2 * net/sched/cls_flower.c Flower classifier
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
21 #include <linux/mpls.h>
23 #include <net/sch_generic.h>
24 #include <net/pkt_cls.h>
26 #include <net/flow_dissector.h>
29 #include <net/dst_metadata.h>
33 struct flow_dissector_key_control control;
34 struct flow_dissector_key_control enc_control;
35 struct flow_dissector_key_basic basic;
36 struct flow_dissector_key_eth_addrs eth;
37 struct flow_dissector_key_vlan vlan;
39 struct flow_dissector_key_ipv4_addrs ipv4;
40 struct flow_dissector_key_ipv6_addrs ipv6;
42 struct flow_dissector_key_ports tp;
43 struct flow_dissector_key_icmp icmp;
44 struct flow_dissector_key_arp arp;
45 struct flow_dissector_key_keyid enc_key_id;
47 struct flow_dissector_key_ipv4_addrs enc_ipv4;
48 struct flow_dissector_key_ipv6_addrs enc_ipv6;
50 struct flow_dissector_key_ports enc_tp;
51 struct flow_dissector_key_mpls mpls;
52 struct flow_dissector_key_tcp tcp;
53 struct flow_dissector_key_ip ip;
54 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
56 struct fl_flow_mask_range {
57 unsigned short int start;
58 unsigned short int end;
62 struct fl_flow_key key;
63 struct fl_flow_mask_range range;
64 struct rhash_head ht_node;
66 struct rhashtable_params filter_ht_params;
67 struct flow_dissector dissector;
68 struct list_head filters;
70 struct list_head list;
75 struct list_head masks;
76 struct rcu_work rwork;
77 struct idr handle_idr;
80 struct cls_fl_filter {
81 struct fl_flow_mask *mask;
82 struct rhash_head ht_node;
83 struct fl_flow_key mkey;
85 struct tcf_result res;
86 struct fl_flow_key key;
87 struct list_head list;
90 struct rcu_work rwork;
91 struct net_device *hw_dev;
94 static const struct rhashtable_params mask_ht_params = {
95 .key_offset = offsetof(struct fl_flow_mask, key),
96 .key_len = sizeof(struct fl_flow_key),
97 .head_offset = offsetof(struct fl_flow_mask, ht_node),
98 .automatic_shrinking = true,
101 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
103 return mask->range.end - mask->range.start;
106 static void fl_mask_update_range(struct fl_flow_mask *mask)
108 const u8 *bytes = (const u8 *) &mask->key;
109 size_t size = sizeof(mask->key);
110 size_t i, first = 0, last;
112 for (i = 0; i < size; i++) {
119 for (i = size - 1; i != first; i--) {
125 mask->range.start = rounddown(first, sizeof(long));
126 mask->range.end = roundup(last + 1, sizeof(long));
129 static void *fl_key_get_start(struct fl_flow_key *key,
130 const struct fl_flow_mask *mask)
132 return (u8 *) key + mask->range.start;
135 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
136 struct fl_flow_mask *mask)
138 const long *lkey = fl_key_get_start(key, mask);
139 const long *lmask = fl_key_get_start(&mask->key, mask);
140 long *lmkey = fl_key_get_start(mkey, mask);
143 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
144 *lmkey++ = *lkey++ & *lmask++;
147 static void fl_clear_masked_range(struct fl_flow_key *key,
148 struct fl_flow_mask *mask)
150 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
153 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
154 struct fl_flow_key *mkey)
156 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
157 mask->filter_ht_params);
160 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
161 struct tcf_result *res)
163 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
164 struct cls_fl_filter *f;
165 struct fl_flow_mask *mask;
166 struct fl_flow_key skb_key;
167 struct fl_flow_key skb_mkey;
169 list_for_each_entry_rcu(mask, &head->masks, list) {
170 fl_clear_masked_range(&skb_key, mask);
172 skb_key.indev_ifindex = skb->skb_iif;
173 /* skb_flow_dissect() does not set n_proto in case an unknown
174 * protocol, so do it rather here.
