]> git.ipfire.org Git - thirdparty/linux.git/blob - net/sched/cls_flower.c
projects / thirdparty / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net: sched: flower: don't call synchronize_rcu() on mask creation
[thirdparty/linux.git] / net / sched / cls_flower.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * net/sched/cls_flower.c Flower classifier
4 *
5 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
6 */
7
8 #include <linux/kernel.h>
9 #include <linux/init.h>
10 #include <linux/module.h>
11 #include <linux/rhashtable.h>
12 #include <linux/workqueue.h>
13 #include <linux/refcount.h>
14
15 #include <linux/if_ether.h>
16 #include <linux/in6.h>
17 #include <linux/ip.h>
18 #include <linux/mpls.h>
19
20 #include <net/sch_generic.h>
21 #include <net/pkt_cls.h>
22 #include <net/ip.h>
23 #include <net/flow_dissector.h>
24 #include <net/geneve.h>
25
26 #include <net/dst.h>
27 #include <net/dst_metadata.h>
28
29 struct fl_flow_key {
30 int indev_ifindex;
31 struct flow_dissector_key_control control;
32 struct flow_dissector_key_control enc_control;
33 struct flow_dissector_key_basic basic;
34 struct flow_dissector_key_eth_addrs eth;
35 struct flow_dissector_key_vlan vlan;
36 struct flow_dissector_key_vlan cvlan;
37 union {
38 struct flow_dissector_key_ipv4_addrs ipv4;
39 struct flow_dissector_key_ipv6_addrs ipv6;
40 };
41 struct flow_dissector_key_ports tp;
42 struct flow_dissector_key_icmp icmp;
43 struct flow_dissector_key_arp arp;
44 struct flow_dissector_key_keyid enc_key_id;
45 union {
46 struct flow_dissector_key_ipv4_addrs enc_ipv4;
47 struct flow_dissector_key_ipv6_addrs enc_ipv6;
48 };
49 struct flow_dissector_key_ports enc_tp;
50 struct flow_dissector_key_mpls mpls;
51 struct flow_dissector_key_tcp tcp;
52 struct flow_dissector_key_ip ip;
53 struct flow_dissector_key_ip enc_ip;
54 struct flow_dissector_key_enc_opts enc_opts;
55 struct flow_dissector_key_ports tp_min;
56 struct flow_dissector_key_ports tp_max;
57 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
58
59 struct fl_flow_mask_range {
60 unsigned short int start;
61 unsigned short int end;
62 };
63
64 struct fl_flow_mask {
65 struct fl_flow_key key;
66 struct fl_flow_mask_range range;
67 u32 flags;
68 struct rhash_head ht_node;
69 struct rhashtable ht;
70 struct rhashtable_params filter_ht_params;
71 struct flow_dissector dissector;
72 struct list_head filters;
73 struct rcu_work rwork;
74 struct list_head list;
75 refcount_t refcnt;
76 };
77
78 struct fl_flow_tmplt {
79 struct fl_flow_key dummy_key;
80 struct fl_flow_key mask;
81 struct flow_dissector dissector;
82 struct tcf_chain *chain;
83 };
84
85 struct cls_fl_head {
86 struct rhashtable ht;
87 spinlock_t masks_lock; /* Protect masks list */
88 struct list_head masks;
89 struct list_head hw_filters;
90 struct rcu_work rwork;
91 struct idr handle_idr;
92 };
93
94 struct cls_fl_filter {
95 struct fl_flow_mask *mask;
96 struct rhash_head ht_node;
97 struct fl_flow_key mkey;
98 struct tcf_exts exts;
99 struct tcf_result res;
100 struct fl_flow_key key;
101 struct list_head list;
102 struct list_head hw_list;
103 u32 handle;
104 u32 flags;
105 u32 in_hw_count;
106 struct rcu_work rwork;
107 struct net_device *hw_dev;
108 /* Flower classifier is unlocked, which means that its reference counter
109 * can be changed concurrently without any kind of external
110 * synchronization. Use atomic reference counter to be concurrency-safe.
111 */
112 refcount_t refcnt;
113 bool deleted;
114 };
115
116 static const struct rhashtable_params mask_ht_params = {
117 .key_offset = offsetof(struct fl_flow_mask, key),
118 .key_len = sizeof(struct fl_flow_key),
119 .head_offset = offsetof(struct fl_flow_mask, ht_node),
120 .automatic_shrinking = true,
121 };
122
123 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
124 {
125 return mask->range.end - mask->range.start;
126 }
127
128 static void fl_mask_update_range(struct fl_flow_mask *mask)
129 {
130 const u8 *bytes = (const u8 *) &mask->key;
131 size_t size = sizeof(mask->key);
132 size_t i, first = 0, last;
133
134 for (i = 0; i < size; i++) {
135 if (bytes[i]) {
136 first = i;
137 break;
138 }
139 }
140 last = first;
141 for (i = size - 1; i != first; i--) {
142 if (bytes[i]) {
143 last = i;
144 break;
145 }
146 }
147 mask->range.start = rounddown(first, sizeof(long));
148 mask->range.end = roundup(last + 1, sizeof(long));
149 }
150
151 static void *fl_key_get_start(struct fl_flow_key *key,
152 const struct fl_flow_mask *mask)
153 {
154 return (u8 *) key + mask->range.start;
155 }
156
157 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
158 struct fl_flow_mask *mask)
159 {
160 const long *lkey = fl_key_get_start(key, mask);
161 const long *lmask = fl_key_get_start(&mask->key, mask);
162 long *lmkey = fl_key_get_start(mkey, mask);
163 int i;
164
165 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
166 *lmkey++ = *lkey++ & *lmask++;
167 }
168
169 static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
170 struct fl_flow_mask *mask)
171 {
172 const long *lmask = fl_key_get_start(&mask->key, mask);
173 const long *ltmplt;
174 int i;
175
176 if (!tmplt)
177 return true;
178 ltmplt = fl_key_get_start(&tmplt->mask, mask);
179 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
180 if (~*ltmplt++ & *lmask++)
181 return false;
182 }
183 return true;
184 }
185
186 static void fl_clear_masked_range(struct fl_flow_key *key,
187 struct fl_flow_mask *mask)
188 {
189 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
190 }
191
192 static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
193 struct fl_flow_key *key,
194 struct fl_flow_key *mkey)
195 {
196 __be16 min_mask, max_mask, min_val, max_val;
197
198 min_mask = htons(filter->mask->key.tp_min.dst);
199 max_mask = htons(filter->mask->key.tp_max.dst);
200 min_val = htons(filter->key.tp_min.dst);
201 max_val = htons(filter->key.tp_max.dst);
202
203 if (min_mask && max_mask) {
204 if (htons(key->tp.dst) < min_val ||
205 htons(key->tp.dst) > max_val)
206 return false;
207
208 /* skb does not have min and max values */
209 mkey->tp_min.dst = filter->mkey.tp_min.dst;
210 mkey->tp_max.dst = filter->mkey.tp_max.dst;
211 }
212 return true;
213 }
214
215 static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
216 struct fl_flow_key *key,
217 struct fl_flow_key *mkey)
218 {
219 __be16 min_mask, max_mask, min_val, max_val;
220
221 min_mask = htons(filter->mask->key.tp_min.src);
222 max_mask = htons(filter->mask->key.tp_max.src);
223 min_val = htons(filter->key.tp_min.src);
224 max_val = htons(filter->key.tp_max.src);
225
226 if (min_mask && max_mask) {
227 if (htons(key->tp.src) < min_val ||
228 htons(key->tp.src) > max_val)
229 return false;
230
231 /* skb does not have min and max values */
232 mkey->tp_min.src = filter->mkey.tp_min.src;
233 mkey->tp_max.src = filter->mkey.tp_max.src;
234 }
235 return true;
236 }
237
238 static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
239 struct fl_flow_key *mkey)
240 {
241 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
242 mask->filter_ht_params);
243 }
244
245 static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
246 struct fl_flow_key *mkey,
247 struct fl_flow_key *key)
248 {
249 struct cls_fl_filter *filter, *f;
250
251 list_for_each_entry_rcu(filter, &mask->filters, list) {
252 if (!fl_range_port_dst_cmp(filter, key, mkey))
253 continue;
254
255 if (!fl_range_port_src_cmp(filter, key, mkey))
256 continue;
257
258 f = __fl_lookup(mask, mkey);
259 if (f)
260 return f;
261 }
262 return NULL;
263 }
264
265 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
266 struct fl_flow_key *mkey,
267 struct fl_flow_key *key)
268 {
269 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
270 return fl_lookup_range(mask, mkey, key);
271
272 return __fl_lookup(mask, mkey);
273 }
274
275 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
276 struct tcf_result *res)
277 {
278 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
279 struct cls_fl_filter *f;
280 struct fl_flow_mask *mask;
281 struct fl_flow_key skb_key;
282 struct fl_flow_key skb_mkey;
283
284 list_for_each_entry_rcu(mask, &head->masks, list) {
285 fl_clear_masked_range(&skb_key, mask);
286
287 skb_key.indev_ifindex = skb->skb_iif;
288 /* skb_flow_dissect() does not set n_proto in case an unknown
289 * protocol, so do it rather here.
