb[NFTA_BITWISE_SREG]);
	err = nft_validate_register_load(priv->sreg, priv->len);
	if (err < 0)
		return err;

	priv->dreg = nft_parse_register(tb[NFTA_BITWISE_DREG]);
	err = nft_validate_register_store(ctx, priv->dreg, NULL,
					  NFT_DATA_VALUE, priv->len);
	if (err < 0)
		return err;

	if (tb[NFTA_BITWISE_OP]) {
		priv->op = ntohl(nla_get_be32(tb[NFTA_BITWISE_OP]));
		switch (priv->op) {
		case NFT_BITWISE_BOOL:
			break;
		default:
			return -EOPNOTSUPP;
		}
	} else {
		priv->op = NFT_BITWISE_BOOL;
	}

	err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1,
			    tb[NFTA_BITWISE_MASK]);
	if (err < 0)
		return err;
	if (d1.type != NFT_DATA_VALUE || d1.len != priv->len) {
		err = -EINVAL;
		goto err1;
	}

	err = nft_data_init(NULL, &priv->xor, sizeof(priv->xor), &d2,
			    tb[NFTA_BITWISE_XOR]);
	if (err < 0)
		goto err1;
	if (d2.type != NFT_DATA_VALUE || d2.len != priv->len) {
		err = -EINVAL;
		goto err2;
	}

	return 0;
err2:
	nft_data_release(&priv->xor, d2.type);
err1:
	nft_data_release(&priv->mask, d1.type);
	return err;
}

static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
{
	const struct nft_bitwise *priv = nft_expr_priv(expr);

	if (nft_dump_register(skb, NFTA_BITWISE_SREG, priv->sreg))
		return -1;
	if (nft_dump_register(skb, NFTA_BITWISE_DREG, priv->dreg))
		return -1;
	if (nla_put_be32(skb, NFTA_BITWISE_LEN, htonl(priv->len)))
		return -1;
	if (nla_put_be32(skb, NFTA_BITWISE_OP, htonl(priv->op)))
		return -1;

	if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask,
			  NFT_DATA_VALUE, priv->len) < 0)
		return -1;

	if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor,
			  NFT_DATA_VALUE, priv->len) < 0)
		return -1;

	return 0;
}

static struct nft_data zero;

static int nft_bitwise_offload(struct nft_offload_ctx *ctx,
			       struct nft_flow_rule *flow,
			       const struct nft_expr *expr)
{
	const struct nft_bitwise *priv = nft_expr_priv(expr);
	struct nft_offload_reg *reg = &ctx->regs[priv->dreg];

	if (memcmp(&priv->xor, &zero, sizeof(priv->xor)) ||
	    priv->sreg != priv->dreg || priv->len != reg->len)
		return -EOPNOTSUPP;

	memcpy(&reg->mask, &priv->mask, sizeof(priv->mask));

	return 0;
}

static const struct nft_expr_ops nft_bitwise_ops = {
	.type		= &nft_bitwise_type,
	.size		= NFT_EXPR_SIZE(sizeof(struct nft_bitwise)),
	.eval		= nft_bitwise_eval,
	.init		= nft_bitwise_init,
	.dump		= nft_bitwise_dump,
	.offload	= nft_bitwise_offload,
};