176 skb_key.basic.n_proto = skb->protocol;
177 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
178 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
180 fl_set_masked_key(&skb_mkey, &skb_key, mask);
182 f = fl_lookup(mask, &skb_mkey);
183 if (f && !tc_skip_sw(f->flags)) {
185 return tcf_exts_exec(skb, &f->exts, res);
191 static int fl_init(struct tcf_proto *tp)
193 struct cls_fl_head *head;
195 head = kzalloc(sizeof(*head), GFP_KERNEL);
199 INIT_LIST_HEAD_RCU(&head->masks);
200 rcu_assign_pointer(tp->root, head);
201 idr_init(&head->handle_idr);
203 return rhashtable_init(&head->ht, &mask_ht_params);
206 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask,
209 if (!list_empty(&mask->filters))
212 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
213 rhashtable_destroy(&mask->ht);
214 list_del_rcu(&mask->list);
216 kfree_rcu(mask, rcu);
223 static void __fl_destroy_filter(struct cls_fl_filter *f)
225 tcf_exts_destroy(&f->exts);
226 tcf_exts_put_net(&f->exts);
230 static void fl_destroy_filter_work(struct work_struct *work)
232 struct cls_fl_filter *f = container_of(to_rcu_work(work),
233 struct cls_fl_filter, rwork);
236 __fl_destroy_filter(f);
240 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
241 struct netlink_ext_ack *extack)
243 struct tc_cls_flower_offload cls_flower = {};
244 struct tcf_block *block = tp->chain->block;
246 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
247 cls_flower.command = TC_CLSFLOWER_DESTROY;
248 cls_flower.cookie = (unsigned long) f;
250 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
252 tcf_block_offload_dec(block, &f->flags);
255 static int fl_hw_replace_filter(struct tcf_proto *tp,
256 struct cls_fl_filter *f,
257 struct netlink_ext_ack *extack)
259 struct tc_cls_flower_offload cls_flower = {};
260 struct tcf_block *block = tp->chain->block;
261 bool skip_sw = tc_skip_sw(f->flags);
264 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
265 cls_flower.command = TC_CLSFLOWER_REPLACE;
266 cls_flower.cookie = (unsigned long) f;
267 cls_flower.dissector = &f->mask->dissector;
268 cls_flower.mask = &f->mask->key;
269 cls_flower.key = &f->mkey;
270 cls_flower.exts = &f->exts;
271 cls_flower.classid = f->res.classid;
273 err = tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
274 &cls_flower, skip_sw);
276 fl_hw_destroy_filter(tp, f, NULL);
278 } else if (err > 0) {
279 tcf_block_offload_inc(block, &f->flags);
282 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
288 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
290 struct tc_cls_flower_offload cls_flower = {};
291 struct tcf_block *block = tp->chain->block;
293 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
294 cls_flower.command = TC_CLSFLOWER_STATS;
295 cls_flower.cookie = (unsigned long) f;
296 cls_flower.exts = &f->exts;
297 cls_flower.classid = f->res.classid;
299 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
303 static bool __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
304 struct netlink_ext_ack *extack)
306 struct cls_fl_head *head = rtnl_dereference(tp->root);
307 bool async = tcf_exts_get_net(&f->exts);
310 idr_remove(&head->handle_idr, f->handle);
311 list_del_rcu(&f->list);
312 last = fl_mask_put(head, f->mask, async);
313 if (!tc_skip_hw(f->flags))
314 fl_hw_destroy_filter(tp, f, extack);
315 tcf_unbind_filter(tp, &f->res);
317 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
319 __fl_destroy_filter(f);
324 static void fl_destroy_sleepable(struct work_struct *work)
326 struct cls_fl_head *head = container_of(to_rcu_work(work),
330 rhashtable_destroy(&head->ht);
332 module_put(THIS_MODULE);
335 static void fl_destroy(struct tcf_proto *tp, struct netlink_ext_ack *extack)
337 struct cls_fl_head *head = rtnl_dereference(tp->root);
338 struct fl_flow_mask *mask, *next_mask;
339 struct cls_fl_filter *f, *next;
341 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
342 list_for_each_entry_safe(f, next, &mask->filters, list) {
343 if (__fl_delete(tp, f, extack))
347 idr_destroy(&head->handle_idr);
349 __module_get(THIS_MODULE);
350 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
353 static void *fl_get(struct tcf_proto *tp, u32 handle)
355 struct cls_fl_head *head = rtnl_dereference(tp->root);
357 return idr_find(&head->handle_idr, handle);
360 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
361 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
362 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
363 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
365 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
366 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
367 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
368 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
369 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
370 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
371 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
372 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
373 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
374 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
375 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
376 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
377 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