290 */
291 skb_key.basic.n_proto = skb->protocol;
292 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
293 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
294
295 fl_set_masked_key(&skb_mkey, &skb_key, mask);
296
297 f = fl_lookup(mask, &skb_mkey, &skb_key);
298 if (f && !tc_skip_sw(f->flags)) {
299 *res = f->res;
300 return tcf_exts_exec(skb, &f->exts, res);
301 }
302 }
303 return -1;
304 }
305
306 static int fl_init(struct tcf_proto *tp)
307 {
308 struct cls_fl_head *head;
309
310 head = kzalloc(sizeof(*head), GFP_KERNEL);
311 if (!head)
312 return -ENOBUFS;
313
314 spin_lock_init(&head->masks_lock);
315 INIT_LIST_HEAD_RCU(&head->masks);
316 INIT_LIST_HEAD(&head->hw_filters);
317 rcu_assign_pointer(tp->root, head);
318 idr_init(&head->handle_idr);
319
320 return rhashtable_init(&head->ht, &mask_ht_params);
321 }
322
323 static void fl_mask_free(struct fl_flow_mask *mask, bool mask_init_done)
324 {
325 /* temporary masks don't have their filters list and ht initialized */
326 if (mask_init_done) {
327 WARN_ON(!list_empty(&mask->filters));
328 rhashtable_destroy(&mask->ht);
329 }
330 kfree(mask);
331 }
332
333 static void fl_mask_free_work(struct work_struct *work)
334 {
335 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
336 struct fl_flow_mask, rwork);
337
338 fl_mask_free(mask, true);
339 }
340
341 static void fl_uninit_mask_free_work(struct work_struct *work)
342 {
343 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
344 struct fl_flow_mask, rwork);
345
346 fl_mask_free(mask, false);
347 }
348
349 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask)
350 {
351 if (!refcount_dec_and_test(&mask->refcnt))
352 return false;
353
354 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
355
356 spin_lock(&head->masks_lock);
357 list_del_rcu(&mask->list);
358 spin_unlock(&head->masks_lock);
359
360 tcf_queue_work(&mask->rwork, fl_mask_free_work);
361
362 return true;
363 }
364
365 static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp)
366 {
367 /* Flower classifier only changes root pointer during init and destroy.
368 * Users must obtain reference to tcf_proto instance before calling its
369 * API, so tp->root pointer is protected from concurrent call to
370 * fl_destroy() by reference counting.
371 */
372 return rcu_dereference_raw(tp->root);
373 }
374
375 static void __fl_destroy_filter(struct cls_fl_filter *f)
376 {
377 tcf_exts_destroy(&f->exts);
378 tcf_exts_put_net(&f->exts);
379 kfree(f);
380 }
381
382 static void fl_destroy_filter_work(struct work_struct *work)
383 {
384 struct cls_fl_filter *f = container_of(to_rcu_work(work),
385 struct cls_fl_filter, rwork);
386
387 __fl_destroy_filter(f);
388 }
389
390 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
391 bool rtnl_held, struct netlink_ext_ack *extack)
392 {
393 struct tc_cls_flower_offload cls_flower = {};
394 struct tcf_block *block = tp->chain->block;
395
396 if (!rtnl_held)
397 rtnl_lock();
398
399 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
400 cls_flower.command = TC_CLSFLOWER_DESTROY;
401 cls_flower.cookie = (unsigned long) f;
402
403 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
404 spin_lock(&tp->lock);
405 list_del_init(&f->hw_list);
406 tcf_block_offload_dec(block, &f->flags);
407 spin_unlock(&tp->lock);
408
409 if (!rtnl_held)
410 rtnl_unlock();
411 }
412
413 static int fl_hw_replace_filter(struct tcf_proto *tp,
414 struct cls_fl_filter *f, bool rtnl_held,
415 struct netlink_ext_ack *extack)
416 {
417 struct cls_fl_head *head = fl_head_dereference(tp);
418 struct tc_cls_flower_offload cls_flower = {};
419 struct tcf_block *block = tp->chain->block;
420 bool skip_sw = tc_skip_sw(f->flags);
421 int err = 0;
422
423 if (!rtnl_held)
424 rtnl_lock();
425
426 cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts));
427 if (!cls_flower.rule) {
428 err = -ENOMEM;
429 goto errout;
430 }
431
432 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
433 cls_flower.command = TC_CLSFLOWER_REPLACE;
434 cls_flower.cookie = (unsigned long) f;
435 cls_flower.rule->match.dissector = &f->mask->dissector;
436 cls_flower.rule->match.mask = &f->mask->key;
437 cls_flower.rule->match.key = &f->mkey;
438 cls_flower.classid = f->res.classid;
439
440 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts);
441 if (err) {
442 kfree(cls_flower.rule);
443 if (skip_sw)
444 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
445 else
446 err = 0;
447 goto errout;
448 }
449
450 err = tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, skip_sw);
451 kfree(cls_flower.rule);
452
453 if (err < 0) {
454 fl_hw_destroy_filter(tp, f, true, NULL);
455 goto errout;
456 } else if (err > 0) {
457 f->in_hw_count = err;
458 err = 0;
459 spin_lock(&tp->lock);
460 tcf_block_offload_inc(block, &f->flags);
461 spin_unlock(&tp->lock);
462 }
463
464 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW)) {
465 err = -EINVAL;
466 goto errout;
467 }
468
469 spin_lock(&tp->lock);
470 list_add(&f->hw_list, &head->hw_filters);
471 spin_unlock(&tp->lock);
472 errout:
473 if (!rtnl_held)
474 rtnl_unlock();
475
476 return err;
477 }
478
479 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f,
480 bool rtnl_held)
481 {
482 struct tc_cls_flower_offload cls_flower = {};
483 struct tcf_block *block = tp->chain->block;
484
485 if (!rtnl_held)
486 rtnl_lock();
487
488 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
489 cls_flower.command = TC_CLSFLOWER_STATS;
490 cls_flower.cookie = (unsigned long) f;
491 cls_flower.classid = f->res.classid;
492
493 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
494
495 tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes,
496 cls_flower.stats.pkts,
497 cls_flower.stats.lastused);
498
499 if (!rtnl_held)
500 rtnl_unlock();
501 }
502
503 static void __fl_put(struct cls_fl_filter *f)
504 {
505 if (!refcount_dec_and_test(&f->refcnt))
506 return;
507
508 if (tcf_exts_get_net(&f->exts))
509 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
510 else
511 __fl_destroy_filter(f);
512 }
513
514 static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle)
515 {
516 struct cls_fl_filter *f;
517
518 rcu_read_lock();
519 f = idr_find(&head->handle_idr, handle);
520 if (f && !refcount_inc_not_zero(&f->refcnt))
521 f = NULL;
522 rcu_read_unlock();
523
524 return f;
525 }
526
527 static struct cls_fl_filter *fl_get_next_filter(struct tcf_proto *tp,
528 unsigned long *handle)
529 {
530 struct cls_fl_head *head = fl_head_dereference(tp);
531 struct cls_fl_filter *f;
532
533 rcu_read_lock();
534 while ((f = idr_get_next_ul(&head->handle_idr, handle))) {
535 /* don't return filters that are being deleted */
536 if (refcount_inc_not_zero(&f->refcnt))
537 break;
538 ++(*handle);
539 }
540 rcu_read_unlock();
541
542 return f;
543 }
544
545 static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
546 bool *last, bool rtnl_held,
547 struct netlink_ext_ack *extack)
548 {
549 struct cls_fl_head *head = fl_head_dereference(tp);
550
551 *last = false;
552
553 spin_lock(&tp->lock);
554 if (f->deleted) {
555 spin_unlock(&tp->lock);
556 return -ENOENT;
557 }
558
559 f->deleted = true;
560 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
561 f->mask->filter_ht_params);
562 idr_remove(&head->handle_idr, f->handle);
563 list_del_rcu(&f->list);
564 spin_unlock(&tp->lock);
565
566 *last = fl_mask_put(head, f->mask);
567 if (!tc_skip_hw(f->flags))
568 fl_hw_destroy_filter(tp, f, rtnl_held, extack);
569 tcf_unbind_filter(tp, &f->res);
570 __fl_put(f);
571
572 return 0;
573 }
574
575 static void fl_destroy_sleepable(struct work_struct *work)
576 {
577 struct cls_fl_head *head = container_of(to_rcu_work(work),
578 struct cls_fl_head,
579 rwork);
580
581 rhashtable_destroy(&head->ht);
582 kfree(head);
583 module_put(THIS_MODULE);
584 }
585
586 static void fl_destroy(struct tcf_proto *tp, bool rtnl_held,
587 struct netlink_ext_ack *extack)
588 {
589 struct cls_fl_head *head = fl_head_dereference(tp);
590 struct fl_flow_mask *mask, *next_mask;
591 struct cls_fl_filter *f, *next;
592 bool last;
593
594 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
595 list_for_each_entry_safe(f, next, &mask->filters, list) {
596 __fl_delete(tp, f, &last, rtnl_held, extack);
597 if (last)
598 break;
599 }
600 }
601 idr_destroy(&head->handle_idr);
602
603 __module_get(THIS_MODULE);
604 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
605 }
606
607 static void fl_put(struct tcf_proto *tp, void *arg)
608 {
609 struct cls_fl_filter *f = arg;
610
611 __fl_put(f);
612 }
613
614 static void *fl_get(struct tcf_proto *tp, u32 handle)
615 {
616 struct cls_fl_head *head = fl_head_dereference(tp);
617
618 return __fl_get(head, handle);
619 }
620
621 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
622 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
623 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
624 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
625 .len = IFNAMSIZ },
626 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
627 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
628 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
629 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
630 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
631 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
632 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
633 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
634 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
635 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
636 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
637 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
638 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
639 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
640 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
641 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
642 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
643 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
644 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
645 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
646 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
647 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
648 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
649 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
650 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
651 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
652 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
653 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
654 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
655 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
656 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
657 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
658 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
659 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
660 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
661 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
662 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
663 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
664 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
665 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
666 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
667 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
668 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