struct nft_expr_type nft_bitwise_type __read_mostly = {
	.name		= "bitwise",
	.ops		= &nft_bitwise_ops,
	.policy		= nft_bitwise_policy,
	.maxattr	= NFTA_BITWISE_MAX,
	.owner		= THIS_MODULE,
};
Commit	Line	Data
d2912cb1	1	// SPDX-License-Identifier: GPL-2.0-only
96518518	2	/*
ef1f7df9	3	* Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
96518518	4	*
96518518 PM	5	* Development of this code funded by Astaro AG (http://www.astaro.com/)
	6	*/
	7
	8	#include <linux/kernel.h>
	9	#include <linux/init.h>
	10	#include <linux/module.h>
	11	#include <linux/netlink.h>
	12	#include <linux/netfilter.h>
	13	#include <linux/netfilter/nf_tables.h>
	14	#include <net/netfilter/nf_tables_core.h>
	15	#include <net/netfilter/nf_tables.h>
bd8699e9	16	#include <net/netfilter/nf_tables_offload.h>
96518518 PM	17
	18	struct nft_bitwise {
	19	enum nft_registers sreg:8;
	20	enum nft_registers dreg:8;
9d1f9799	21	enum nft_bitwise_ops op:8;
96518518 PM	22	u8 len;
	23	struct nft_data mask;
	24	struct nft_data xor;
	25	};
	26
10870dd8 FW	27	void nft_bitwise_eval(const struct nft_expr *expr,
10870dd8 FW	28	struct nft_regs regs, const struct nft_pktinfo pkt)
96518518 PM	29	{
96518518 PM	30	const struct nft_bitwise *priv = nft_expr_priv(expr);
49499c3e PM	31	const u32 *src = &regs->data[priv->sreg];
49499c3e PM	32	u32 *dst = &regs->data[priv->dreg];
96518518 PM	33	unsigned int i;
96518518 PM	34
fad136ea PM	35	for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++)
fad136ea PM	36	dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i];
96518518 PM	37	}
	38
	39	static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
	40	[NFTA_BITWISE_SREG] = { .type = NLA_U32 },
	41	[NFTA_BITWISE_DREG] = { .type = NLA_U32 },
	42	[NFTA_BITWISE_LEN] = { .type = NLA_U32 },
	43	[NFTA_BITWISE_MASK] = { .type = NLA_NESTED },
	44	[NFTA_BITWISE_XOR] = { .type = NLA_NESTED },
9d1f9799	45	[NFTA_BITWISE_OP] = { .type = NLA_U32 },
96518518 PM	46	};
	47
	48	static int nft_bitwise_init(const struct nft_ctx *ctx,
	49	const struct nft_expr *expr,
	50	const struct nlattr * const tb[])
	51	{
	52	struct nft_bitwise *priv = nft_expr_priv(expr);
	53	struct nft_data_desc d1, d2;
36b701fa	54	u32 len;
96518518 PM	55	int err;
96518518 PM	56
265ec7b0 JS	57	if (!tb[NFTA_BITWISE_SREG] \|\|
	58	!tb[NFTA_BITWISE_DREG] \|\|
	59	!tb[NFTA_BITWISE_LEN] \|\|
	60	!tb[NFTA_BITWISE_MASK] \|\|
	61	!tb[NFTA_BITWISE_XOR])
96518518 PM	62	return -EINVAL;
96518518 PM	63
36b701fa LGL	64	err = nft_parse_u32_check(tb[NFTA_BITWISE_LEN], U8_MAX, &len);
	65	if (err < 0)
	66	return err;
	67
	68	priv->len = len;
	69
b1c96ed3	70	priv->sreg = nft_parse_register(tb[NFTA_BITWISE_SREG]);
d07db988	71	err = nft_validate_register_load(priv->sreg, priv->len);
96518518 PM	72	if (err < 0)
	73	return err;
	74
b1c96ed3	75	priv->dreg = nft_parse_register(tb[NFTA_BITWISE_DREG]);
1ec10212 PM	76	err = nft_validate_register_store(ctx, priv->dreg, NULL,
1ec10212 PM	77	NFT_DATA_VALUE, priv->len);
96518518 PM	78	if (err < 0)
	79	return err;
	80
9d1f9799 JS	81	if (tb[NFTA_BITWISE_OP]) {
	82	priv->op = ntohl(nla_get_be32(tb[NFTA_BITWISE_OP]));
	83	switch (priv->op) {
	84	case NFT_BITWISE_BOOL:
	85	break;