378 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
379 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
380 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
381 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
382 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
383 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
384 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
385 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
386 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
387 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
388 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
389 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
390 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
391 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
392 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
393 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
394 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
395 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
396 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
397 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
398 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
399 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
400 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
401 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
402 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
403 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
404 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
405 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
406 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
407 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
408 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
409 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
410 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
411 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
412 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
413 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
414 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
415 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
416 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
417 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
418 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
419 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
420 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
421 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
422 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
423 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
424 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
425 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
426 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
427 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
428 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
429 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
430 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
431 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
432 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
433 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
434 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
435 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
436 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
439 static void fl_set_key_val(struct nlattr **tb,
440 void *val, int val_type,
441 void *mask, int mask_type, int len)
445 memcpy(val, nla_data(tb[val_type]), len);
446 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
447 memset(mask, 0xff, len);
449 memcpy(mask, nla_data(tb[mask_type]), len);
452 static int fl_set_key_mpls(struct nlattr **tb,
453 struct flow_dissector_key_mpls *key_val,
454 struct flow_dissector_key_mpls *key_mask)
456 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
457 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
458 key_mask->mpls_ttl = MPLS_TTL_MASK;
460 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
461 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
463 if (bos & ~MPLS_BOS_MASK)
465 key_val->mpls_bos = bos;
466 key_mask->mpls_bos = MPLS_BOS_MASK;
468 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
469 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
471 if (tc & ~MPLS_TC_MASK)
473 key_val->mpls_tc = tc;
474 key_mask->mpls_tc = MPLS_TC_MASK;
476 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
477 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
479 if (label & ~MPLS_LABEL_MASK)
481 key_val->mpls_label = label;
482 key_mask->mpls_label = MPLS_LABEL_MASK;
487 static void fl_set_key_vlan(struct nlattr **tb,
488 struct flow_dissector_key_vlan *key_val,
489 struct flow_dissector_key_vlan *key_mask)
491 #define VLAN_PRIORITY_MASK 0x7
493 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
495 nla_get_u16(tb[TCA_FLOWER_KEY_VLAN_ID]) & VLAN_VID_MASK;
496 key_mask->vlan_id = VLAN_VID_MASK;
498 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
499 key_val->vlan_priority =
500 nla_get_u8(tb[TCA_FLOWER_KEY_VLAN_PRIO]) &
502 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
506 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
507 u32 *dissector_key, u32 *dissector_mask,
