net: sched: don't dump chains only held by actions
[sfrench/cifs-2.6.git] / net / sched / cls_api.c
1 /*
2  * net/sched/cls_api.c  Packet classifier API.
3  *
4  *              This program is free software; you can redistribute it and/or
5  *              modify it under the terms of the GNU General Public License
6  *              as published by the Free Software Foundation; either version
7  *              2 of the License, or (at your option) any later version.
8  *
9  * Authors:     Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10  *
11  * Changes:
12  *
13  * Eduardo J. Blanco <ejbs@netlabs.com.uy> :990222: kmod support
14  *
15  */
16
17 #include <linux/module.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/string.h>
21 #include <linux/errno.h>
22 #include <linux/err.h>
23 #include <linux/skbuff.h>
24 #include <linux/init.h>
25 #include <linux/kmod.h>
26 #include <linux/slab.h>
27 #include <linux/idr.h>
28 #include <net/net_namespace.h>
29 #include <net/sock.h>
30 #include <net/netlink.h>
31 #include <net/pkt_sched.h>
32 #include <net/pkt_cls.h>
33
34 /* The list of all installed classifier types */
35 static LIST_HEAD(tcf_proto_base);
36
37 /* Protects list of registered TC modules. It is pure SMP lock. */
38 static DEFINE_RWLOCK(cls_mod_lock);
39
40 /* Find classifier type by string name */
41
42 static const struct tcf_proto_ops *__tcf_proto_lookup_ops(const char *kind)
43 {
44         const struct tcf_proto_ops *t, *res = NULL;
45
46         if (kind) {
47                 read_lock(&cls_mod_lock);
48                 list_for_each_entry(t, &tcf_proto_base, head) {
49                         if (strcmp(kind, t->kind) == 0) {
50                                 if (try_module_get(t->owner))
51                                         res = t;
52                                 break;
53                         }
54                 }
55                 read_unlock(&cls_mod_lock);
56         }
57         return res;
58 }
59
60 static const struct tcf_proto_ops *
61 tcf_proto_lookup_ops(const char *kind, struct netlink_ext_ack *extack)
62 {
63         const struct tcf_proto_ops *ops;
64
65         ops = __tcf_proto_lookup_ops(kind);
66         if (ops)
67                 return ops;
68 #ifdef CONFIG_MODULES
69         rtnl_unlock();
70         request_module("cls_%s", kind);
71         rtnl_lock();
72         ops = __tcf_proto_lookup_ops(kind);
73         /* We dropped the RTNL semaphore in order to perform
74          * the module load. So, even if we succeeded in loading
75          * the module we have to replay the request. We indicate
76          * this using -EAGAIN.
77          */
78         if (ops) {
79                 module_put(ops->owner);
80                 return ERR_PTR(-EAGAIN);
81         }
82 #endif
83         NL_SET_ERR_MSG(extack, "TC classifier not found");
84         return ERR_PTR(-ENOENT);
85 }
86
87 /* Register(unregister) new classifier type */
88
89 int register_tcf_proto_ops(struct tcf_proto_ops *ops)
90 {
91         struct tcf_proto_ops *t;
92         int rc = -EEXIST;
93
94         write_lock(&cls_mod_lock);
95         list_for_each_entry(t, &tcf_proto_base, head)
96                 if (!strcmp(ops->kind, t->kind))
97                         goto out;
98
99         list_add_tail(&ops->head, &tcf_proto_base);
100         rc = 0;
101 out:
102         write_unlock(&cls_mod_lock);
103         return rc;
104 }
105 EXPORT_SYMBOL(register_tcf_proto_ops);
106
107 static struct workqueue_struct *tc_filter_wq;
108
109 int unregister_tcf_proto_ops(struct tcf_proto_ops *ops)
110 {
111         struct tcf_proto_ops *t;
112         int rc = -ENOENT;
113
114         /* Wait for outstanding call_rcu()s, if any, from a
115          * tcf_proto_ops's destroy() handler.
116          */
117         rcu_barrier();
118         flush_workqueue(tc_filter_wq);
119
120         write_lock(&cls_mod_lock);
121         list_for_each_entry(t, &tcf_proto_base, head) {
122                 if (t == ops) {
123                         list_del(&t->head);
124                         rc = 0;
125                         break;
126                 }
127         }
128         write_unlock(&cls_mod_lock);
129         return rc;
130 }
131 EXPORT_SYMBOL(unregister_tcf_proto_ops);
132
133 bool tcf_queue_work(struct rcu_work *rwork, work_func_t func)
134 {
135         INIT_RCU_WORK(rwork, func);
136         return queue_rcu_work(tc_filter_wq, rwork);
137 }
138 EXPORT_SYMBOL(tcf_queue_work);
139
140 /* Select new prio value from the range, managed by kernel. */
141
142 static inline u32 tcf_auto_prio(struct tcf_proto *tp)
143 {
144         u32 first = TC_H_MAKE(0xC0000000U, 0U);
145
146         if (tp)
147                 first = tp->prio - 1;
148
149         return TC_H_MAJ(first);
150 }
151
152 static struct tcf_proto *tcf_proto_create(const char *kind, u32 protocol,
153                                           u32 prio, struct tcf_chain *chain,
154                                           struct netlink_ext_ack *extack)
155 {
156         struct tcf_proto *tp;
157         int err;
158
159         tp = kzalloc(sizeof(*tp), GFP_KERNEL);
160         if (!tp)
161                 return ERR_PTR(-ENOBUFS);
162
163         tp->ops = tcf_proto_lookup_ops(kind, extack);
164         if (IS_ERR(tp->ops)) {
165                 err = PTR_ERR(tp->ops);
166                 goto errout;
167         }
168         tp->classify = tp->ops->classify;
169         tp->protocol = protocol;
170         tp->prio = prio;
171         tp->chain = chain;
172
173         err = tp->ops->init(tp);
174         if (err) {
175                 module_put(tp->ops->owner);
176                 goto errout;
177         }
178         return tp;
179
180 errout:
181         kfree(tp);
182         return ERR_PTR(err);
183 }
184
185 static void tcf_proto_destroy(struct tcf_proto *tp,
186                               struct netlink_ext_ack *extack)
187 {
188         tp->ops->destroy(tp, extack);
189         module_put(tp->ops->owner);
190         kfree_rcu(tp, rcu);
191 }
192
193 struct tcf_filter_chain_list_item {
194         struct list_head list;
195         tcf_chain_head_change_t *chain_head_change;
196         void *chain_head_change_priv;
197 };
198
199 static struct tcf_chain *tcf_chain_create(struct tcf_block *block,
200                                           u32 chain_index)
201 {
202         struct tcf_chain *chain;
203
204         chain = kzalloc(sizeof(*chain), GFP_KERNEL);
205         if (!chain)
206                 return NULL;
207         list_add_tail(&chain->list, &block->chain_list);
208         chain->block = block;
209         chain->index = chain_index;
210         chain->refcnt = 1;
211         if (!chain->index)
212                 block->chain0.chain = chain;
213         return chain;
214 }
215
216 static void tcf_chain_head_change_item(struct tcf_filter_chain_list_item *item,
217                                        struct tcf_proto *tp_head)
218 {
219         if (item->chain_head_change)
220                 item->chain_head_change(tp_head, item->chain_head_change_priv);
221 }
222
223 static void tcf_chain0_head_change(struct tcf_chain *chain,
224                                    struct tcf_proto *tp_head)
225 {
226         struct tcf_filter_chain_list_item *item;
227         struct tcf_block *block = chain->block;
228
229         if (chain->index)
230                 return;
231         list_for_each_entry(item, &block->chain0.filter_chain_list, list)
232                 tcf_chain_head_change_item(item, tp_head);
233 }
234
235 static void tcf_chain_flush(struct tcf_chain *chain)
236 {
237         struct tcf_proto *tp = rtnl_dereference(chain->filter_chain);
238
239         tcf_chain0_head_change(chain, NULL);
240         while (tp) {
241                 RCU_INIT_POINTER(chain->filter_chain, tp->next);
242                 tcf_proto_destroy(tp, NULL);
243                 tp = rtnl_dereference(chain->filter_chain);
244                 tcf_chain_put(chain);
245         }
246 }
247
248 static void tcf_chain_destroy(struct tcf_chain *chain)
249 {
250         struct tcf_block *block = chain->block;
251
252         list_del(&chain->list);
253         if (!chain->index)
254                 block->chain0.chain = NULL;
255         kfree(chain);
256         if (list_empty(&block->chain_list) && block->refcnt == 0)
257                 kfree(block);
258 }
259
260 static void tcf_chain_hold(struct tcf_chain *chain)
261 {
262         ++chain->refcnt;
263 }
264
265 static void tcf_chain_hold_by_act(struct tcf_chain *chain)
266 {
267         ++chain->action_refcnt;
268 }
269
270 static void tcf_chain_release_by_act(struct tcf_chain *chain)
271 {
272         --chain->action_refcnt;
273 }
274
275 static bool tcf_chain_is_zombie(struct tcf_chain *chain)
276 {
277         /* In case all the references are action references, this
278          * chain is a zombie and should not be listed in the chain
279          * dump list.