669 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
670 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
671 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
672 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
673 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
674 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
675 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
676 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
677 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
678 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
679 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
680 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
681 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
682 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
683 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
684 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
685 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
686 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
687 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
688 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
689 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
690 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
691 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
692 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
693 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
694 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
695 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
696 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
697 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
698 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
699 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
700 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
701 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
702 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
703 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
704 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
705 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
706 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
707 };
708
709 static const struct nla_policy
710 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
711 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
712 };
713
714 static const struct nla_policy
715 geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
716 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
717 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
718 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
719 .len = 128 },
720 };
721
722 static void fl_set_key_val(struct nlattr **tb,
723 void *val, int val_type,
724 void *mask, int mask_type, int len)
725 {
726 if (!tb[val_type])
727 return;
728 memcpy(val, nla_data(tb[val_type]), len);
729 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
730 memset(mask, 0xff, len);
731 else
732 memcpy(mask, nla_data(tb[mask_type]), len);
733 }
734
735 static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
736 struct fl_flow_key *mask)
737 {
738 fl_set_key_val(tb, &key->tp_min.dst,
739 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_min.dst,
740 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.dst));
741 fl_set_key_val(tb, &key->tp_max.dst,
742 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_max.dst,
743 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.dst));
744 fl_set_key_val(tb, &key->tp_min.src,
745 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_min.src,
746 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.src));
747 fl_set_key_val(tb, &key->tp_max.src,
748 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_max.src,
749 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.src));
750
751 if ((mask->tp_min.dst && mask->tp_max.dst &&
752 htons(key->tp_max.dst) <= htons(key->tp_min.dst)) ||
753 (mask->tp_min.src && mask->tp_max.src &&
754 htons(key->tp_max.src) <= htons(key->tp_min.src)))
755 return -EINVAL;
756
757 return 0;
758 }
759
760 static int fl_set_key_mpls(struct nlattr **tb,
761 struct flow_dissector_key_mpls *key_val,
762 struct flow_dissector_key_mpls *key_mask)
763 {
764 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
765 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
766 key_mask->mpls_ttl = MPLS_TTL_MASK;
767 }
768 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
769 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
770
771 if (bos & ~MPLS_BOS_MASK)
772 return -EINVAL;
773 key_val->mpls_bos = bos;
774 key_mask->mpls_bos = MPLS_BOS_MASK;
775 }
776 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
777 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
778
779 if (tc & ~MPLS_TC_MASK)
780 return -EINVAL;
781 key_val->mpls_tc = tc;
782 key_mask->mpls_tc = MPLS_TC_MASK;
783 }
784 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
785 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
786
787 if (label & ~MPLS_LABEL_MASK)
788 return -EINVAL;
789 key_val->mpls_label = label;
790 key_mask->mpls_label = MPLS_LABEL_MASK;
791 }
792 return 0;
793 }
794
795 static void fl_set_key_vlan(struct nlattr **tb,
796 __be16 ethertype,
797 int vlan_id_key, int vlan_prio_key,
798 struct flow_dissector_key_vlan *key_val,
799 struct flow_dissector_key_vlan *key_mask)
800 {
801 #define VLAN_PRIORITY_MASK 0x7
802
803 if (tb[vlan_id_key]) {
804 key_val->vlan_id =
805 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
806 key_mask->vlan_id = VLAN_VID_MASK;
807 }
808 if (tb[vlan_prio_key]) {
809 key_val->vlan_priority =
810 nla_get_u8(tb[vlan_prio_key]) &
811 VLAN_PRIORITY_MASK;
812 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
813 }
814 key_val->vlan_tpid = ethertype;
815 key_mask->vlan_tpid = cpu_to_be16(~0);
816 }
817
818 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
819 u32 *dissector_key, u32 *dissector_mask,
820 u32 flower_flag_bit, u32 dissector_flag_bit)
821 {
822 if (flower_mask & flower_flag_bit) {
823 *dissector_mask |= dissector_flag_bit;
824 if (flower_key & flower_flag_bit)
825 *dissector_key |= dissector_flag_bit;
826 }
827 }
828
829 static int fl_set_key_flags(struct nlattr **tb,
830 u32 *flags_key, u32 *flags_mask)
831 {
832 u32 key, mask;
833
834 /* mask is mandatory for flags */
835 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
836 return -EINVAL;
837
838 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
839 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
840
841 *flags_key = 0;
842 *flags_mask = 0;
843
844 fl_set_key_flag(key, mask, flags_key, flags_mask,
845 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
846 fl_set_key_flag(key, mask, flags_key, flags_mask,
847 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
848 FLOW_DIS_FIRST_FRAG);
849
850 return 0;
851 }
852
853 static void fl_set_key_ip(struct nlattr **tb, bool encap,
854 struct flow_dissector_key_ip *key,
855 struct flow_dissector_key_ip *mask)
856 {
857 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
858 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
859 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
860 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
861
862 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
863 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
864 }
865
866 static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
867 int depth, int option_len,
868 struct netlink_ext_ack *extack)
869 {
870 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
871 struct nlattr *class = NULL, *type = NULL, *data = NULL;
872 struct geneve_opt *opt;
873 int err, data_len = 0;
874
875 if (option_len > sizeof(struct geneve_opt))
876 data_len = option_len - sizeof(struct geneve_opt);
877
878 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
879 memset(opt, 0xff, option_len);
880 opt->length = data_len / 4;
881 opt->r1 = 0;
882 opt->r2 = 0;
883 opt->r3 = 0;
884
885 /* If no mask has been prodived we assume an exact match. */
886 if (!depth)
887 return sizeof(struct geneve_opt) + data_len;
888
889 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
890 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
891 return -EINVAL;
892 }
893
894 err = nla_parse_nested_deprecated(tb,
895 TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
896 nla, geneve_opt_policy, extack);
897 if (err < 0)
898 return err;
899
900 /* We are not allowed to omit any of CLASS, TYPE or DATA
901 * fields from the key.
902 */
903 if (!option_len &&
904 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
905 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
906 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
907 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
908 return -EINVAL;
909 }
910
911 /* Omitting any of CLASS, TYPE or DATA fields is allowed
912 * for the mask.
913 */
914 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
915 int new_len = key->enc_opts.len;
916
917 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
918 data_len = nla_len(data);
919 if (data_len < 4) {
920 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
921 return -ERANGE;
922 }
923 if (data_len % 4) {
924 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
925 return -ERANGE;
926 }
927
928 new_len += sizeof(struct geneve_opt) + data_len;
929 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
930 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
931 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
932 return -ERANGE;
933 }
934 opt->length = data_len / 4;
935 memcpy(opt->opt_data, nla_data(data), data_len);
936 }
937
938 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
939 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
940 opt->opt_class = nla_get_be16(class);
941 }
942
943 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
944 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
945 opt->type = nla_get_u8(type);
946 }
947
948 return sizeof(struct geneve_opt) + data_len;
949 }
950
951 static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
952 struct fl_flow_key *mask,
953 struct netlink_ext_ack *extack)
954 {
955 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
956 int err, option_len, key_depth, msk_depth = 0;
957
958 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS],
959 TCA_FLOWER_KEY_ENC_OPTS_MAX,
960 enc_opts_policy, extack);
961 if (err)
962 return err;
963
964 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
965
966 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
967 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
968 TCA_FLOWER_KEY_ENC_OPTS_MAX,
969 enc_opts_policy, extack);
970 if (err)
971 return err;
972
973 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
974 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
975 }
976
977 nla_for_each_attr(nla_opt_key, nla_enc_key,
978 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
979 switch (nla_type(nla_opt_key)) {
980 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
981 option_len = 0;
982 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
983 option_len = fl_set_geneve_opt(nla_opt_key, key,
984 key_depth, option_len,
985 extack);
986 if (option_len < 0)
987 return option_len;
988
989 key->enc_opts.len += option_len;
990 /* At the same time we need to parse through the mask
991 * in order to verify exact and mask attribute lengths.