508 u32 flower_flag_bit, u32 dissector_flag_bit)
510 if (flower_mask & flower_flag_bit) {
511 *dissector_mask |= dissector_flag_bit;
512 if (flower_key & flower_flag_bit)
513 *dissector_key |= dissector_flag_bit;
517 static int fl_set_key_flags(struct nlattr **tb,
518 u32 *flags_key, u32 *flags_mask)
522 /* mask is mandatory for flags */
523 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
526 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
527 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
532 fl_set_key_flag(key, mask, flags_key, flags_mask,
533 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
534 fl_set_key_flag(key, mask, flags_key, flags_mask,
535 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
536 FLOW_DIS_FIRST_FRAG);
541 static void fl_set_key_ip(struct nlattr **tb,
542 struct flow_dissector_key_ip *key,
543 struct flow_dissector_key_ip *mask)
545 fl_set_key_val(tb, &key->tos, TCA_FLOWER_KEY_IP_TOS,
546 &mask->tos, TCA_FLOWER_KEY_IP_TOS_MASK,
549 fl_set_key_val(tb, &key->ttl, TCA_FLOWER_KEY_IP_TTL,
550 &mask->ttl, TCA_FLOWER_KEY_IP_TTL_MASK,
554 static int fl_set_key(struct net *net, struct nlattr **tb,
555 struct fl_flow_key *key, struct fl_flow_key *mask,
556 struct netlink_ext_ack *extack)
560 #ifdef CONFIG_NET_CLS_IND
561 if (tb[TCA_FLOWER_INDEV]) {
562 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
565 key->indev_ifindex = err;
566 mask->indev_ifindex = 0xffffffff;
570 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
571 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
572 sizeof(key->eth.dst));
573 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
574 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
575 sizeof(key->eth.src));
577 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
578 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
580 if (ethertype == htons(ETH_P_8021Q)) {
581 fl_set_key_vlan(tb, &key->vlan, &mask->vlan);
582 fl_set_key_val(tb, &key->basic.n_proto,
583 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
584 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
585 sizeof(key->basic.n_proto));
587 key->basic.n_proto = ethertype;
588 mask->basic.n_proto = cpu_to_be16(~0);
592 if (key->basic.n_proto == htons(ETH_P_IP) ||
593 key->basic.n_proto == htons(ETH_P_IPV6)) {
594 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
595 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
596 sizeof(key->basic.ip_proto));
597 fl_set_key_ip(tb, &key->ip, &mask->ip);
600 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
601 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
602 mask->control.addr_type = ~0;
603 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
604 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
605 sizeof(key->ipv4.src));
606 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
607 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
608 sizeof(key->ipv4.dst));
609 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
610 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
611 mask->control.addr_type = ~0;
612 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
613 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
614 sizeof(key->ipv6.src));
615 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
616 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
617 sizeof(key->ipv6.dst));
620 if (key->basic.ip_proto == IPPROTO_TCP) {
621 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
622 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
623 sizeof(key->tp.src));
624 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
625 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
626 sizeof(key->tp.dst));
627 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
628 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
629 sizeof(key->tcp.flags));
630 } else if (key->basic.ip_proto == IPPROTO_UDP) {
631 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
632 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
633 sizeof(key->tp.src));
634 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
635 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
636 sizeof(key->tp.dst));
637 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
638 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
639 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
640 sizeof(key->tp.src));
641 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
642 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
643 sizeof(key->tp.dst));
644 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
645 key->basic.ip_proto == IPPROTO_ICMP) {
646 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
648 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
649 sizeof(key->icmp.type));
650 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
652 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
653 sizeof(key->icmp.code));
654 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
655 key->basic.ip_proto == IPPROTO_ICMPV6) {
656 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
658 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
659 sizeof(key->icmp.type));
660 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
662 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