280          */
281         return chain->refcnt == chain->action_refcnt;
282 }
283
284 static struct tcf_chain *tcf_chain_lookup(struct tcf_block *block,
285                                           u32 chain_index)
286 {
287         struct tcf_chain *chain;
288
289         list_for_each_entry(chain, &block->chain_list, list) {
290                 if (chain->index == chain_index)
291                         return chain;
292         }
293         return NULL;
294 }
295
296 static int tc_chain_notify(struct tcf_chain *chain, struct sk_buff *oskb,
297                            u32 seq, u16 flags, int event, bool unicast);
298
299 struct tcf_chain *tcf_chain_get(struct tcf_block *block, u32 chain_index,
300                                 bool create)
301 {
302         struct tcf_chain *chain = tcf_chain_lookup(block, chain_index);
303
304         if (chain) {
305                 tcf_chain_hold(chain);
306                 return chain;
307         }
308
309         if (!create)
310                 return NULL;
311         chain = tcf_chain_create(block, chain_index);
312         if (!chain)
313                 return NULL;
314         tc_chain_notify(chain, NULL, 0, NLM_F_CREATE | NLM_F_EXCL,
315                         RTM_NEWCHAIN, false);
316         return chain;
317 }
318 EXPORT_SYMBOL(tcf_chain_get);
319
320 struct tcf_chain *tcf_chain_get_by_act(struct tcf_block *block, u32 chain_index)
321 {
322         struct tcf_chain *chain = tcf_chain_get(block, chain_index, true);
323
324         tcf_chain_hold_by_act(chain);
325         return chain;
326 }
327 EXPORT_SYMBOL(tcf_chain_get_by_act);
328
329 static void tc_chain_tmplt_del(struct tcf_chain *chain);
330
331 void tcf_chain_put(struct tcf_chain *chain)
332 {
333         if (--chain->refcnt == 0) {
334                 tc_chain_notify(chain, NULL, 0, 0, RTM_DELCHAIN, false);
335                 tc_chain_tmplt_del(chain);
336                 tcf_chain_destroy(chain);
337         }
338 }
339 EXPORT_SYMBOL(tcf_chain_put);
340
341 void tcf_chain_put_by_act(struct tcf_chain *chain)
342 {
343         tcf_chain_release_by_act(chain);
344         tcf_chain_put(chain);
345 }
346 EXPORT_SYMBOL(tcf_chain_put_by_act);
347
348 static void tcf_chain_put_explicitly_created(struct tcf_chain *chain)
349 {
350         if (chain->explicitly_created)
351                 tcf_chain_put(chain);
352 }
353
354 static bool tcf_block_offload_in_use(struct tcf_block *block)
355 {
356         return block->offloadcnt;
357 }
358
359 static int tcf_block_offload_cmd(struct tcf_block *block,
360                                  struct net_device *dev,
361                                  struct tcf_block_ext_info *ei,
362                                  enum tc_block_command command,
363                                  struct netlink_ext_ack *extack)
364 {
365         struct tc_block_offload bo = {};
366
367         bo.command = command;
368         bo.binder_type = ei->binder_type;
369         bo.block = block;
370         bo.extack = extack;
371         return dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_BLOCK, &bo);
372 }
373
374 static int tcf_block_offload_bind(struct tcf_block *block, struct Qdisc *q,
375                                   struct tcf_block_ext_info *ei,
376                                   struct netlink_ext_ack *extack)
377 {
378         struct net_device *dev = q->dev_queue->dev;
379         int err;
380
381         if (!dev->netdev_ops->ndo_setup_tc)
382                 goto no_offload_dev_inc;
383
384         /* If tc offload feature is disabled and the block we try to bind
385          * to already has some offloaded filters, forbid to bind.
386          */
387         if (!tc_can_offload(dev) && tcf_block_offload_in_use(block)) {
388                 NL_SET_ERR_MSG(extack, "Bind to offloaded block failed as dev has offload disabled");
389                 return -EOPNOTSUPP;
390         }
391
392         err = tcf_block_offload_cmd(block, dev, ei, TC_BLOCK_BIND, extack);
393         if (err == -EOPNOTSUPP)
394                 goto no_offload_dev_inc;
395         return err;
396
397 no_offload_dev_inc:
398         if (tcf_block_offload_in_use(block))
399                 return -EOPNOTSUPP;
400         block->nooffloaddevcnt++;
401         return 0;
402 }
403
404 static void tcf_block_offload_unbind(struct tcf_block *block, struct Qdisc *q,
405                                      struct tcf_block_ext_info *ei)
406 {
407         struct net_device *dev = q->dev_queue->dev;
408         int err;
409
410         if (!dev->netdev_ops->ndo_setup_tc)
411                 goto no_offload_dev_dec;
412         err = tcf_block_offload_cmd(block, dev, ei, TC_BLOCK_UNBIND, NULL);
413         if (err == -EOPNOTSUPP)
414                 goto no_offload_dev_dec;
415         return;
416
417 no_offload_dev_dec:
418         WARN_ON(block->nooffloaddevcnt-- == 0);
419 }
420
421 static int
422 tcf_chain0_head_change_cb_add(struct tcf_block *block,
423                               struct tcf_block_ext_info *ei,
424                               struct netlink_ext_ack *extack)
425 {
426         struct tcf_chain *chain0 = block->chain0.chain;
427         struct tcf_filter_chain_list_item *item;
428
429         item = kmalloc(sizeof(*item), GFP_KERNEL);
430         if (!item) {
431                 NL_SET_ERR_MSG(extack, "Memory allocation for head change callback item failed");
432                 return -ENOMEM;
433         }
434         item->chain_head_change = ei->chain_head_change;
435         item->chain_head_change_priv = ei->chain_head_change_priv;
436         if (chain0 && chain0->filter_chain)
437                 tcf_chain_head_change_item(item, chain0->filter_chain);
438         list_add(&item->list, &block->chain0.filter_chain_list);
439         return 0;
440 }
441
442 static void
443 tcf_chain0_head_change_cb_del(struct tcf_block *block,
444                               struct tcf_block_ext_info *ei)
445 {
446         struct tcf_chain *chain0 = block->chain0.chain;
447         struct tcf_filter_chain_list_item *item;
448
449         list_for_each_entry(item, &block->chain0.filter_chain_list, list) {
450                 if ((!ei->chain_head_change && !ei->chain_head_change_priv) ||
451                     (item->chain_head_change == ei->chain_head_change &&
452                      item->chain_head_change_priv == ei->chain_head_change_priv)) {
453                         if (chain0)
454                                 tcf_chain_head_change_item(item, NULL);
455                         list_del(&item->list);
456                         kfree(item);
457                         return;
458                 }
459         }
460         WARN_ON(1);
461 }
462
463 struct tcf_net {
464         struct idr idr;
465 };
466
467 static unsigned int tcf_net_id;
468
469 static int tcf_block_insert(struct tcf_block *block, struct net *net,
470                             struct netlink_ext_ack *extack)
471 {
472         struct tcf_net *tn = net_generic(net, tcf_net_id);
473
474         return idr_alloc_u32(&tn->idr, block, &block->index, block->index,
475                              GFP_KERNEL);
476 }
477
478 static void tcf_block_remove(struct tcf_block *block, struct net *net)
479 {
480         struct tcf_net *tn = net_generic(net, tcf_net_id);
481
482         idr_remove(&tn->idr, block->index);
483 }
484
485 static struct tcf_block *tcf_block_create(struct net *net, struct Qdisc *q,
486                                           u32 block_index,
487                                           struct netlink_ext_ack *extack)
488 {
489         struct tcf_block *block;
490
491         block = kzalloc(sizeof(*block), GFP_KERNEL);
492         if (!block) {
493                 NL_SET_ERR_MSG(extack, "Memory allocation for block failed");
494                 return ERR_PTR(-ENOMEM);
495         }
496         INIT_LIST_HEAD(&block->chain_list);
497         INIT_LIST_HEAD(&block->cb_list);
498         INIT_LIST_HEAD(&block->owner_list);
499         INIT_LIST_HEAD(&block->chain0.filter_chain_list);
500
501         block->refcnt = 1;
502         block->net = net;
503         block->index = block_index;
504
505         /* Don't store q pointer for blocks which are shared */
506         if (!tcf_block_shared(block))
507                 block->q = q;
508         return block;
509 }
510
511 static struct tcf_block *tcf_block_lookup(struct net *net, u32 block_index)
512 {
513         struct tcf_net *tn = net_generic(net, tcf_net_id);
514
515         return idr_find(&tn->idr, block_index);
516 }
517
518 /* Find tcf block.