	86	default:
	87	return -EOPNOTSUPP;
	88	}
	89	} else {
	90	priv->op = NFT_BITWISE_BOOL;
	91	}
	92
d0a11fc3 PM	93	err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1,
d0a11fc3 PM	94	tb[NFTA_BITWISE_MASK]);
96518518 PM	95	if (err < 0)
96518518 PM	96	return err;
0d2c96af	97	if (d1.type != NFT_DATA_VALUE \|\| d1.len != priv->len) {
71df14b0 PNA	98	err = -EINVAL;
	99	goto err1;
	100	}
96518518	101
d0a11fc3 PM	102	err = nft_data_init(NULL, &priv->xor, sizeof(priv->xor), &d2,
d0a11fc3 PM	103	tb[NFTA_BITWISE_XOR]);
96518518	104	if (err < 0)
71df14b0	105	goto err1;
0d2c96af	106	if (d2.type != NFT_DATA_VALUE \|\| d2.len != priv->len) {
71df14b0 PNA	107	err = -EINVAL;
	108	goto err2;
	109	}
96518518 PM	110
96518518 PM	111	return 0;
71df14b0	112	err2:
59105446	113	nft_data_release(&priv->xor, d2.type);
71df14b0	114	err1:
59105446	115	nft_data_release(&priv->mask, d1.type);
71df14b0	116	return err;
96518518 PM	117	}
	118
	119	static int nft_bitwise_dump(struct sk_buff skb, const struct nft_expr expr)
	120	{
	121	const struct nft_bitwise *priv = nft_expr_priv(expr);
	122
b1c96ed3	123	if (nft_dump_register(skb, NFTA_BITWISE_SREG, priv->sreg))
577c734a	124	return -1;
b1c96ed3	125	if (nft_dump_register(skb, NFTA_BITWISE_DREG, priv->dreg))
577c734a	126	return -1;
96518518	127	if (nla_put_be32(skb, NFTA_BITWISE_LEN, htonl(priv->len)))
577c734a	128	return -1;
9d1f9799 JS	129	if (nla_put_be32(skb, NFTA_BITWISE_OP, htonl(priv->op)))
9d1f9799 JS	130	return -1;
96518518 PM	131
	132	if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask,
	133	NFT_DATA_VALUE, priv->len) < 0)
577c734a	134	return -1;
96518518 PM	135
	136	if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor,
	137	NFT_DATA_VALUE, priv->len) < 0)
577c734a	138	return -1;
96518518 PM	139
96518518 PM	140	return 0;
96518518 PM	141	}
96518518 PM	142
bd8699e9 PNA	143	static struct nft_data zero;
	144
	145	static int nft_bitwise_offload(struct nft_offload_ctx *ctx,
fbf19ddf JS	146	struct nft_flow_rule *flow,
fbf19ddf JS	147	const struct nft_expr *expr)
bd8699e9 PNA	148	{
bd8699e9 PNA	149	const struct nft_bitwise *priv = nft_expr_priv(expr);
de2a6052	150	struct nft_offload_reg *reg = &ctx->regs[priv->dreg];
bd8699e9	151
83c156d3	152	if (memcmp(&priv->xor, &zero, sizeof(priv->xor)) \|\|
de2a6052	153	priv->sreg != priv->dreg \|\| priv->len != reg->len)
bd8699e9 PNA	154	return -EOPNOTSUPP;
bd8699e9 PNA	155
de2a6052	156	memcpy(&reg->mask, &priv->mask, sizeof(priv->mask));
bd8699e9 PNA	157
	158	return 0;
	159	}
	160
ef1f7df9 PM	161	static const struct nft_expr_ops nft_bitwise_ops = {
ef1f7df9 PM	162	.type = &nft_bitwise_type,
96518518	163	.size = NFT_EXPR_SIZE(sizeof(struct nft_bitwise)),
96518518 PM	164	.eval = nft_bitwise_eval,
	165	.init = nft_bitwise_init,
	166	.dump = nft_bitwise_dump,
bd8699e9	167	.offload = nft_bitwise_offload,
ef1f7df9 PM	168	};
ef1f7df9 PM	169
4e24877e	170	struct nft_expr_type nft_bitwise_type __read_mostly = {
ef1f7df9 PM	171	.name = "bitwise",
ef1f7df9 PM	172	.ops = &nft_bitwise_ops,
96518518 PM	173	.policy = nft_bitwise_policy,
96518518 PM	174	.maxattr = NFTA_BITWISE_MAX,
ef1f7df9	175	.owner = THIS_MODULE,
96518518	176	};