663 sizeof(key->icmp.code));
664 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
665 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
666 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
669 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
670 key->basic.n_proto == htons(ETH_P_RARP)) {
671 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
672 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
673 sizeof(key->arp.sip));
674 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
675 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
676 sizeof(key->arp.tip));
677 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
678 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
679 sizeof(key->arp.op));
680 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
681 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
682 sizeof(key->arp.sha));
683 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
684 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
685 sizeof(key->arp.tha));
688 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
689 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
690 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
691 mask->enc_control.addr_type = ~0;
692 fl_set_key_val(tb, &key->enc_ipv4.src,
693 TCA_FLOWER_KEY_ENC_IPV4_SRC,
695 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
696 sizeof(key->enc_ipv4.src));
697 fl_set_key_val(tb, &key->enc_ipv4.dst,
698 TCA_FLOWER_KEY_ENC_IPV4_DST,
700 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
701 sizeof(key->enc_ipv4.dst));
704 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
705 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
706 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
707 mask->enc_control.addr_type = ~0;
708 fl_set_key_val(tb, &key->enc_ipv6.src,
709 TCA_FLOWER_KEY_ENC_IPV6_SRC,
711 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
712 sizeof(key->enc_ipv6.src));
713 fl_set_key_val(tb, &key->enc_ipv6.dst,
714 TCA_FLOWER_KEY_ENC_IPV6_DST,
716 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
717 sizeof(key->enc_ipv6.dst));
720 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
721 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
722 sizeof(key->enc_key_id.keyid));
724 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
725 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
726 sizeof(key->enc_tp.src));
728 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
729 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
730 sizeof(key->enc_tp.dst));
732 if (tb[TCA_FLOWER_KEY_FLAGS])
733 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
738 static void fl_mask_copy(struct fl_flow_mask *dst,
739 struct fl_flow_mask *src)
741 const void *psrc = fl_key_get_start(&src->key, src);
742 void *pdst = fl_key_get_start(&dst->key, src);
744 memcpy(pdst, psrc, fl_mask_range(src));
745 dst->range = src->range;
748 static const struct rhashtable_params fl_ht_params = {
749 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
750 .head_offset = offsetof(struct cls_fl_filter, ht_node),
751 .automatic_shrinking = true,
754 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
756 mask->filter_ht_params = fl_ht_params;
757 mask->filter_ht_params.key_len = fl_mask_range(mask);
758 mask->filter_ht_params.key_offset += mask->range.start;
760 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
763 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
764 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
766 #define FL_KEY_IS_MASKED(mask, member) \
767 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
768 0, FL_KEY_MEMBER_SIZE(member)) \
770 #define FL_KEY_SET(keys, cnt, id, member) \
772 keys[cnt].key_id = id; \
773 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
777 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
779 if (FL_KEY_IS_MASKED(mask, member)) \
780 FL_KEY_SET(keys, cnt, id, member); \
783 static void fl_init_dissector(struct fl_flow_mask *mask)
785 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
788 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
789 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
790 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
791 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
792 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
793 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
794 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
795 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
796 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
797 FLOW_DISSECTOR_KEY_PORTS, tp);
798 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
799 FLOW_DISSECTOR_KEY_IP, ip);
800 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
801 FLOW_DISSECTOR_KEY_TCP, tcp);
802 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
803 FLOW_DISSECTOR_KEY_ICMP, icmp);
804 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
805 FLOW_DISSECTOR_KEY_ARP, arp);
806 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
807 FLOW_DISSECTOR_KEY_MPLS, mpls);
808 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
809 FLOW_DISSECTOR_KEY_VLAN, vlan);
810 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
811 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