519  * Set q, parent, cl when appropriate.
520  */
521
522 static struct tcf_block *tcf_block_find(struct net *net, struct Qdisc **q,
523                                         u32 *parent, unsigned long *cl,
524                                         int ifindex, u32 block_index,
525                                         struct netlink_ext_ack *extack)
526 {
527         struct tcf_block *block;
528
529         if (ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
530                 block = tcf_block_lookup(net, block_index);
531                 if (!block) {
532                         NL_SET_ERR_MSG(extack, "Block of given index was not found");
533                         return ERR_PTR(-EINVAL);
534                 }
535         } else {
536                 const struct Qdisc_class_ops *cops;
537                 struct net_device *dev;
538
539                 /* Find link */
540                 dev = __dev_get_by_index(net, ifindex);
541                 if (!dev)
542                         return ERR_PTR(-ENODEV);
543
544                 /* Find qdisc */
545                 if (!*parent) {
546                         *q = dev->qdisc;
547                         *parent = (*q)->handle;
548                 } else {
549                         *q = qdisc_lookup(dev, TC_H_MAJ(*parent));
550                         if (!*q) {
551                                 NL_SET_ERR_MSG(extack, "Parent Qdisc doesn't exists");
552                                 return ERR_PTR(-EINVAL);
553                         }
554                 }
555
556                 /* Is it classful? */
557                 cops = (*q)->ops->cl_ops;
558                 if (!cops) {
559                         NL_SET_ERR_MSG(extack, "Qdisc not classful");
560                         return ERR_PTR(-EINVAL);
561                 }
562
563                 if (!cops->tcf_block) {
564                         NL_SET_ERR_MSG(extack, "Class doesn't support blocks");
565                         return ERR_PTR(-EOPNOTSUPP);
566                 }
567
568                 /* Do we search for filter, attached to class? */
569                 if (TC_H_MIN(*parent)) {
570                         *cl = cops->find(*q, *parent);
571                         if (*cl == 0) {
572                                 NL_SET_ERR_MSG(extack, "Specified class doesn't exist");
573                                 return ERR_PTR(-ENOENT);
574                         }
575                 }
576
577                 /* And the last stroke */
578                 block = cops->tcf_block(*q, *cl, extack);
579                 if (!block)
580                         return ERR_PTR(-EINVAL);
581                 if (tcf_block_shared(block)) {
582                         NL_SET_ERR_MSG(extack, "This filter block is shared. Please use the block index to manipulate the filters");
583                         return ERR_PTR(-EOPNOTSUPP);
584                 }
585         }
586
587         return block;
588 }
589
590 struct tcf_block_owner_item {
591         struct list_head list;
592         struct Qdisc *q;
593         enum tcf_block_binder_type binder_type;
594 };
595
596 static void
597 tcf_block_owner_netif_keep_dst(struct tcf_block *block,
598                                struct Qdisc *q,
599                                enum tcf_block_binder_type binder_type)
600 {
601         if (block->keep_dst &&
602             binder_type != TCF_BLOCK_BINDER_TYPE_CLSACT_INGRESS &&
603             binder_type != TCF_BLOCK_BINDER_TYPE_CLSACT_EGRESS)
604                 netif_keep_dst(qdisc_dev(q));
605 }
606
607 void tcf_block_netif_keep_dst(struct tcf_block *block)
608 {
609         struct tcf_block_owner_item *item;
610
611         block->keep_dst = true;
612         list_for_each_entry(item, &block->owner_list, list)
613                 tcf_block_owner_netif_keep_dst(block, item->q,
614                                                item->binder_type);
615 }
616 EXPORT_SYMBOL(tcf_block_netif_keep_dst);
617
618 static int tcf_block_owner_add(struct tcf_block *block,
619                                struct Qdisc *q,
620                                enum tcf_block_binder_type binder_type)
621 {
622         struct tcf_block_owner_item *item;
623
624         item = kmalloc(sizeof(*item), GFP_KERNEL);
625         if (!item)
626                 return -ENOMEM;
627         item->q = q;
628         item->binder_type = binder_type;
629         list_add(&item->list, &block->owner_list);
630         return 0;
631 }
632
633 static void tcf_block_owner_del(struct tcf_block *block,
634                                 struct Qdisc *q,
635                                 enum tcf_block_binder_type binder_type)
636 {
637         struct tcf_block_owner_item *item;
638
639         list_for_each_entry(item, &block->owner_list, list) {
640                 if (item->q == q && item->binder_type == binder_type) {
641                         list_del(&item->list);
642                         kfree(item);
643                         return;
644                 }
645         }
646         WARN_ON(1);
647 }
648
649 int tcf_block_get_ext(struct tcf_block **p_block, struct Qdisc *q,
650                       struct tcf_block_ext_info *ei,
651                       struct netlink_ext_ack *extack)
652 {
653         struct net *net = qdisc_net(q);
654         struct tcf_block *block = NULL;
655         bool created = false;
656         int err;
657
658         if (ei->block_index) {
659                 /* block_index not 0 means the shared block is requested */
660                 block = tcf_block_lookup(net, ei->block_index);
661                 if (block)
662                         block->refcnt++;
663         }
664
665         if (!block) {
666                 block = tcf_block_create(net, q, ei->block_index, extack);
667                 if (IS_ERR(block))
668                         return PTR_ERR(block);
669                 created = true;
670                 if (tcf_block_shared(block)) {
671                         err = tcf_block_insert(block, net, extack);
672                         if (err)
673                                 goto err_block_insert;
674                 }
675         }
676
677         err = tcf_block_owner_add(block, q, ei->binder_type);
678         if (err)
679                 goto err_block_owner_add;
680
681         tcf_block_owner_netif_keep_dst(block, q, ei->binder_type);
682
683         err = tcf_chain0_head_change_cb_add(block, ei, extack);
684         if (err)
685                 goto err_chain0_head_change_cb_add;
686
687         err = tcf_block_offload_bind(block, q, ei, extack);
688         if (err)
689                 goto err_block_offload_bind;
690
691         *p_block = block;
692         return 0;
693
694 err_block_offload_bind:
695         tcf_chain0_head_change_cb_del(block, ei);
696 err_chain0_head_change_cb_add:
697         tcf_block_owner_del(block, q, ei->binder_type);
698 err_block_owner_add:
699         if (created) {
700                 if (tcf_block_shared(block))
701                         tcf_block_remove(block, net);
702 err_block_insert:
703                 kfree(block);
704         } else {
705                 block->refcnt--;
706         }
707         return err;
708 }
709 EXPORT_SYMBOL(tcf_block_get_ext);
710
711 static void tcf_chain_head_change_dflt(struct tcf_proto *tp_head, void *priv)
712 {
713         struct tcf_proto __rcu **p_filter_chain = priv;
714
715         rcu_assign_pointer(*p_filter_chain, tp_head);
716 }
717
718 int tcf_block_get(struct tcf_block **p_block,
719                   struct tcf_proto __rcu **p_filter_chain, struct Qdisc *q,
720                   struct netlink_ext_ack *extack)
721 {
722         struct tcf_block_ext_info ei = {
723                 .chain_head_change = tcf_chain_head_change_dflt,
724                 .chain_head_change_priv = p_filter_chain,
725         };
726
727         WARN_ON(!p_filter_chain);
728         return tcf_block_get_ext(p_block, q, &ei, extack);
729 }
730 EXPORT_SYMBOL(tcf_block_get);
731
732 /* XXX: Standalone actions are not allowed to jump to any chain, and bound
733  * actions should be all removed after flushing.