992 */
993 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
994 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
995 msk_depth, option_len,
996 extack);
997 if (option_len < 0)
998 return option_len;
999
1000 mask->enc_opts.len += option_len;
1001 if (key->enc_opts.len != mask->enc_opts.len) {
1002 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1003 return -EINVAL;
1004 }
1005
1006 if (msk_depth)
1007 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1008 break;
1009 default:
1010 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
1011 return -EINVAL;
1012 }
1013 }
1014
1015 return 0;
1016 }
1017
1018 static int fl_set_key(struct net *net, struct nlattr **tb,
1019 struct fl_flow_key *key, struct fl_flow_key *mask,
1020 struct netlink_ext_ack *extack)
1021 {
1022 __be16 ethertype;
1023 int ret = 0;
1024 #ifdef CONFIG_NET_CLS_IND
1025 if (tb[TCA_FLOWER_INDEV]) {
1026 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
1027 if (err < 0)
1028 return err;
1029 key->indev_ifindex = err;
1030 mask->indev_ifindex = 0xffffffff;
1031 }
1032 #endif
1033
1034 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1035 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1036 sizeof(key->eth.dst));
1037 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1038 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1039 sizeof(key->eth.src));
1040
1041 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
1042 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
1043
1044 if (eth_type_vlan(ethertype)) {
1045 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
1046 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
1047 &mask->vlan);
1048
1049 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
1050 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
1051 if (eth_type_vlan(ethertype)) {
1052 fl_set_key_vlan(tb, ethertype,
1053 TCA_FLOWER_KEY_CVLAN_ID,
1054 TCA_FLOWER_KEY_CVLAN_PRIO,
1055 &key->cvlan, &mask->cvlan);
1056 fl_set_key_val(tb, &key->basic.n_proto,
1057 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1058 &mask->basic.n_proto,
1059 TCA_FLOWER_UNSPEC,
1060 sizeof(key->basic.n_proto));
1061 } else {
1062 key->basic.n_proto = ethertype;
1063 mask->basic.n_proto = cpu_to_be16(~0);
1064 }
1065 }
1066 } else {
1067 key->basic.n_proto = ethertype;
1068 mask->basic.n_proto = cpu_to_be16(~0);
1069 }
1070 }
1071
1072 if (key->basic.n_proto == htons(ETH_P_IP) ||
1073 key->basic.n_proto == htons(ETH_P_IPV6)) {
1074 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1075 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1076 sizeof(key->basic.ip_proto));
1077 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
1078 }
1079
1080 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
1081 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1082 mask->control.addr_type = ~0;
1083 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1084 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1085 sizeof(key->ipv4.src));
1086 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1087 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1088 sizeof(key->ipv4.dst));
1089 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
1090 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1091 mask->control.addr_type = ~0;
1092 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1093 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1094 sizeof(key->ipv6.src));
1095 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1096 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1097 sizeof(key->ipv6.dst));
1098 }
1099
1100 if (key->basic.ip_proto == IPPROTO_TCP) {
1101 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1102 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1103 sizeof(key->tp.src));
1104 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1105 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1106 sizeof(key->tp.dst));
1107 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1108 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1109 sizeof(key->tcp.flags));
1110 } else if (key->basic.ip_proto == IPPROTO_UDP) {
1111 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1112 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1113 sizeof(key->tp.src));
1114 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1115 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1116 sizeof(key->tp.dst));
1117 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
1118 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1119 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1120 sizeof(key->tp.src));
1121 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1122 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1123 sizeof(key->tp.dst));
1124 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
1125 key->basic.ip_proto == IPPROTO_ICMP) {
1126 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
1127 &mask->icmp.type,
1128 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1129 sizeof(key->icmp.type));
1130 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
1131 &mask->icmp.code,
1132 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1133 sizeof(key->icmp.code));
1134 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1135 key->basic.ip_proto == IPPROTO_ICMPV6) {
1136 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
1137 &mask->icmp.type,
1138 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1139 sizeof(key->icmp.type));
1140 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
1141 &mask->icmp.code,
1142 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1143 sizeof(key->icmp.code));
1144 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1145 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1146 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
1147 if (ret)
1148 return ret;
1149 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1150 key->basic.n_proto == htons(ETH_P_RARP)) {
1151 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1152 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1153 sizeof(key->arp.sip));
1154 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1155 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1156 sizeof(key->arp.tip));
1157 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1158 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1159 sizeof(key->arp.op));
1160 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1161 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1162 sizeof(key->arp.sha));
1163 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1164 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1165 sizeof(key->arp.tha));
1166 }
1167
1168 if (key->basic.ip_proto == IPPROTO_TCP ||
1169 key->basic.ip_proto == IPPROTO_UDP ||
1170 key->basic.ip_proto == IPPROTO_SCTP) {
1171 ret = fl_set_key_port_range(tb, key, mask);
1172 if (ret)
1173 return ret;
1174 }
1175
1176 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1177 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1178 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1179 mask->enc_control.addr_type = ~0;
1180 fl_set_key_val(tb, &key->enc_ipv4.src,
1181 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1182 &mask->enc_ipv4.src,
1183 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1184 sizeof(key->enc_ipv4.src));
1185 fl_set_key_val(tb, &key->enc_ipv4.dst,
1186 TCA_FLOWER_KEY_ENC_IPV4_DST,
1187 &mask->enc_ipv4.dst,
1188 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1189 sizeof(key->enc_ipv4.dst));
1190 }
1191
1192 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1193 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1194 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1195 mask->enc_control.addr_type = ~0;
1196 fl_set_key_val(tb, &key->enc_ipv6.src,
1197 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1198 &mask->enc_ipv6.src,
1199 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1200 sizeof(key->enc_ipv6.src));
1201 fl_set_key_val(tb, &key->enc_ipv6.dst,
1202 TCA_FLOWER_KEY_ENC_IPV6_DST,
1203 &mask->enc_ipv6.dst,
1204 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1205 sizeof(key->enc_ipv6.dst));
1206 }
1207
1208 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
1209 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
1210 sizeof(key->enc_key_id.keyid));
1211
1212 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1213 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1214 sizeof(key->enc_tp.src));
1215
1216 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1217 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1218 sizeof(key->enc_tp.dst));
1219
1220 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1221
1222 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1223 ret = fl_set_enc_opt(tb, key, mask, extack);
1224 if (ret)
1225 return ret;
1226 }
1227
1228 if (tb[TCA_FLOWER_KEY_FLAGS])
1229 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
1230
1231 return ret;
1232 }
1233
1234 static void fl_mask_copy(struct fl_flow_mask *dst,
1235 struct fl_flow_mask *src)
1236 {
1237 const void *psrc = fl_key_get_start(&src->key, src);
1238 void *pdst = fl_key_get_start(&dst->key, src);
1239
1240 memcpy(pdst, psrc, fl_mask_range(src));
1241 dst->range = src->range;
1242 }
1243
1244 static const struct rhashtable_params fl_ht_params = {
1245 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
1246 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1247 .automatic_shrinking = true,
1248 };
1249
1250 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1251 {
1252 mask->filter_ht_params = fl_ht_params;