812 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
813 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
814 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
815 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
816 if (FL_KEY_IS_MASKED(&mask->key, enc_ipv4) ||
817 FL_KEY_IS_MASKED(&mask->key, enc_ipv6))
818 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
820 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
821 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
823 skb_flow_dissector_init(&mask->dissector, keys, cnt);
826 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
827 struct fl_flow_mask *mask)
829 struct fl_flow_mask *newmask;
832 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
834 return ERR_PTR(-ENOMEM);
836 fl_mask_copy(newmask, mask);
838 err = fl_init_mask_hashtable(newmask);
842 fl_init_dissector(newmask);
844 INIT_LIST_HEAD_RCU(&newmask->filters);
846 err = rhashtable_insert_fast(&head->ht, &newmask->ht_node,
851 list_add_tail_rcu(&newmask->list, &head->masks);
856 rhashtable_destroy(&newmask->ht);
863 static int fl_check_assign_mask(struct cls_fl_head *head,
864 struct cls_fl_filter *fnew,
865 struct cls_fl_filter *fold,
866 struct fl_flow_mask *mask)
868 struct fl_flow_mask *newmask;
870 fnew->mask = rhashtable_lookup_fast(&head->ht, mask, mask_ht_params);
875 newmask = fl_create_new_mask(head, mask);
877 return PTR_ERR(newmask);
879 fnew->mask = newmask;
880 } else if (fold && fold->mask != fnew->mask) {
887 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
888 struct cls_fl_filter *f, struct fl_flow_mask *mask,
889 unsigned long base, struct nlattr **tb,
890 struct nlattr *est, bool ovr,
891 struct netlink_ext_ack *extack)
895 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, extack);
899 if (tb[TCA_FLOWER_CLASSID]) {
900 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
901 tcf_bind_filter(tp, &f->res, base);
904 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
908 fl_mask_update_range(mask);
909 fl_set_masked_key(&f->mkey, &f->key, mask);
914 static int fl_change(struct net *net, struct sk_buff *in_skb,
915 struct tcf_proto *tp, unsigned long base,
916 u32 handle, struct nlattr **tca,
917 void **arg, bool ovr, struct netlink_ext_ack *extack)
919 struct cls_fl_head *head = rtnl_dereference(tp->root);
920 struct cls_fl_filter *fold = *arg;
921 struct cls_fl_filter *fnew;
923 struct fl_flow_mask mask = {};
926 if (!tca[TCA_OPTIONS])
929 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
933 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
938 if (fold && handle && fold->handle != handle) {
943 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
949 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
955 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
956 INT_MAX, GFP_KERNEL);
958 /* user specifies a handle and it doesn't exist */
959 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
964 fnew->handle = handle;
966 if (tb[TCA_FLOWER_FLAGS]) {
967 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
969 if (!tc_flags_valid(fnew->flags)) {
975 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr,
980 err = fl_check_assign_mask(head, fnew, fold, &mask);
984 if (!tc_skip_sw(fnew->flags)) {
985 if (!fold && fl_lookup(fnew->mask, &fnew->mkey)) {
990 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
991 fnew->mask->filter_ht_params);
996 if (!tc_skip_hw(fnew->flags)) {
997 err = fl_hw_replace_filter(tp, fnew, extack);
1002 if (!tc_in_hw(fnew->flags))
1003 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1006 if (!tc_skip_sw(fold->flags))
1007 rhashtable_remove_fast(&fold->mask->ht,
1009 fold->mask->filter_ht_params);
1010 if (!tc_skip_hw(fold->flags))
1011 fl_hw_destroy_filter(tp, fold, NULL);
1017 idr_replace(&head->handle_idr, fnew, fnew->handle);
1018 list_replace_rcu(&fold->list, &fnew->list);
1019 tcf_unbind_filter(tp, &fold->res);
1020 tcf_exts_get_net(&fold->exts);
1021 tcf_queue_work(&fold->rwork, fl_destroy_filter_work);
1023 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1030 fl_mask_put(head, fnew->mask, false);
1034 idr_remove(&head->handle_idr, fnew->handle);
1036 tcf_exts_destroy(&fnew->exts);
1043 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1044 struct netlink_ext_ack *extack)
1046 struct cls_fl_head *head = rtnl_dereference(tp->root);
1047 struct cls_fl_filter *f = arg;
1049 if (!tc_skip_sw(f->flags))
1050 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
1051 f->mask->filter_ht_params);
1052 __fl_delete(tp, f, extack);
1053 *last = list_empty(&head->masks);
1057 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
1059 struct cls_fl_head *head = rtnl_dereference(tp->root);
1060 struct cls_fl_filter *f;
1061 struct fl_flow_mask *mask;
1063 list_for_each_entry_rcu(mask, &head->masks, list) {
1064 list_for_each_entry_rcu(f, &mask->filters, list) {
1065 if (arg->count < arg->skip)
1067 if (arg->fn(tp, f, arg) < 0) {
1077 static int fl_dump_key_val(struct sk_buff *skb,
1078 void *val, int val_type,
1079 void *mask, int mask_type, int len)
1083 if (!memchr_inv(mask, 0, len))
1085 err = nla_put(skb, val_type, len, val);
1088 if (mask_type != TCA_FLOWER_UNSPEC) {
1089 err = nla_put(skb, mask_type, len, mask);
1096 static int fl_dump_key_mpls(struct sk_buff *skb,