734  */
735 void tcf_block_put_ext(struct tcf_block *block, struct Qdisc *q,
736                        struct tcf_block_ext_info *ei)
737 {
738         struct tcf_chain *chain, *tmp;
739
740         if (!block)
741                 return;
742         tcf_chain0_head_change_cb_del(block, ei);
743         tcf_block_owner_del(block, q, ei->binder_type);
744
745         if (block->refcnt == 1) {
746                 if (tcf_block_shared(block))
747                         tcf_block_remove(block, block->net);
748
749                 /* Hold a refcnt for all chains, so that they don't disappear
750                  * while we are iterating.
751                  */
752                 list_for_each_entry(chain, &block->chain_list, list)
753                         tcf_chain_hold(chain);
754
755                 list_for_each_entry(chain, &block->chain_list, list)
756                         tcf_chain_flush(chain);
757         }
758
759         tcf_block_offload_unbind(block, q, ei);
760
761         if (block->refcnt == 1) {
762                 /* At this point, all the chains should have refcnt >= 1. */
763                 list_for_each_entry_safe(chain, tmp, &block->chain_list, list) {
764                         tcf_chain_put_explicitly_created(chain);
765                         tcf_chain_put(chain);
766                 }
767
768                 block->refcnt--;
769                 if (list_empty(&block->chain_list))
770                         kfree(block);
771         }
772 }
773 EXPORT_SYMBOL(tcf_block_put_ext);
774
775 void tcf_block_put(struct tcf_block *block)
776 {
777         struct tcf_block_ext_info ei = {0, };
778
779         if (!block)
780                 return;
781         tcf_block_put_ext(block, block->q, &ei);
782 }
783
784 EXPORT_SYMBOL(tcf_block_put);
785
786 struct tcf_block_cb {
787         struct list_head list;
788         tc_setup_cb_t *cb;
789         void *cb_ident;
790         void *cb_priv;
791         unsigned int refcnt;
792 };
793
794 void *tcf_block_cb_priv(struct tcf_block_cb *block_cb)
795 {
796         return block_cb->cb_priv;
797 }
798 EXPORT_SYMBOL(tcf_block_cb_priv);
799
800 struct tcf_block_cb *tcf_block_cb_lookup(struct tcf_block *block,
801                                          tc_setup_cb_t *cb, void *cb_ident)
802 {       struct tcf_block_cb *block_cb;
803
804         list_for_each_entry(block_cb, &block->cb_list, list)
805                 if (block_cb->cb == cb && block_cb->cb_ident == cb_ident)
806                         return block_cb;
807         return NULL;
808 }
809 EXPORT_SYMBOL(tcf_block_cb_lookup);
810
811 void tcf_block_cb_incref(struct tcf_block_cb *block_cb)
812 {
813         block_cb->refcnt++;
814 }
815 EXPORT_SYMBOL(tcf_block_cb_incref);
816
817 unsigned int tcf_block_cb_decref(struct tcf_block_cb *block_cb)
818 {
819         return --block_cb->refcnt;
820 }
821 EXPORT_SYMBOL(tcf_block_cb_decref);
822
823 static int
824 tcf_block_playback_offloads(struct tcf_block *block, tc_setup_cb_t *cb,
825                             void *cb_priv, bool add, bool offload_in_use,
826                             struct netlink_ext_ack *extack)
827 {
828         struct tcf_chain *chain;
829         struct tcf_proto *tp;
830         int err;
831
832         list_for_each_entry(chain, &block->chain_list, list) {
833                 for (tp = rtnl_dereference(chain->filter_chain); tp;
834                      tp = rtnl_dereference(tp->next)) {
835                         if (tp->ops->reoffload) {
836                                 err = tp->ops->reoffload(tp, add, cb, cb_priv,
837                                                          extack);
838                                 if (err && add)
839                                         goto err_playback_remove;
840                         } else if (add && offload_in_use) {
841                                 err = -EOPNOTSUPP;
842                                 NL_SET_ERR_MSG(extack, "Filter HW offload failed - classifier without re-offloading support");
843                                 goto err_playback_remove;
844                         }
845                 }
846         }
847
848         return 0;
849
850 err_playback_remove:
851         tcf_block_playback_offloads(block, cb, cb_priv, false, offload_in_use,
852                                     extack);
853         return err;
854 }
855
856 struct tcf_block_cb *__tcf_block_cb_register(struct tcf_block *block,
857                                              tc_setup_cb_t *cb, void *cb_ident,
858                                              void *cb_priv,
859                                              struct netlink_ext_ack *extack)
860 {
861         struct tcf_block_cb *block_cb;
862         int err;
863
864         /* Replay any already present rules */
865         err = tcf_block_playback_offloads(block, cb, cb_priv, true,
866                                           tcf_block_offload_in_use(block),
867                                           extack);
868         if (err)
869                 return ERR_PTR(err);
870
871         block_cb = kzalloc(sizeof(*block_cb), GFP_KERNEL);
872         if (!block_cb)
873                 return ERR_PTR(-ENOMEM);
874         block_cb->cb = cb;
875         block_cb->cb_ident = cb_ident;
876         block_cb->cb_priv = cb_priv;
877         list_add(&block_cb->list, &block->cb_list);
878         return block_cb;
879 }
880 EXPORT_SYMBOL(__tcf_block_cb_register);
881
882 int tcf_block_cb_register(struct tcf_block *block,
883                           tc_setup_cb_t *cb, void *cb_ident,
884                           void *cb_priv, struct netlink_ext_ack *extack)
885 {
886         struct tcf_block_cb *block_cb;
887
888         block_cb = __tcf_block_cb_register(block, cb, cb_ident, cb_priv,
889                                            extack);
890         return PTR_ERR_OR_ZERO(block_cb);
891 }
892 EXPORT_SYMBOL(tcf_block_cb_register);
893
894 void __tcf_block_cb_unregister(struct tcf_block *block,
895                                struct tcf_block_cb *block_cb)
896 {
897         tcf_block_playback_offloads(block, block_cb->cb, block_cb->cb_priv,
898                                     false, tcf_block_offload_in_use(block),
899                                     NULL);
900         list_del(&block_cb->list);
901         kfree(block_cb);
902 }
903 EXPORT_SYMBOL(__tcf_block_cb_unregister);
904
905 void tcf_block_cb_unregister(struct tcf_block *block,
906                              tc_setup_cb_t *cb, void *cb_ident)
907 {
908         struct tcf_block_cb *block_cb;
909
910         block_cb = tcf_block_cb_lookup(block, cb, cb_ident);
911         if (!block_cb)
912                 return;
913         __tcf_block_cb_unregister(block, block_cb);
914 }
915 EXPORT_SYMBOL(tcf_block_cb_unregister);
916
917 static int tcf_block_cb_call(struct tcf_block *block, enum tc_setup_type type,
918                              void *type_data, bool err_stop)
919 {
920         struct tcf_block_cb *block_cb;
921         int ok_count = 0;
922         int err;
923
924         /* Make sure all netdevs sharing this block are offload-capable. */
925         if (block->nooffloaddevcnt && err_stop)
926                 return -EOPNOTSUPP;
927
928         list_for_each_entry(block_cb, &block->cb_list, list) {
929                 err = block_cb->cb(type, type_data, block_cb->cb_priv);
930                 if (err) {
931                         if (err_stop)
932                                 return err;
933                 } else {
934                         ok_count++;
935                 }
936         }
937         return ok_count;
938 }
939
940 /* Main classifier routine: scans classifier chain attached
941  * to this qdisc, (optionally) tests for protocol and asks
942  * specific classifiers.