1253 mask->filter_ht_params.key_len = fl_mask_range(mask);
1254 mask->filter_ht_params.key_offset += mask->range.start;
1255
1256 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1257 }
1258
1259 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1260 #define FL_KEY_MEMBER_SIZE(member) FIELD_SIZEOF(struct fl_flow_key, member)
1261
1262 #define FL_KEY_IS_MASKED(mask, member) \
1263 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1264 0, FL_KEY_MEMBER_SIZE(member)) \
1265
1266 #define FL_KEY_SET(keys, cnt, id, member) \
1267 do { \
1268 keys[cnt].key_id = id; \
1269 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1270 cnt++; \
1271 } while(0);
1272
1273 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1274 do { \
1275 if (FL_KEY_IS_MASKED(mask, member)) \
1276 FL_KEY_SET(keys, cnt, id, member); \
1277 } while(0);
1278
1279 static void fl_init_dissector(struct flow_dissector *dissector,
1280 struct fl_flow_key *mask)
1281 {
1282 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1283 size_t cnt = 0;
1284
1285 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1286 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1287 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1288 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1289 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1290 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1291 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1292 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1293 if (FL_KEY_IS_MASKED(mask, tp) ||
1294 FL_KEY_IS_MASKED(mask, tp_min) || FL_KEY_IS_MASKED(mask, tp_max))
1295 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_PORTS, tp);
1296 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1297 FLOW_DISSECTOR_KEY_IP, ip);
1298 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1299 FLOW_DISSECTOR_KEY_TCP, tcp);
1300 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1301 FLOW_DISSECTOR_KEY_ICMP, icmp);
1302 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1303 FLOW_DISSECTOR_KEY_ARP, arp);
1304 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1305 FLOW_DISSECTOR_KEY_MPLS, mpls);
1306 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1307 FLOW_DISSECTOR_KEY_VLAN, vlan);
1308 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1309 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1310 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1311 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1312 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1313 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1314 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1315 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1316 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1317 FL_KEY_IS_MASKED(mask, enc_ipv6))
1318 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1319 enc_control);
1320 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1321 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1322 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1323 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1324 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1325 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1326
1327 skb_flow_dissector_init(dissector, keys, cnt);
1328 }
1329
1330 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1331 struct fl_flow_mask *mask)
1332 {
1333 struct fl_flow_mask *newmask;
1334 int err;
1335
1336 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1337 if (!newmask)
1338 return ERR_PTR(-ENOMEM);
1339
1340 fl_mask_copy(newmask, mask);
1341
1342 if ((newmask->key.tp_min.dst && newmask->key.tp_max.dst) ||
1343 (newmask->key.tp_min.src && newmask->key.tp_max.src))
1344 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
1345
1346 err = fl_init_mask_hashtable(newmask);
1347 if (err)
1348 goto errout_free;
1349
1350 fl_init_dissector(&newmask->dissector, &newmask->key);
1351
1352 INIT_LIST_HEAD_RCU(&newmask->filters);
1353
1354 refcount_set(&newmask->refcnt, 1);
1355 err = rhashtable_replace_fast(&head->ht, &mask->ht_node,
1356 &newmask->ht_node, mask_ht_params);
1357 if (err)
1358 goto errout_destroy;
1359
1360 spin_lock(&head->masks_lock);
1361 list_add_tail_rcu(&newmask->list, &head->masks);
1362 spin_unlock(&head->masks_lock);
1363
1364 return newmask;
1365
1366 errout_destroy:
1367 rhashtable_destroy(&newmask->ht);
1368 errout_free:
1369 kfree(newmask);
1370
1371 return ERR_PTR(err);
1372 }
1373
1374 static int fl_check_assign_mask(struct cls_fl_head *head,
1375 struct cls_fl_filter *fnew,
1376 struct cls_fl_filter *fold,
1377 struct fl_flow_mask *mask)
1378 {
1379 struct fl_flow_mask *newmask;
1380 int ret = 0;
1381
1382 rcu_read_lock();
1383
1384 /* Insert mask as temporary node to prevent concurrent creation of mask
1385 * with same key. Any concurrent lookups with same key will return
1386 * -EAGAIN because mask's refcnt is zero.
1387 */
1388 fnew->mask = rhashtable_lookup_get_insert_fast(&head->ht,
1389 &mask->ht_node,
1390 mask_ht_params);
1391 if (!fnew->mask) {
1392 rcu_read_unlock();
1393
1394 if (fold) {
1395 ret = -EINVAL;
1396 goto errout_cleanup;
1397 }
1398
1399 newmask = fl_create_new_mask(head, mask);
1400 if (IS_ERR(newmask)) {
1401 ret = PTR_ERR(newmask);
1402 goto errout_cleanup;
1403 }
1404
1405 fnew->mask = newmask;
1406 return 0;
1407 } else if (IS_ERR(fnew->mask)) {
1408 ret = PTR_ERR(fnew->mask);
1409 } else if (fold && fold->mask != fnew->mask) {
1410 ret = -EINVAL;
1411 } else if (!refcount_inc_not_zero(&fnew->mask->refcnt)) {
1412 /* Mask was deleted concurrently, try again */
1413 ret = -EAGAIN;
1414 }
1415 rcu_read_unlock();
1416 return ret;
1417
1418 errout_cleanup:
1419 rhashtable_remove_fast(&head->ht, &mask->ht_node,
1420 mask_ht_params);
1421 return ret;
1422 }
1423
1424 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1425 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1426 unsigned long base, struct nlattr **tb,
1427 struct nlattr *est, bool ovr,
1428 struct fl_flow_tmplt *tmplt, bool rtnl_held,
1429 struct netlink_ext_ack *extack)
1430 {
1431 int err;
1432
1433 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, rtnl_held,
1434 extack);
1435 if (err < 0)
1436 return err;
1437
1438 if (tb[TCA_FLOWER_CLASSID]) {
1439 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1440 if (!rtnl_held)
1441 rtnl_lock();
1442 tcf_bind_filter(tp, &f->res, base);
1443 if (!rtnl_held)
1444 rtnl_unlock();
1445 }
1446
1447 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1448 if (err)
1449 return err;
1450
1451 fl_mask_update_range(mask);
1452 fl_set_masked_key(&f->mkey, &f->key, mask);
1453
1454 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1455 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1456 return -EINVAL;
1457 }
1458
1459 return 0;
1460 }
1461
1462 static int fl_ht_insert_unique(struct cls_fl_filter *fnew,
1463 struct cls_fl_filter *fold,
1464 bool *in_ht)
1465 {
1466 struct fl_flow_mask *mask = fnew->mask;
1467 int err;
1468
1469 err = rhashtable_lookup_insert_fast(&mask->ht,
1470 &fnew->ht_node,
1471 mask->filter_ht_params);
1472 if (err) {
1473 *in_ht = false;
1474 /* It is okay if filter with same key exists when
1475 * overwriting.
1476 */
1477 return fold && err == -EEXIST ? 0 : err;
1478 }
1479
1480 *in_ht = true;
1481 return 0;
1482 }
1483
1484 static int fl_change(struct net *net, struct sk_buff *in_skb,
1485 struct tcf_proto *tp, unsigned long base,
1486 u32 handle, struct nlattr **tca,
1487 void **arg, bool ovr, bool rtnl_held,
1488 struct netlink_ext_ack *extack)
1489 {
1490 struct cls_fl_head *head = fl_head_dereference(tp);
1491 struct cls_fl_filter *fold = *arg;
1492 struct cls_fl_filter *fnew;
1493 struct fl_flow_mask *mask;
1494 struct nlattr **tb;
1495 bool in_ht;
1496 int err;
1497
1498 if (!tca[TCA_OPTIONS]) {
1499 err = -EINVAL;
1500 goto errout_fold;
1501 }
1502
1503 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
1504 if (!mask) {
1505 err = -ENOBUFS;
1506 goto errout_fold;
1507 }
1508
1509 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1510 if (!tb) {
1511 err = -ENOBUFS;
1512 goto errout_mask_alloc;
1513 }
1514
1515 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
1516 tca[TCA_OPTIONS], fl_policy, NULL);
1517 if (err < 0)
1518 goto errout_tb;
1519
1520 if (fold && handle && fold->handle != handle) {
1521 err = -EINVAL;
1522 goto errout_tb;
1523 }
1524
1525 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1526 if (!fnew) {
1527 err = -ENOBUFS;
1528 goto errout_tb;
1529 }
1530 INIT_LIST_HEAD(&fnew->hw_list);
1531 refcount_set(&fnew->refcnt, 1);
1532
1533 err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0);
1534 if (err < 0)
1535 goto errout;
1536
1537 if (tb[TCA_FLOWER_FLAGS]) {
1538 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1539
1540 if (!tc_flags_valid(fnew->flags)) {
1541 err = -EINVAL;
1542 goto errout;
1543 }
1544 }
1545
1546 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
1547 tp->chain->tmplt_priv, rtnl_held, extack);
1548 if (err)
1549 goto errout;
1550
1551 err = fl_check_assign_mask(head, fnew, fold, mask);
1552 if (err)
1553 goto errout;
1554
1555 err = fl_ht_insert_unique(fnew, fold, &in_ht);
1556 if (err)
1557 goto errout_mask;
1558
1559 if (!tc_skip_hw(fnew->flags)) {
1560 err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack);
1561 if (err)
1562 goto errout_ht;
1563 }
1564
1565 if (!tc_in_hw(fnew->flags))
1566 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1567
1568 spin_lock(&tp->lock);
1569
1570 /* tp was deleted concurrently. -EAGAIN will cause caller to lookup
1571 * proto again or create new one, if necessary.