1097 struct flow_dissector_key_mpls *mpls_key,
1098 struct flow_dissector_key_mpls *mpls_mask)
1102 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1104 if (mpls_mask->mpls_ttl) {
1105 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1106 mpls_key->mpls_ttl);
1110 if (mpls_mask->mpls_tc) {
1111 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1116 if (mpls_mask->mpls_label) {
1117 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1118 mpls_key->mpls_label);
1122 if (mpls_mask->mpls_bos) {
1123 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1124 mpls_key->mpls_bos);
1131 static int fl_dump_key_ip(struct sk_buff *skb,
1132 struct flow_dissector_key_ip *key,
1133 struct flow_dissector_key_ip *mask)
1135 if (fl_dump_key_val(skb, &key->tos, TCA_FLOWER_KEY_IP_TOS, &mask->tos,
1136 TCA_FLOWER_KEY_IP_TOS_MASK, sizeof(key->tos)) ||
1137 fl_dump_key_val(skb, &key->ttl, TCA_FLOWER_KEY_IP_TTL, &mask->ttl,
1138 TCA_FLOWER_KEY_IP_TTL_MASK, sizeof(key->ttl)))
1144 static int fl_dump_key_vlan(struct sk_buff *skb,
1145 struct flow_dissector_key_vlan *vlan_key,
1146 struct flow_dissector_key_vlan *vlan_mask)
1150 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1152 if (vlan_mask->vlan_id) {
1153 err = nla_put_u16(skb, TCA_FLOWER_KEY_VLAN_ID,
1158 if (vlan_mask->vlan_priority) {
1159 err = nla_put_u8(skb, TCA_FLOWER_KEY_VLAN_PRIO,
1160 vlan_key->vlan_priority);
1167 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
1168 u32 *flower_key, u32 *flower_mask,
1169 u32 flower_flag_bit, u32 dissector_flag_bit)
1171 if (dissector_mask & dissector_flag_bit) {
1172 *flower_mask |= flower_flag_bit;
1173 if (dissector_key & dissector_flag_bit)
1174 *flower_key |= flower_flag_bit;
1178 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
1184 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
1190 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1191 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
1192 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1193 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
1194 FLOW_DIS_FIRST_FRAG);
1196 _key = cpu_to_be32(key);
1197 _mask = cpu_to_be32(mask);
1199 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
1203 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
1206 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
1207 struct sk_buff *skb, struct tcmsg *t)
1209 struct cls_fl_filter *f = fh;
1210 struct nlattr *nest;
1211 struct fl_flow_key *key, *mask;
1216 t->tcm_handle = f->handle;
1218 nest = nla_nest_start(skb, TCA_OPTIONS);
1220 goto nla_put_failure;
1222 if (f->res.classid &&
1223 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
1224 goto nla_put_failure;
1227 mask = &f->mask->key;
1229 if (mask->indev_ifindex) {
1230 struct net_device *dev;
1232 dev = __dev_get_by_index(net, key->indev_ifindex);
1233 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1234 goto nla_put_failure;
1237 if (!tc_skip_hw(f->flags))
1238 fl_hw_update_stats(tp, f);
1240 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1241 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1242 sizeof(key->eth.dst)) ||
1243 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1244 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1245 sizeof(key->eth.src)) ||
1246 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1247 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1248 sizeof(key->basic.n_proto)))
1249 goto nla_put_failure;
1251 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
1252 goto nla_put_failure;
1254 if (fl_dump_key_vlan(skb, &key->vlan, &mask->vlan))
1255 goto nla_put_failure;
1257 if ((key->basic.n_proto == htons(ETH_P_IP) ||
1258 key->basic.n_proto == htons(ETH_P_IPV6)) &&
1259 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1260 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1261 sizeof(key->basic.ip_proto)) ||
1262 fl_dump_key_ip(skb, &key->ip, &mask->ip)))
1263 goto nla_put_failure;
1265 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1266 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1267 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1268 sizeof(key->ipv4.src)) ||
1269 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1270 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1271 sizeof(key->ipv4.dst))))
1272 goto nla_put_failure;
1273 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1274 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1275 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1276 sizeof(key->ipv6.src)) ||
1277 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1278 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1279 sizeof(key->ipv6.dst))))
1280 goto nla_put_failure;
1282 if (key->basic.ip_proto == IPPROTO_TCP &&
1283 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1284 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1285 sizeof(key->tp.src)) ||
1286 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1287 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1288 sizeof(key->tp.dst)) ||
1289 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1290 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1291 sizeof(key->tcp.flags))))
1292 goto nla_put_failure;
1293 else if (key->basic.ip_proto == IPPROTO_UDP &&