943  */
944 int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp,
945                  struct tcf_result *res, bool compat_mode)
946 {
947         __be16 protocol = tc_skb_protocol(skb);
948 #ifdef CONFIG_NET_CLS_ACT
949         const int max_reclassify_loop = 4;
950         const struct tcf_proto *orig_tp = tp;
951         const struct tcf_proto *first_tp;
952         int limit = 0;
953
954 reclassify:
955 #endif
956         for (; tp; tp = rcu_dereference_bh(tp->next)) {
957                 int err;
958
959                 if (tp->protocol != protocol &&
960                     tp->protocol != htons(ETH_P_ALL))
961                         continue;
962
963                 err = tp->classify(skb, tp, res);
964 #ifdef CONFIG_NET_CLS_ACT
965                 if (unlikely(err == TC_ACT_RECLASSIFY && !compat_mode)) {
966                         first_tp = orig_tp;
967                         goto reset;
968                 } else if (unlikely(TC_ACT_EXT_CMP(err, TC_ACT_GOTO_CHAIN))) {
969                         first_tp = res->goto_tp;
970                         goto reset;
971                 }
972 #endif
973                 if (err >= 0)
974                         return err;
975         }
976
977         return TC_ACT_UNSPEC; /* signal: continue lookup */
978 #ifdef CONFIG_NET_CLS_ACT
979 reset:
980         if (unlikely(limit++ >= max_reclassify_loop)) {
981                 net_notice_ratelimited("%u: reclassify loop, rule prio %u, protocol %02x\n",
982                                        tp->chain->block->index,
983                                        tp->prio & 0xffff,
984                                        ntohs(tp->protocol));
985                 return TC_ACT_SHOT;
986         }
987
988         tp = first_tp;
989         protocol = tc_skb_protocol(skb);
990         goto reclassify;
991 #endif
992 }
993 EXPORT_SYMBOL(tcf_classify);
994
995 struct tcf_chain_info {
996         struct tcf_proto __rcu **pprev;
997         struct tcf_proto __rcu *next;
998 };
999
1000 static struct tcf_proto *tcf_chain_tp_prev(struct tcf_chain_info *chain_info)
1001 {
1002         return rtnl_dereference(*chain_info->pprev);
1003 }
1004
1005 static void tcf_chain_tp_insert(struct tcf_chain *chain,
1006                                 struct tcf_chain_info *chain_info,
1007                                 struct tcf_proto *tp)
1008 {
1009         if (*chain_info->pprev == chain->filter_chain)
1010                 tcf_chain0_head_change(chain, tp);
1011         RCU_INIT_POINTER(tp->next, tcf_chain_tp_prev(chain_info));
1012         rcu_assign_pointer(*chain_info->pprev, tp);
1013         tcf_chain_hold(chain);
1014 }
1015
1016 static void tcf_chain_tp_remove(struct tcf_chain *chain,
1017                                 struct tcf_chain_info *chain_info,
1018                                 struct tcf_proto *tp)
1019 {
1020         struct tcf_proto *next = rtnl_dereference(chain_info->next);
1021
1022         if (tp == chain->filter_chain)
1023                 tcf_chain0_head_change(chain, next);
1024         RCU_INIT_POINTER(*chain_info->pprev, next);
1025         tcf_chain_put(chain);
1026 }
1027
1028 static struct tcf_proto *tcf_chain_tp_find(struct tcf_chain *chain,
1029                                            struct tcf_chain_info *chain_info,
1030                                            u32 protocol, u32 prio,
1031                                            bool prio_allocate)
1032 {
1033         struct tcf_proto **pprev;
1034         struct tcf_proto *tp;
1035
1036         /* Check the chain for existence of proto-tcf with this priority */
1037         for (pprev = &chain->filter_chain;
1038              (tp = rtnl_dereference(*pprev)); pprev = &tp->next) {
1039                 if (tp->prio >= prio) {
1040                         if (tp->prio == prio) {
1041                                 if (prio_allocate ||
1042                                     (tp->protocol != protocol && protocol))
1043                                         return ERR_PTR(-EINVAL);
1044                         } else {
1045                                 tp = NULL;
1046                         }
1047                         break;
1048                 }
1049         }
1050         chain_info->pprev = pprev;
1051         chain_info->next = tp ? tp->next : NULL;
1052         return tp;
1053 }
1054
1055 static int tcf_fill_node(struct net *net, struct sk_buff *skb,
1056                          struct tcf_proto *tp, struct tcf_block *block,
1057                          struct Qdisc *q, u32 parent, void *fh,
1058                          u32 portid, u32 seq, u16 flags, int event)
1059 {
1060         struct tcmsg *tcm;
1061         struct nlmsghdr  *nlh;
1062         unsigned char *b = skb_tail_pointer(skb);
1063
1064         nlh = nlmsg_put(skb, portid, seq, event, sizeof(*tcm), flags);
1065         if (!nlh)
1066                 goto out_nlmsg_trim;
1067         tcm = nlmsg_data(nlh);
1068         tcm->tcm_family = AF_UNSPEC;
1069         tcm->tcm__pad1 = 0;
1070         tcm->tcm__pad2 = 0;
1071         if (q) {
1072                 tcm->tcm_ifindex = qdisc_dev(q)->ifindex;
1073                 tcm->tcm_parent = parent;
1074         } else {
1075                 tcm->tcm_ifindex = TCM_IFINDEX_MAGIC_BLOCK;
1076                 tcm->tcm_block_index = block->index;
1077         }
1078         tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol);
1079         if (nla_put_string(skb, TCA_KIND, tp->ops->kind))
1080                 goto nla_put_failure;
1081         if (nla_put_u32(skb, TCA_CHAIN, tp->chain->index))
1082                 goto nla_put_failure;
1083         if (!fh) {
1084                 tcm->tcm_handle = 0;
1085         } else {
1086                 if (tp->ops->dump && tp->ops->dump(net, tp, fh, skb, tcm) < 0)
1087                         goto nla_put_failure;
1088         }
1089         nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1090         return skb->len;
1091
1092 out_nlmsg_trim:
1093 nla_put_failure:
1094         nlmsg_trim(skb, b);
1095         return -1;
1096 }
1097
1098 static int tfilter_notify(struct net *net, struct sk_buff *oskb,
1099                           struct nlmsghdr *n, struct tcf_proto *tp,
1100                           struct tcf_block *block, struct Qdisc *q,
1101                           u32 parent, void *fh, int event, bool unicast)
1102 {
1103         struct sk_buff *skb;
1104         u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1105
1106         skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1107         if (!skb)
1108                 return -ENOBUFS;
1109
1110         if (tcf_fill_node(net, skb, tp, block, q, parent, fh, portid,
1111                           n->nlmsg_seq, n->nlmsg_flags, event) <= 0) {
1112                 kfree_skb(skb);
1113                 return -EINVAL;
1114         }
1115
1116         if (unicast)
1117                 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1118
1119         return rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1120                               n->nlmsg_flags & NLM_F_ECHO);
1121 }
1122
1123 static int tfilter_del_notify(struct net *net, struct sk_buff *oskb,
1124                               struct nlmsghdr *n, struct tcf_proto *tp,
1125                               struct tcf_block *block, struct Qdisc *q,
1126                               u32 parent, void *fh, bool unicast, bool *last,
1127                               struct netlink_ext_ack *extack)
1128 {
1129         struct sk_buff *skb;
1130         u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1131         int err;
1132
1133         skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1134         if (!skb)
1135                 return -ENOBUFS;
1136
1137         if (tcf_fill_node(net, skb, tp, block, q, parent, fh, portid,
1138                           n->nlmsg_seq, n->nlmsg_flags, RTM_DELTFILTER) <= 0) {
1139                 NL_SET_ERR_MSG(extack, "Failed to build del event notification");
1140                 kfree_skb(skb);
1141                 return -EINVAL;
1142         }
1143
1144         err = tp->ops->delete(tp, fh, last, extack);
1145         if (err) {
1146                 kfree_skb(skb);
1147                 return err;
1148         }
1149
1150         if (unicast)
1151                 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1152
1153         err = rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1154                              n->nlmsg_flags & NLM_F_ECHO);
1155         if (err < 0)
1156                 NL_SET_ERR_MSG(extack, "Failed to send filter delete notification");
1157         return err;
1158 }
1159
1160 static void tfilter_notify_chain(struct net *net, struct sk_buff *oskb,
1161                                  struct tcf_block *block, struct Qdisc *q,
1162                                  u32 parent, struct nlmsghdr *n,
1163                                  struct tcf_chain *chain, int event)
1164 {
1165         struct tcf_proto *tp;
1166
1167         for (tp = rtnl_dereference(chain->filter_chain);
1168              tp; tp = rtnl_dereference(tp->next))
1169                 tfilter_notify(net, oskb, n, tp, block,
1170                                q, parent, NULL, event, false);
1171 }
1172
1173 static int tc_new_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1174                           struct netlink_ext_ack *extack)
1175 {
1176         struct net *net = sock_net(skb->sk);
1177         struct nlattr *tca[TCA_MAX + 1];
1178         struct tcmsg *t;
1179         u32 protocol;
1180         u32 prio;
1181         bool prio_allocate;
1182         u32 parent;
1183         u32 chain_index;
1184         struct Qdisc *q = NULL;
1185         struct tcf_chain_info chain_info;
1186         struct tcf_chain *chain = NULL;
1187         struct tcf_block *block;
1188         struct tcf_proto *tp;
1189         unsigned long cl;
1190         void *fh;
1191         int err;
1192         int tp_created;
1193
1194         if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1195                 return -EPERM;
1196
1197 replay:
1198         tp_created = 0;
1199
1200         err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL, extack);
1201         if (err < 0)
1202                 return err;
1203
1204         t = nlmsg_data(n);
1205         protocol = TC_H_MIN(t->tcm_info);
1206         prio = TC_H_MAJ(t->tcm_info);
1207         prio_allocate = false;
1208         parent = t->tcm_parent;
1209         cl = 0;
1210
1211         if (prio == 0) {
1212                 /* If no priority is provided by the user,
1213                  * we allocate one.