1572 */
1573 if (tp->deleting) {
1574 err = -EAGAIN;
1575 goto errout_hw;
1576 }
1577
1578 if (fold) {
1579 /* Fold filter was deleted concurrently. Retry lookup. */
1580 if (fold->deleted) {
1581 err = -EAGAIN;
1582 goto errout_hw;
1583 }
1584
1585 fnew->handle = handle;
1586
1587 if (!in_ht) {
1588 struct rhashtable_params params =
1589 fnew->mask->filter_ht_params;
1590
1591 err = rhashtable_insert_fast(&fnew->mask->ht,
1592 &fnew->ht_node,
1593 params);
1594 if (err)
1595 goto errout_hw;
1596 in_ht = true;
1597 }
1598
1599 refcount_inc(&fnew->refcnt);
1600 rhashtable_remove_fast(&fold->mask->ht,
1601 &fold->ht_node,
1602 fold->mask->filter_ht_params);
1603 idr_replace(&head->handle_idr, fnew, fnew->handle);
1604 list_replace_rcu(&fold->list, &fnew->list);
1605 fold->deleted = true;
1606
1607 spin_unlock(&tp->lock);
1608
1609 fl_mask_put(head, fold->mask);
1610 if (!tc_skip_hw(fold->flags))
1611 fl_hw_destroy_filter(tp, fold, rtnl_held, NULL);
1612 tcf_unbind_filter(tp, &fold->res);
1613 /* Caller holds reference to fold, so refcnt is always > 0
1614 * after this.
1615 */
1616 refcount_dec(&fold->refcnt);
1617 __fl_put(fold);
1618 } else {
1619 if (handle) {
1620 /* user specifies a handle and it doesn't exist */
1621 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1622 handle, GFP_ATOMIC);
1623
1624 /* Filter with specified handle was concurrently
1625 * inserted after initial check in cls_api. This is not
1626 * necessarily an error if NLM_F_EXCL is not set in
1627 * message flags. Returning EAGAIN will cause cls_api to
1628 * try to update concurrently inserted rule.
1629 */
1630 if (err == -ENOSPC)
1631 err = -EAGAIN;
1632 } else {
1633 handle = 1;
1634 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1635 INT_MAX, GFP_ATOMIC);
1636 }
1637 if (err)
1638 goto errout_hw;
1639
1640 refcount_inc(&fnew->refcnt);
1641 fnew->handle = handle;
1642 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1643 spin_unlock(&tp->lock);
1644 }
1645
1646 *arg = fnew;
1647
1648 kfree(tb);
1649 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1650 return 0;
1651
1652 errout_ht:
1653 spin_lock(&tp->lock);
1654 errout_hw:
1655 fnew->deleted = true;
1656 spin_unlock(&tp->lock);
1657 if (!tc_skip_hw(fnew->flags))
1658 fl_hw_destroy_filter(tp, fnew, rtnl_held, NULL);
1659 if (in_ht)
1660 rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node,
1661 fnew->mask->filter_ht_params);
1662 errout_mask:
1663 fl_mask_put(head, fnew->mask);
1664 errout:
1665 __fl_put(fnew);
1666 errout_tb:
1667 kfree(tb);
1668 errout_mask_alloc:
1669 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1670 errout_fold:
1671 if (fold)
1672 __fl_put(fold);
1673 return err;
1674 }
1675
1676 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1677 bool rtnl_held, struct netlink_ext_ack *extack)
1678 {
1679 struct cls_fl_head *head = fl_head_dereference(tp);
1680 struct cls_fl_filter *f = arg;
1681 bool last_on_mask;
1682 int err = 0;
1683
1684 err = __fl_delete(tp, f, &last_on_mask, rtnl_held, extack);
1685 *last = list_empty(&head->masks);
1686 __fl_put(f);
1687
1688 return err;
1689 }
1690
1691 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg,
1692 bool rtnl_held)
1693 {
1694 struct cls_fl_filter *f;
1695
1696 arg->count = arg->skip;
1697
1698 while ((f = fl_get_next_filter(tp, &arg->cookie)) != NULL) {
1699 if (arg->fn(tp, f, arg) < 0) {
1700 __fl_put(f);
1701 arg->stop = 1;
1702 break;
1703 }
1704 __fl_put(f);
1705 arg->cookie++;
1706 arg->count++;
1707 }
1708 }
1709
1710 static struct cls_fl_filter *
1711 fl_get_next_hw_filter(struct tcf_proto *tp, struct cls_fl_filter *f, bool add)
1712 {
1713 struct cls_fl_head *head = fl_head_dereference(tp);
1714
1715 spin_lock(&tp->lock);
1716 if (list_empty(&head->hw_filters)) {
1717 spin_unlock(&tp->lock);
1718 return NULL;
1719 }
1720
1721 if (!f)
1722 f = list_entry(&head->hw_filters, struct cls_fl_filter,
1723 hw_list);
1724 list_for_each_entry_continue(f, &head->hw_filters, hw_list) {
1725 if (!(add && f->deleted) && refcount_inc_not_zero(&f->refcnt)) {
1726 spin_unlock(&tp->lock);
1727 return f;
1728 }
1729 }
1730
1731 spin_unlock(&tp->lock);
1732 return NULL;
1733 }
1734
1735 static int fl_reoffload(struct tcf_proto *tp, bool add, tc_setup_cb_t *cb,
1736 void *cb_priv, struct netlink_ext_ack *extack)
1737 {
1738 struct tc_cls_flower_offload cls_flower = {};
1739 struct tcf_block *block = tp->chain->block;
1740 struct cls_fl_filter *f = NULL;
1741 int err;
1742
1743 /* hw_filters list can only be changed by hw offload functions after
1744 * obtaining rtnl lock. Make sure it is not changed while reoffload is
1745 * iterating it.
1746 */
1747 ASSERT_RTNL();
1748
1749 while ((f = fl_get_next_hw_filter(tp, f, add))) {
1750 cls_flower.rule =
1751 flow_rule_alloc(tcf_exts_num_actions(&f->exts));
1752 if (!cls_flower.rule) {
1753 __fl_put(f);
1754 return -ENOMEM;
1755 }
1756
1757 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags,
1758 extack);
1759 cls_flower.command = add ?
1760 TC_CLSFLOWER_REPLACE : TC_CLSFLOWER_DESTROY;
1761 cls_flower.cookie = (unsigned long)f;
1762 cls_flower.rule->match.dissector = &f->mask->dissector;
1763 cls_flower.rule->match.mask = &f->mask->key;
1764 cls_flower.rule->match.key = &f->mkey;
1765
1766 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts);
1767 if (err) {
1768 kfree(cls_flower.rule);
1769 if (tc_skip_sw(f->flags)) {
1770 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
1771 __fl_put(f);
1772 return err;
1773 }
1774 goto next_flow;
1775 }
1776
1777 cls_flower.classid = f->res.classid;
1778
1779 err = cb(TC_SETUP_CLSFLOWER, &cls_flower, cb_priv);
1780 kfree(cls_flower.rule);
1781
1782 if (err) {
1783 if (add && tc_skip_sw(f->flags)) {
1784 __fl_put(f);
1785 return err;
1786 }
1787 goto next_flow;
1788 }
1789
1790 spin_lock(&tp->lock);
1791 tc_cls_offload_cnt_update(block, &f->in_hw_count, &f->flags,
1792 add);
1793 spin_unlock(&tp->lock);
1794 next_flow:
1795 __fl_put(f);
1796 }
1797
1798 return 0;
1799 }
1800
1801 static int fl_hw_create_tmplt(struct tcf_chain *chain,
1802 struct fl_flow_tmplt *tmplt)
1803 {
1804 struct tc_cls_flower_offload cls_flower = {};
1805 struct tcf_block *block = chain->block;
1806
1807 cls_flower.rule = flow_rule_alloc(0);
1808 if (!cls_flower.rule)
1809 return -ENOMEM;
1810
1811 cls_flower.common.chain_index = chain->index;
1812 cls_flower.command = TC_CLSFLOWER_TMPLT_CREATE;
1813 cls_flower.cookie = (unsigned long) tmplt;
1814 cls_flower.rule->match.dissector = &tmplt->dissector;
1815 cls_flower.rule->match.mask = &tmplt->mask;
1816 cls_flower.rule->match.key = &tmplt->dummy_key;
1817
1818 /* We don't care if driver (any of them) fails to handle this
1819 * call. It serves just as a hint for it.