1294 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1295 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1296 sizeof(key->tp.src)) ||
1297 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1298 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1299 sizeof(key->tp.dst))))
1300 goto nla_put_failure;
1301 else if (key->basic.ip_proto == IPPROTO_SCTP &&
1302 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1303 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1304 sizeof(key->tp.src)) ||
1305 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1306 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1307 sizeof(key->tp.dst))))
1308 goto nla_put_failure;
1309 else if (key->basic.n_proto == htons(ETH_P_IP) &&
1310 key->basic.ip_proto == IPPROTO_ICMP &&
1311 (fl_dump_key_val(skb, &key->icmp.type,
1312 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
1313 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1314 sizeof(key->icmp.type)) ||
1315 fl_dump_key_val(skb, &key->icmp.code,
1316 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
1317 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1318 sizeof(key->icmp.code))))
1319 goto nla_put_failure;
1320 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1321 key->basic.ip_proto == IPPROTO_ICMPV6 &&
1322 (fl_dump_key_val(skb, &key->icmp.type,
1323 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
1324 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1325 sizeof(key->icmp.type)) ||
1326 fl_dump_key_val(skb, &key->icmp.code,
1327 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
1328 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1329 sizeof(key->icmp.code))))
1330 goto nla_put_failure;
1331 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
1332 key->basic.n_proto == htons(ETH_P_RARP)) &&
1333 (fl_dump_key_val(skb, &key->arp.sip,
1334 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
1335 TCA_FLOWER_KEY_ARP_SIP_MASK,
1336 sizeof(key->arp.sip)) ||
1337 fl_dump_key_val(skb, &key->arp.tip,
1338 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
1339 TCA_FLOWER_KEY_ARP_TIP_MASK,
1340 sizeof(key->arp.tip)) ||
1341 fl_dump_key_val(skb, &key->arp.op,
1342 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
1343 TCA_FLOWER_KEY_ARP_OP_MASK,
1344 sizeof(key->arp.op)) ||
1345 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1346 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1347 sizeof(key->arp.sha)) ||
1348 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1349 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1350 sizeof(key->arp.tha))))
1351 goto nla_put_failure;
1353 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1354 (fl_dump_key_val(skb, &key->enc_ipv4.src,
1355 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
1356 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1357 sizeof(key->enc_ipv4.src)) ||
1358 fl_dump_key_val(skb, &key->enc_ipv4.dst,
1359 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
1360 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1361 sizeof(key->enc_ipv4.dst))))
1362 goto nla_put_failure;
1363 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1364 (fl_dump_key_val(skb, &key->enc_ipv6.src,
1365 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
1366 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1367 sizeof(key->enc_ipv6.src)) ||
1368 fl_dump_key_val(skb, &key->enc_ipv6.dst,
1369 TCA_FLOWER_KEY_ENC_IPV6_DST,
1370 &mask->enc_ipv6.dst,
1371 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1372 sizeof(key->enc_ipv6.dst))))
1373 goto nla_put_failure;
1375 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
1376 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
1377 sizeof(key->enc_key_id)) ||
1378 fl_dump_key_val(skb, &key->enc_tp.src,
1379 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1381 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1382 sizeof(key->enc_tp.src)) ||
1383 fl_dump_key_val(skb, &key->enc_tp.dst,
1384 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1386 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1387 sizeof(key->enc_tp.dst)))
1388 goto nla_put_failure;
1390 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
1391 goto nla_put_failure;
1393 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
1394 goto nla_put_failure;
1396 if (tcf_exts_dump(skb, &f->exts))
1397 goto nla_put_failure;
1399 nla_nest_end(skb, nest);
1401 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
1402 goto nla_put_failure;
1407 nla_nest_cancel(skb, nest);
1411 static void fl_bind_class(void *fh, u32 classid, unsigned long cl)
1413 struct cls_fl_filter *f = fh;
1415 if (f && f->res.classid == classid)
1419 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
1421 .classify = fl_classify,
1423 .destroy = fl_destroy,
1425 .change = fl_change,
1426 .delete = fl_delete,
1429 .bind_class = fl_bind_class,
1430 .owner = THIS_MODULE,
1433 static int __init cls_fl_init(void)
1435 return register_tcf_proto_ops(&cls_fl_ops);
1438 static void __exit cls_fl_exit(void)
1440 unregister_tcf_proto_ops(&cls_fl_ops);
1443 module_init(cls_fl_init);
1444 module_exit(cls_fl_exit);
1446 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
1447 MODULE_DESCRIPTION("Flower classifier");
1448 MODULE_LICENSE("GPL v2");
git.samba.org / sfrench / cifs-2.6.git / blob