1214                  */
1215                 if (n->nlmsg_flags & NLM_F_CREATE) {
1216                         prio = TC_H_MAKE(0x80000000U, 0U);
1217                         prio_allocate = true;
1218                 } else {
1219                         NL_SET_ERR_MSG(extack, "Invalid filter command with priority of zero");
1220                         return -ENOENT;
1221                 }
1222         }
1223
1224         /* Find head of filter chain. */
1225
1226         block = tcf_block_find(net, &q, &parent, &cl,
1227                                t->tcm_ifindex, t->tcm_block_index, extack);
1228         if (IS_ERR(block)) {
1229                 err = PTR_ERR(block);
1230                 goto errout;
1231         }
1232
1233         chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1234         if (chain_index > TC_ACT_EXT_VAL_MASK) {
1235                 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1236                 err = -EINVAL;
1237                 goto errout;
1238         }
1239         chain = tcf_chain_get(block, chain_index, true);
1240         if (!chain) {
1241                 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1242                 err = -ENOMEM;
1243                 goto errout;
1244         }
1245
1246         tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1247                                prio, prio_allocate);
1248         if (IS_ERR(tp)) {
1249                 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1250                 err = PTR_ERR(tp);
1251                 goto errout;
1252         }
1253
1254         if (tp == NULL) {
1255                 /* Proto-tcf does not exist, create new one */
1256
1257                 if (tca[TCA_KIND] == NULL || !protocol) {
1258                         NL_SET_ERR_MSG(extack, "Filter kind and protocol must be specified");
1259                         err = -EINVAL;
1260                         goto errout;
1261                 }
1262
1263                 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1264                         NL_SET_ERR_MSG(extack, "Need both RTM_NEWTFILTER and NLM_F_CREATE to create a new filter");
1265                         err = -ENOENT;
1266                         goto errout;
1267                 }
1268
1269                 if (prio_allocate)
1270                         prio = tcf_auto_prio(tcf_chain_tp_prev(&chain_info));
1271
1272                 tp = tcf_proto_create(nla_data(tca[TCA_KIND]),
1273                                       protocol, prio, chain, extack);
1274                 if (IS_ERR(tp)) {
1275                         err = PTR_ERR(tp);
1276                         goto errout;
1277                 }
1278                 tp_created = 1;
1279         } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1280                 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1281                 err = -EINVAL;
1282                 goto errout;
1283         }
1284
1285         fh = tp->ops->get(tp, t->tcm_handle);
1286
1287         if (!fh) {
1288                 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1289                         NL_SET_ERR_MSG(extack, "Need both RTM_NEWTFILTER and NLM_F_CREATE to create a new filter");
1290                         err = -ENOENT;
1291                         goto errout;
1292                 }
1293         } else if (n->nlmsg_flags & NLM_F_EXCL) {
1294                 NL_SET_ERR_MSG(extack, "Filter already exists");
1295                 err = -EEXIST;
1296                 goto errout;
1297         }
1298
1299         if (chain->tmplt_ops && chain->tmplt_ops != tp->ops) {
1300                 NL_SET_ERR_MSG(extack, "Chain template is set to a different filter kind");
1301                 err = -EINVAL;
1302                 goto errout;
1303         }
1304
1305         err = tp->ops->change(net, skb, tp, cl, t->tcm_handle, tca, &fh,
1306                               n->nlmsg_flags & NLM_F_CREATE ? TCA_ACT_NOREPLACE : TCA_ACT_REPLACE,
1307                               extack);
1308         if (err == 0) {
1309                 if (tp_created)
1310                         tcf_chain_tp_insert(chain, &chain_info, tp);
1311                 tfilter_notify(net, skb, n, tp, block, q, parent, fh,
1312                                RTM_NEWTFILTER, false);
1313         } else {
1314                 if (tp_created)
1315                         tcf_proto_destroy(tp, NULL);
1316         }
1317
1318 errout:
1319         if (chain)
1320                 tcf_chain_put(chain);
1321         if (err == -EAGAIN)
1322                 /* Replay the request. */
1323                 goto replay;
1324         return err;
1325 }
1326
1327 static int tc_del_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1328                           struct netlink_ext_ack *extack)
1329 {
1330         struct net *net = sock_net(skb->sk);
1331         struct nlattr *tca[TCA_MAX + 1];
1332         struct tcmsg *t;
1333         u32 protocol;
1334         u32 prio;
1335         u32 parent;
1336         u32 chain_index;
1337         struct Qdisc *q = NULL;
1338         struct tcf_chain_info chain_info;
1339         struct tcf_chain *chain = NULL;
1340         struct tcf_block *block;
1341         struct tcf_proto *tp = NULL;
1342         unsigned long cl = 0;
1343         void *fh = NULL;
1344         int err;
1345
1346         if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1347                 return -EPERM;
1348
1349         err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL, extack);
1350         if (err < 0)
1351                 return err;
1352
1353         t = nlmsg_data(n);
1354         protocol = TC_H_MIN(t->tcm_info);
1355         prio = TC_H_MAJ(t->tcm_info);
1356         parent = t->tcm_parent;
1357
1358         if (prio == 0 && (protocol || t->tcm_handle || tca[TCA_KIND])) {
1359                 NL_SET_ERR_MSG(extack, "Cannot flush filters with protocol, handle or kind set");
1360                 return -ENOENT;
1361         }
1362
1363         /* Find head of filter chain. */
1364
1365         block = tcf_block_find(net, &q, &parent, &cl,
1366                                t->tcm_ifindex, t->tcm_block_index, extack);
1367         if (IS_ERR(block)) {
1368                 err = PTR_ERR(block);
1369                 goto errout;
1370         }
1371
1372         chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1373         if (chain_index > TC_ACT_EXT_VAL_MASK) {
1374                 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1375                 err = -EINVAL;
1376                 goto errout;
1377         }
1378         chain = tcf_chain_get(block, chain_index, false);
1379         if (!chain) {
1380                 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1381                 err = -EINVAL;
1382                 goto errout;
1383         }
1384
1385         if (prio == 0) {
1386                 tfilter_notify_chain(net, skb, block, q, parent, n,
1387                                      chain, RTM_DELTFILTER);
1388                 tcf_chain_flush(chain);
1389                 err = 0;
1390                 goto errout;
1391         }
1392
1393         tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1394                                prio, false);
1395         if (!tp || IS_ERR(tp)) {
1396                 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1397                 err = tp ? PTR_ERR(tp) : -ENOENT;
1398                 goto errout;
1399         } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1400                 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1401                 err = -EINVAL;
1402                 goto errout;
1403         }
1404
1405         fh = tp->ops->get(tp, t->tcm_handle);
1406
1407         if (!fh) {
1408                 if (t->tcm_handle == 0) {
1409                         tcf_chain_tp_remove(chain, &chain_info, tp);
1410                         tfilter_notify(net, skb, n, tp, block, q, parent, fh,
1411                                        RTM_DELTFILTER, false);
1412                         tcf_proto_destroy(tp, extack);
1413                         err = 0;
1414                 } else {
1415                         NL_SET_ERR_MSG(extack, "Specified filter handle not found");
1416                         err = -ENOENT;