1820 */
1821 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
1822 kfree(cls_flower.rule);
1823
1824 return 0;
1825 }
1826
1827 static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
1828 struct fl_flow_tmplt *tmplt)
1829 {
1830 struct tc_cls_flower_offload cls_flower = {};
1831 struct tcf_block *block = chain->block;
1832
1833 cls_flower.common.chain_index = chain->index;
1834 cls_flower.command = TC_CLSFLOWER_TMPLT_DESTROY;
1835 cls_flower.cookie = (unsigned long) tmplt;
1836
1837 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
1838 }
1839
1840 static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
1841 struct nlattr **tca,
1842 struct netlink_ext_ack *extack)
1843 {
1844 struct fl_flow_tmplt *tmplt;
1845 struct nlattr **tb;
1846 int err;
1847
1848 if (!tca[TCA_OPTIONS])
1849 return ERR_PTR(-EINVAL);
1850
1851 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1852 if (!tb)
1853 return ERR_PTR(-ENOBUFS);
1854 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
1855 tca[TCA_OPTIONS], fl_policy, NULL);
1856 if (err)
1857 goto errout_tb;
1858
1859 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
1860 if (!tmplt) {
1861 err = -ENOMEM;
1862 goto errout_tb;
1863 }
1864 tmplt->chain = chain;
1865 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
1866 if (err)
1867 goto errout_tmplt;
1868
1869 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
1870
1871 err = fl_hw_create_tmplt(chain, tmplt);
1872 if (err)
1873 goto errout_tmplt;
1874
1875 kfree(tb);
1876 return tmplt;
1877
1878 errout_tmplt:
1879 kfree(tmplt);
1880 errout_tb:
1881 kfree(tb);
1882 return ERR_PTR(err);
1883 }
1884
1885 static void fl_tmplt_destroy(void *tmplt_priv)
1886 {
1887 struct fl_flow_tmplt *tmplt = tmplt_priv;
1888
1889 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
1890 kfree(tmplt);
1891 }
1892
1893 static int fl_dump_key_val(struct sk_buff *skb,
1894 void *val, int val_type,
1895 void *mask, int mask_type, int len)
1896 {
1897 int err;
1898
1899 if (!memchr_inv(mask, 0, len))
1900 return 0;
1901 err = nla_put(skb, val_type, len, val);
1902 if (err)
1903 return err;
1904 if (mask_type != TCA_FLOWER_UNSPEC) {
1905 err = nla_put(skb, mask_type, len, mask);
1906 if (err)
1907 return err;
1908 }
1909 return 0;
1910 }
1911
1912 static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
1913 struct fl_flow_key *mask)
1914 {
1915 if (fl_dump_key_val(skb, &key->tp_min.dst, TCA_FLOWER_KEY_PORT_DST_MIN,
1916 &mask->tp_min.dst, TCA_FLOWER_UNSPEC,
1917 sizeof(key->tp_min.dst)) ||
1918 fl_dump_key_val(skb, &key->tp_max.dst, TCA_FLOWER_KEY_PORT_DST_MAX,
1919 &mask->tp_max.dst, TCA_FLOWER_UNSPEC,
1920 sizeof(key->tp_max.dst)) ||
1921 fl_dump_key_val(skb, &key->tp_min.src, TCA_FLOWER_KEY_PORT_SRC_MIN,
1922 &mask->tp_min.src, TCA_FLOWER_UNSPEC,
1923 sizeof(key->tp_min.src)) ||
1924 fl_dump_key_val(skb, &key->tp_max.src, TCA_FLOWER_KEY_PORT_SRC_MAX,
1925 &mask->tp_max.src, TCA_FLOWER_UNSPEC,
1926 sizeof(key->tp_max.src)))
1927 return -1;
1928
1929 return 0;
1930 }
1931
1932 static int fl_dump_key_mpls(struct sk_buff *skb,
1933 struct flow_dissector_key_mpls *mpls_key,
1934 struct flow_dissector_key_mpls *mpls_mask)
1935 {
1936 int err;
1937
1938 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1939 return 0;
1940 if (mpls_mask->mpls_ttl) {
1941 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1942 mpls_key->mpls_ttl);
1943 if (err)
1944 return err;
1945 }
1946 if (mpls_mask->mpls_tc) {
1947 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1948 mpls_key->mpls_tc);
1949 if (err)
1950 return err;
1951 }
1952 if (mpls_mask->mpls_label) {
1953 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1954 mpls_key->mpls_label);
1955 if (err)
1956 return err;
1957 }
1958 if (mpls_mask->mpls_bos) {
1959 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1960 mpls_key->mpls_bos);
1961 if (err)
1962 return err;
1963 }
1964 return 0;
1965 }
1966
1967 static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
1968 struct flow_dissector_key_ip *key,
1969 struct flow_dissector_key_ip *mask)
1970 {
1971 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
1972 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
1973 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
1974 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
1975
1976 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
1977 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
1978 return -1;
1979
1980 return 0;
1981 }
1982
1983 static int fl_dump_key_vlan(struct sk_buff *skb,
1984 int vlan_id_key, int vlan_prio_key,
1985 struct flow_dissector_key_vlan *vlan_key,
1986 struct flow_dissector_key_vlan *vlan_mask)
1987 {
1988 int err;
1989
1990 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1991 return 0;
1992 if (vlan_mask->vlan_id) {
1993 err = nla_put_u16(skb, vlan_id_key,
1994 vlan_key->vlan_id);
1995 if (err)
1996 return err;
1997 }
1998 if (vlan_mask->vlan_priority) {
1999 err = nla_put_u8(skb, vlan_prio_key,
2000 vlan_key->vlan_priority);
2001 if (err)
2002 return err;
2003 }
2004 return 0;
2005 }
2006
2007 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
2008 u32 *flower_key, u32 *flower_mask,
2009 u32 flower_flag_bit, u32 dissector_flag_bit)
2010 {
2011 if (dissector_mask & dissector_flag_bit) {
2012 *flower_mask |= flower_flag_bit;
2013 if (dissector_key & dissector_flag_bit)
2014 *flower_key |= flower_flag_bit;
2015 }
2016 }
2017
2018 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
2019 {
2020 u32 key, mask;
2021 __be32 _key, _mask;
2022 int err;
2023
2024 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
2025 return 0;
2026
2027 key = 0;
2028 mask = 0;
2029
2030 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2031 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
2032 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2033 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
2034 FLOW_DIS_FIRST_FRAG);
2035
2036 _key = cpu_to_be32(key);
2037 _mask = cpu_to_be32(mask);
2038
2039 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
2040 if (err)
2041 return err;
2042
2043 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
2044 }
2045
2046 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
2047 struct flow_dissector_key_enc_opts *enc_opts)
2048 {
2049 struct geneve_opt *opt;
2050 struct nlattr *nest;
2051 int opt_off = 0;
2052
2053 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
2054 if (!nest)
2055 goto nla_put_failure;
2056
2057 while (enc_opts->len > opt_off) {
2058 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
2059
2060 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
2061 opt->opt_class))
2062 goto nla_put_failure;
2063 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
2064 opt->type))
2065 goto nla_put_failure;
2066 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
2067 opt->length * 4, opt->opt_data))
2068 goto nla_put_failure;
2069
2070 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
2071 }
2072 nla_nest_end(skb, nest);
2073 return 0;
2074
2075 nla_put_failure:
2076 nla_nest_cancel(skb, nest);
2077 return -EMSGSIZE;
2078 }
2079
2080 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
2081 struct flow_dissector_key_enc_opts *enc_opts)
2082 {
2083 struct nlattr *nest;
2084 int err;
2085
2086 if (!enc_opts->len)
2087 return 0;
2088
2089 nest = nla_nest_start_noflag(skb, enc_opt_type);
2090 if (!nest)
2091 goto nla_put_failure;
2092
2093 switch (enc_opts->dst_opt_type) {
2094 case TUNNEL_GENEVE_OPT:
2095 err = fl_dump_key_geneve_opt(skb, enc_opts);
2096 if (err)
2097 goto nla_put_failure;
2098 break;
2099 default:
2100 goto nla_put_failure;
2101 }
2102 nla_nest_end(skb, nest);
2103 return 0;
2104
2105 nla_put_failure:
2106 nla_nest_cancel(skb, nest);
2107 return -EMSGSIZE;
2108 }
2109
2110 static int fl_dump_key_enc_opt(struct sk_buff *skb,
2111 struct flow_dissector_key_enc_opts *key_opts,
2112 struct flow_dissector_key_enc_opts *msk_opts)
2113 {
2114 int err;
2115
2116 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
2117 if (err)
2118 return err;
2119
2120 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
2121 }
2122
2123 static int fl_dump_key(struct sk_buff *skb, struct net *net,
2124 struct fl_flow_key *key, struct fl_flow_key *mask)
2125 {
2126 if (mask->indev_ifindex) {
2127 struct net_device *dev;
2128
2129 dev = __dev_get_by_index(net, key->indev_ifindex);
2130 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
2131 goto nla_put_failure;
2132 }
2133
2134 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
2135 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
2136 sizeof(key->eth.dst)) ||
2137 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
2138 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
2139 sizeof(key->eth.src)) ||
2140 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
2141 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
2142 sizeof(key->basic.n_proto)))
2143 goto nla_put_failure;
2144
2145 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
2146 goto nla_put_failure;
2147
2148 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
2149 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
2150 goto nla_put_failure;
2151
2152 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
2153 TCA_FLOWER_KEY_CVLAN_PRIO,
2154 &key->cvlan, &mask->cvlan) ||
2155 (mask->cvlan.vlan_tpid &&
2156 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2157 key->cvlan.vlan_tpid)))
2158 goto nla_put_failure;
2159
2160 if (mask->basic.n_proto) {
2161 if (mask->cvlan.vlan_tpid) {
2162 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
2163 key->basic.n_proto))
2164 goto nla_put_failure;
2165 } else if (mask->vlan.vlan_tpid) {