1417                 }
1418         } else {
1419                 bool last;
1420
1421                 err = tfilter_del_notify(net, skb, n, tp, block,
1422                                          q, parent, fh, false, &last,
1423                                          extack);
1424                 if (err)
1425                         goto errout;
1426                 if (last) {
1427                         tcf_chain_tp_remove(chain, &chain_info, tp);
1428                         tcf_proto_destroy(tp, extack);
1429                 }
1430         }
1431
1432 errout:
1433         if (chain)
1434                 tcf_chain_put(chain);
1435         return err;
1436 }
1437
1438 static int tc_get_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1439                           struct netlink_ext_ack *extack)
1440 {
1441         struct net *net = sock_net(skb->sk);
1442         struct nlattr *tca[TCA_MAX + 1];
1443         struct tcmsg *t;
1444         u32 protocol;
1445         u32 prio;
1446         u32 parent;
1447         u32 chain_index;
1448         struct Qdisc *q = NULL;
1449         struct tcf_chain_info chain_info;
1450         struct tcf_chain *chain = NULL;
1451         struct tcf_block *block;
1452         struct tcf_proto *tp = NULL;
1453         unsigned long cl = 0;
1454         void *fh = NULL;
1455         int err;
1456
1457         err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL, extack);
1458         if (err < 0)
1459                 return err;
1460
1461         t = nlmsg_data(n);
1462         protocol = TC_H_MIN(t->tcm_info);
1463         prio = TC_H_MAJ(t->tcm_info);
1464         parent = t->tcm_parent;
1465
1466         if (prio == 0) {
1467                 NL_SET_ERR_MSG(extack, "Invalid filter command with priority of zero");
1468                 return -ENOENT;
1469         }
1470
1471         /* Find head of filter chain. */
1472
1473         block = tcf_block_find(net, &q, &parent, &cl,
1474                                t->tcm_ifindex, t->tcm_block_index, extack);
1475         if (IS_ERR(block)) {
1476                 err = PTR_ERR(block);
1477                 goto errout;
1478         }
1479
1480         chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1481         if (chain_index > TC_ACT_EXT_VAL_MASK) {
1482                 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1483                 err = -EINVAL;
1484                 goto errout;
1485         }
1486         chain = tcf_chain_get(block, chain_index, false);
1487         if (!chain) {
1488                 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1489                 err = -EINVAL;
1490                 goto errout;
1491         }
1492
1493         tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1494                                prio, false);
1495         if (!tp || IS_ERR(tp)) {
1496                 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1497                 err = tp ? PTR_ERR(tp) : -ENOENT;
1498                 goto errout;
1499         } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1500                 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1501                 err = -EINVAL;
1502                 goto errout;
1503         }
1504
1505         fh = tp->ops->get(tp, t->tcm_handle);
1506
1507         if (!fh) {
1508                 NL_SET_ERR_MSG(extack, "Specified filter handle not found");
1509                 err = -ENOENT;
1510         } else {
1511                 err = tfilter_notify(net, skb, n, tp, block, q, parent,
1512                                      fh, RTM_NEWTFILTER, true);
1513                 if (err < 0)
1514                         NL_SET_ERR_MSG(extack, "Failed to send filter notify message");
1515         }
1516
1517 errout:
1518         if (chain)
1519                 tcf_chain_put(chain);
1520         return err;
1521 }
1522
1523 struct tcf_dump_args {
1524         struct tcf_walker w;
1525         struct sk_buff *skb;
1526         struct netlink_callback *cb;
1527         struct tcf_block *block;
1528         struct Qdisc *q;
1529         u32 parent;
1530 };
1531
1532 static int tcf_node_dump(struct tcf_proto *tp, void *n, struct tcf_walker *arg)
1533 {
1534         struct tcf_dump_args *a = (void *)arg;
1535         struct net *net = sock_net(a->skb->sk);
1536
1537         return tcf_fill_node(net, a->skb, tp, a->block, a->q, a->parent,
1538                              n, NETLINK_CB(a->cb->skb).portid,
1539                              a->cb->nlh->nlmsg_seq, NLM_F_MULTI,
1540                              RTM_NEWTFILTER);
1541 }
1542
1543 static bool tcf_chain_dump(struct tcf_chain *chain, struct Qdisc *q, u32 parent,
1544                            struct sk_buff *skb, struct netlink_callback *cb,
1545                            long index_start, long *p_index)
1546 {
1547         struct net *net = sock_net(skb->sk);
1548         struct tcf_block *block = chain->block;
1549         struct tcmsg *tcm = nlmsg_data(cb->nlh);
1550         struct tcf_dump_args arg;
1551         struct tcf_proto *tp;
1552
1553         for (tp = rtnl_dereference(chain->filter_chain);
1554              tp; tp = rtnl_dereference(tp->next), (*p_index)++) {
1555                 if (*p_index < index_start)
1556                         continue;
1557                 if (TC_H_MAJ(tcm->tcm_info) &&
1558                     TC_H_MAJ(tcm->tcm_info) != tp->prio)
1559                         continue;
1560                 if (TC_H_MIN(tcm->tcm_info) &&
1561                     TC_H_MIN(tcm->tcm_info) != tp->protocol)
1562                         continue;
1563                 if (*p_index > index_start)
1564                         memset(&cb->args[1], 0,
1565                                sizeof(cb->args) - sizeof(cb->args[0]));
1566                 if (cb->args[1] == 0) {
1567                         if (tcf_fill_node(net, skb, tp, block, q, parent, NULL,
1568                                           NETLINK_CB(cb->skb).portid,
1569                                           cb->nlh->nlmsg_seq, NLM_F_MULTI,
1570                                           RTM_NEWTFILTER) <= 0)
1571                                 return false;
1572
1573                         cb->args[1] = 1;
1574                 }
1575                 if (!tp->ops->walk)
1576                         continue;
1577                 arg.w.fn = tcf_node_dump;
1578                 arg.skb = skb;
1579                 arg.cb = cb;
1580                 arg.block = block;
1581                 arg.q = q;
1582                 arg.parent = parent;
1583                 arg.w.stop = 0;
1584                 arg.w.skip = cb->args[1] - 1;
1585                 arg.w.count = 0;
1586                 arg.w.cookie = cb->args[2];
1587                 tp->ops->walk(tp, &arg.w);
1588                 cb->args[2] = arg.w.cookie;
1589                 cb->args[1] = arg.w.count + 1;
1590                 if (arg.w.stop)
1591                         return false;
1592         }
1593         return true;
1594 }
1595
1596 /* called with RTNL */
1597 static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
1598 {
1599         struct net *net = sock_net(skb->sk);
1600         struct nlattr *tca[TCA_MAX + 1];
1601         struct Qdisc *q = NULL;
1602         struct tcf_block *block;
1603         struct tcf_chain *chain;
1604         struct tcmsg *tcm = nlmsg_data(cb->nlh);
1605         long index_start;
1606         long index;
1607         u32 parent;
1608         int err;
1609
1610         if (nlmsg_len(cb->nlh) < sizeof(*tcm))
1611                 return skb->len;
1612
1613         err = nlmsg_parse(cb->nlh, sizeof(*tcm), tca, TCA_MAX, NULL, NULL);
1614         if (err)
1615                 return err;
1616
1617         if (tcm->tcm_ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
1618                 block = tcf_block_lookup(net, tcm->tcm_block_index);
1619                 if (!block)
1620                         goto out;
1621                 /* If we work with block index, q is NULL and parent value
1622                  * will never be used in the following code. The check
1623                  * in tcf_fill_node prevents it. However, compiler does not
1624                  * see that far, so set parent to zero to silence the warning
1625                  * about parent being uninitialized.