2166 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2167 key->basic.n_proto))
2168 goto nla_put_failure;
2169 }
2170 }
2171
2172 if ((key->basic.n_proto == htons(ETH_P_IP) ||
2173 key->basic.n_proto == htons(ETH_P_IPV6)) &&
2174 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
2175 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
2176 sizeof(key->basic.ip_proto)) ||
2177 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
2178 goto nla_put_failure;
2179
2180 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2181 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
2182 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
2183 sizeof(key->ipv4.src)) ||
2184 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
2185 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
2186 sizeof(key->ipv4.dst))))
2187 goto nla_put_failure;
2188 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2189 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
2190 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
2191 sizeof(key->ipv6.src)) ||
2192 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
2193 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
2194 sizeof(key->ipv6.dst))))
2195 goto nla_put_failure;
2196
2197 if (key->basic.ip_proto == IPPROTO_TCP &&
2198 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
2199 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
2200 sizeof(key->tp.src)) ||
2201 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
2202 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
2203 sizeof(key->tp.dst)) ||
2204 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
2205 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
2206 sizeof(key->tcp.flags))))
2207 goto nla_put_failure;
2208 else if (key->basic.ip_proto == IPPROTO_UDP &&
2209 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
2210 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
2211 sizeof(key->tp.src)) ||
2212 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
2213 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
2214 sizeof(key->tp.dst))))
2215 goto nla_put_failure;
2216 else if (key->basic.ip_proto == IPPROTO_SCTP &&
2217 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
2218 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
2219 sizeof(key->tp.src)) ||
2220 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
2221 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
2222 sizeof(key->tp.dst))))
2223 goto nla_put_failure;
2224 else if (key->basic.n_proto == htons(ETH_P_IP) &&
2225 key->basic.ip_proto == IPPROTO_ICMP &&
2226 (fl_dump_key_val(skb, &key->icmp.type,
2227 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
2228 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
2229 sizeof(key->icmp.type)) ||
2230 fl_dump_key_val(skb, &key->icmp.code,
2231 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
2232 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
2233 sizeof(key->icmp.code))))
2234 goto nla_put_failure;
2235 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
2236 key->basic.ip_proto == IPPROTO_ICMPV6 &&
2237 (fl_dump_key_val(skb, &key->icmp.type,
2238 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
2239 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
2240 sizeof(key->icmp.type)) ||
2241 fl_dump_key_val(skb, &key->icmp.code,
2242 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
2243 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
2244 sizeof(key->icmp.code))))
2245 goto nla_put_failure;
2246 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
2247 key->basic.n_proto == htons(ETH_P_RARP)) &&
2248 (fl_dump_key_val(skb, &key->arp.sip,
2249 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
2250 TCA_FLOWER_KEY_ARP_SIP_MASK,
2251 sizeof(key->arp.sip)) ||
2252 fl_dump_key_val(skb, &key->arp.tip,
2253 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
2254 TCA_FLOWER_KEY_ARP_TIP_MASK,
2255 sizeof(key->arp.tip)) ||
2256 fl_dump_key_val(skb, &key->arp.op,
2257 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
2258 TCA_FLOWER_KEY_ARP_OP_MASK,
2259 sizeof(key->arp.op)) ||
2260 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
2261 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
2262 sizeof(key->arp.sha)) ||
2263 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
2264 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
2265 sizeof(key->arp.tha))))
2266 goto nla_put_failure;
2267
2268 if ((key->basic.ip_proto == IPPROTO_TCP ||
2269 key->basic.ip_proto == IPPROTO_UDP ||
2270 key->basic.ip_proto == IPPROTO_SCTP) &&
2271 fl_dump_key_port_range(skb, key, mask))
2272 goto nla_put_failure;
2273
2274 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2275 (fl_dump_key_val(skb, &key->enc_ipv4.src,
2276 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
2277 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
2278 sizeof(key->enc_ipv4.src)) ||
2279 fl_dump_key_val(skb, &key->enc_ipv4.dst,
2280 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
2281 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
2282 sizeof(key->enc_ipv4.dst))))
2283 goto nla_put_failure;
2284 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2285 (fl_dump_key_val(skb, &key->enc_ipv6.src,
2286 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
2287 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
2288 sizeof(key->enc_ipv6.src)) ||
2289 fl_dump_key_val(skb, &key->enc_ipv6.dst,
2290 TCA_FLOWER_KEY_ENC_IPV6_DST,
2291 &mask->enc_ipv6.dst,
2292 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
2293 sizeof(key->enc_ipv6.dst))))
2294 goto nla_put_failure;
2295
2296 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
2297 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
2298 sizeof(key->enc_key_id)) ||
2299 fl_dump_key_val(skb, &key->enc_tp.src,
2300 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
2301 &mask->enc_tp.src,
2302 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
2303 sizeof(key->enc_tp.src)) ||
2304 fl_dump_key_val(skb, &key->enc_tp.dst,
2305 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
2306 &mask->enc_tp.dst,
2307 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
2308 sizeof(key->enc_tp.dst)) ||
2309 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
2310 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
2311 goto nla_put_failure;
2312
2313 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
2314 goto nla_put_failure;
2315
2316 return 0;
2317
2318 nla_put_failure:
2319 return -EMSGSIZE;
2320 }
2321
2322 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
2323 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
2324 {
2325 struct cls_fl_filter *f = fh;
2326 struct nlattr *nest;
2327 struct fl_flow_key *key, *mask;
2328 bool skip_hw;
2329
2330 if (!f)
2331 return skb->len;
2332
2333 t->tcm_handle = f->handle;
2334
2335 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2336 if (!nest)
2337 goto nla_put_failure;
2338
2339 spin_lock(&tp->lock);
2340
2341 if (f->res.classid &&
2342 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
2343 goto nla_put_failure_locked;
2344
2345 key = &f->key;
2346 mask = &f->mask->key;
2347 skip_hw = tc_skip_hw(f->flags);
2348
2349 if (fl_dump_key(skb, net, key, mask))
2350 goto nla_put_failure_locked;
2351
2352 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
2353 goto nla_put_failure_locked;
2354
2355 spin_unlock(&tp->lock);
2356
2357 if (!skip_hw)
2358 fl_hw_update_stats(tp, f, rtnl_held);
2359
2360 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
2361 goto nla_put_failure;
2362
2363 if (tcf_exts_dump(skb, &f->exts))
2364 goto nla_put_failure;
2365
2366 nla_nest_end(skb, nest);
2367
2368 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
2369 goto nla_put_failure;
2370
2371 return skb->len;
2372
2373 nla_put_failure_locked:
2374 spin_unlock(&tp->lock);
2375 nla_put_failure:
2376 nla_nest_cancel(skb, nest);
2377 return -1;
2378 }
2379
2380 static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
2381 {
2382 struct fl_flow_tmplt *tmplt = tmplt_priv;
2383 struct fl_flow_key *key, *mask;
2384 struct nlattr *nest;
2385
2386 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2387 if (!nest)
2388 goto nla_put_failure;
2389
2390 key = &tmplt->dummy_key;
2391 mask = &tmplt->mask;
2392
2393 if (fl_dump_key(skb, net, key, mask))
2394 goto nla_put_failure;
2395
2396 nla_nest_end(skb, nest);
2397
2398 return skb->len;
2399
2400 nla_put_failure:
2401 nla_nest_cancel(skb, nest);
2402 return -EMSGSIZE;
2403 }
2404
2405 static void fl_bind_class(void *fh, u32 classid, unsigned long cl)
2406 {
2407 struct cls_fl_filter *f = fh;
2408
2409 if (f && f->res.classid == classid)
2410 f->res.class = cl;
2411 }
2412
2413 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
2414 .kind = "flower",
2415 .classify = fl_classify,
2416 .init = fl_init,
2417 .destroy = fl_destroy,
2418 .get = fl_get,
2419 .put = fl_put,
2420 .change = fl_change,
2421 .delete = fl_delete,
2422 .walk = fl_walk,
2423 .reoffload = fl_reoffload,
2424 .dump = fl_dump,
2425 .bind_class = fl_bind_class,
2426 .tmplt_create = fl_tmplt_create,
2427 .tmplt_destroy = fl_tmplt_destroy,
2428 .tmplt_dump = fl_tmplt_dump,
2429 .owner = THIS_MODULE,
2430 .flags = TCF_PROTO_OPS_DOIT_UNLOCKED,
2431 };
2432
2433 static int __init cls_fl_init(void)
2434 {
2435 return register_tcf_proto_ops(&cls_fl_ops);
2436 }
2437
2438 static void __exit cls_fl_exit(void)
2439 {
2440 unregister_tcf_proto_ops(&cls_fl_ops);
2441 }
2442
2443 module_init(cls_fl_init);
2444 module_exit(cls_fl_exit);
2445
2446 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2447 MODULE_DESCRIPTION("Flower classifier");
2448 MODULE_LICENSE("GPL v2");
A mirror of Linus' kernel repository