1626                  */
1627                 parent = 0;
1628         } else {
1629                 const struct Qdisc_class_ops *cops;
1630                 struct net_device *dev;
1631                 unsigned long cl = 0;
1632
1633                 dev = __dev_get_by_index(net, tcm->tcm_ifindex);
1634                 if (!dev)
1635                         return skb->len;
1636
1637                 parent = tcm->tcm_parent;
1638                 if (!parent) {
1639                         q = dev->qdisc;
1640                         parent = q->handle;
1641                 } else {
1642                         q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
1643                 }
1644                 if (!q)
1645                         goto out;
1646                 cops = q->ops->cl_ops;
1647                 if (!cops)
1648                         goto out;
1649                 if (!cops->tcf_block)
1650                         goto out;
1651                 if (TC_H_MIN(tcm->tcm_parent)) {
1652                         cl = cops->find(q, tcm->tcm_parent);
1653                         if (cl == 0)
1654                                 goto out;
1655                 }
1656                 block = cops->tcf_block(q, cl, NULL);
1657                 if (!block)
1658                         goto out;
1659                 if (tcf_block_shared(block))
1660                         q = NULL;
1661         }
1662
1663         index_start = cb->args[0];
1664         index = 0;
1665
1666         list_for_each_entry(chain, &block->chain_list, list) {
1667                 if (tca[TCA_CHAIN] &&
1668                     nla_get_u32(tca[TCA_CHAIN]) != chain->index)
1669                         continue;
1670                 if (!tcf_chain_dump(chain, q, parent, skb, cb,
1671                                     index_start, &index)) {
1672                         err = -EMSGSIZE;
1673                         break;
1674                 }
1675         }
1676
1677         cb->args[0] = index;
1678
1679 out:
1680         /* If we did no progress, the error (EMSGSIZE) is real */
1681         if (skb->len == 0 && err)
1682                 return err;
1683         return skb->len;
1684 }
1685
1686 static int tc_chain_fill_node(struct tcf_chain *chain, struct net *net,
1687                               struct sk_buff *skb, struct tcf_block *block,
1688                               u32 portid, u32 seq, u16 flags, int event)
1689 {
1690         unsigned char *b = skb_tail_pointer(skb);
1691         const struct tcf_proto_ops *ops;
1692         struct nlmsghdr *nlh;
1693         struct tcmsg *tcm;
1694         void *priv;
1695
1696         ops = chain->tmplt_ops;
1697         priv = chain->tmplt_priv;
1698
1699         nlh = nlmsg_put(skb, portid, seq, event, sizeof(*tcm), flags);
1700         if (!nlh)
1701                 goto out_nlmsg_trim;
1702         tcm = nlmsg_data(nlh);
1703         tcm->tcm_family = AF_UNSPEC;
1704         tcm->tcm__pad1 = 0;
1705         tcm->tcm__pad2 = 0;
1706         tcm->tcm_handle = 0;
1707         if (block->q) {
1708                 tcm->tcm_ifindex = qdisc_dev(block->q)->ifindex;
1709                 tcm->tcm_parent = block->q->handle;
1710         } else {
1711                 tcm->tcm_ifindex = TCM_IFINDEX_MAGIC_BLOCK;
1712                 tcm->tcm_block_index = block->index;
1713         }
1714
1715         if (nla_put_u32(skb, TCA_CHAIN, chain->index))
1716                 goto nla_put_failure;
1717
1718         if (ops) {
1719                 if (nla_put_string(skb, TCA_KIND, ops->kind))
1720                         goto nla_put_failure;
1721                 if (ops->tmplt_dump(skb, net, priv) < 0)
1722                         goto nla_put_failure;
1723         }
1724
1725         nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1726         return skb->len;
1727
1728 out_nlmsg_trim:
1729 nla_put_failure:
1730         nlmsg_trim(skb, b);
1731         return -EMSGSIZE;
1732 }
1733
1734 static int tc_chain_notify(struct tcf_chain *chain, struct sk_buff *oskb,
1735                            u32 seq, u16 flags, int event, bool unicast)
1736 {
1737         u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1738         struct tcf_block *block = chain->block;
1739         struct net *net = block->net;
1740         struct sk_buff *skb;
1741
1742         skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1743         if (!skb)
1744                 return -ENOBUFS;
1745
1746         if (tc_chain_fill_node(chain, net, skb, block, portid,
1747                                seq, flags, event) <= 0) {
1748                 kfree_skb(skb);
1749                 return -EINVAL;
1750         }
1751
1752         if (unicast)
1753                 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1754
1755         return rtnetlink_send(skb, net, portid, RTNLGRP_TC, flags & NLM_F_ECHO);
1756 }
1757
1758 static int tc_chain_tmplt_add(struct tcf_chain *chain, struct net *net,
1759                               struct nlattr **tca,
1760                               struct netlink_ext_ack *extack)
1761 {
1762         const struct tcf_proto_ops *ops;
1763         void *tmplt_priv;
1764
1765         /* If kind is not set, user did not specify template. */
1766         if (!tca[TCA_KIND])
1767                 return 0;
1768
1769         ops = tcf_proto_lookup_ops(nla_data(tca[TCA_KIND]), extack);
1770         if (IS_ERR(ops))
1771                 return PTR_ERR(ops);
1772         if (!ops->tmplt_create || !ops->tmplt_destroy || !ops->tmplt_dump) {
1773                 NL_SET_ERR_MSG(extack, "Chain templates are not supported with specified classifier");
1774                 return -EOPNOTSUPP;
1775         }
1776
1777         tmplt_priv = ops->tmplt_create(net, chain, tca, extack);
1778         if (IS_ERR(tmplt_priv)) {
1779                 module_put(ops->owner);
1780                 return PTR_ERR(tmplt_priv);
1781         }
1782         chain->tmplt_ops = ops;
1783         chain->tmplt_priv = tmplt_priv;
1784         return 0;
1785 }
1786
1787 static void tc_chain_tmplt_del(struct tcf_chain *chain)
1788 {
1789         const struct tcf_proto_ops *ops = chain->tmplt_ops;
1790
1791         /* If template ops are set, no work to do for us. */
1792         if (!ops)
1793                 return;
1794
1795         ops->tmplt_destroy(chain->tmplt_priv);
1796         module_put(ops->owner);
1797 }
1798
1799 /* Add/delete/get a chain */
1800
1801 static int tc_ctl_chain(struct sk_buff *skb, struct nlmsghdr *n,
1802                         struct netlink_ext_ack *extack)
1803 {
1804         struct net *net = sock_net(skb->sk);
1805         struct nlattr *tca[TCA_MAX + 1];
1806         struct tcmsg *t;
1807         u32 parent;
1808         u32 chain_index;
1809         struct Qdisc *q = NULL;
1810         struct tcf_chain *chain = NULL;
1811         struct tcf_block *block;
1812         unsigned long cl;
1813         int err;
1814
1815         if (n->nlmsg_type != RTM_GETCHAIN &&
1816             !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1817                 return -EPERM;
1818
1819 replay:
1820         err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL, extack);
1821         if (err < 0)
1822                 return err;
1823
1824         t = nlmsg_data(n);
1825         parent = t->tcm_parent;
1826         cl = 0;
1827
1828         block = tcf_block_find(net, &q, &parent, &cl,
1829                                t->tcm_ifindex, t->tcm_block_index, extack);
1830         if (IS_ERR(block))
1831                 return PTR_ERR(block);
1832
1833         chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1834         if (chain_index > TC_ACT_EXT_VAL_MASK) {
1835                 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1836                 return -EINVAL;
1837         }
1838         chain = tcf_chain_lookup(block, chain_index);
1839         if (n->nlmsg_type == RTM_NEWCHAIN) {
1840                 if (chain) {
1841                         if (tcf_chain_is_zombie(chain)) {
1842                                 /* The chain exists only because there is
1843                                  * some action referencing it, meaning it
1844                                  * is a zombie.
1845                                  */
1846                                 tcf_chain_hold(chain);
1847                         } else {
1848                                 NL_SET_ERR_MSG(extack, "Filter chain already exists");
1849                                 return -EEXIST;
1850                         }
1851                 } else {
1852                         if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1853                                 NL_SET_ERR_MSG(extack, "Need both RTM_NEWCHAIN and NLM_F_CREATE to create a new chain");
1854                                 return -ENOENT;
1855                         }
1856                         chain = tcf_chain_create(block, chain_index);
1857                         if (!chain) {
1858                                 NL_SET_ERR_MSG(extack, "Failed to create filter chain");
1859                                 return -ENOMEM;
1860                         }
1861                 }
1862         } else {
1863                 if (!chain || tcf_chain_is_zombie(chain)) {
1864                         NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1865                         return -EINVAL;
1866                 }
1867                 tcf_chain_hold(chain);
1868         }
1869
1870         switch (n->nlmsg_type) {
1871         case RTM_NEWCHAIN:
1872                 err = tc_chain_tmplt_add(chain, net, tca, extack);
1873                 if (err)
1874                         goto errout;
1875                 /* In case the chain was successfully added, take a reference
1876                  * to the chain. This ensures that an empty chain
1877                  * does not disappear at the end of this function.
1878                  */
1879                 tcf_chain_hold(chain);
1880                 chain->explicitly_created = true;
1881                 tc_chain_notify(chain, NULL, 0, NLM_F_CREATE | NLM_F_EXCL,
1882                                 RTM_NEWCHAIN, false);
1883                 break;
1884         case RTM_DELCHAIN:
1885                 /* Flush the chain first as the user requested chain removal. */
1886                 tcf_chain_flush(chain);
1887                 /* In case the chain was successfully deleted, put a reference
1888                  * to the chain previously taken during addition.
1889                  */
1890                 tcf_chain_put_explicitly_created(chain);
1891                 chain->explicitly_created = false;
1892                 break;
1893         case RTM_GETCHAIN:
1894                 err = tc_chain_notify(chain, skb, n->nlmsg_seq,
1895                                       n->nlmsg_seq, n->nlmsg_type, true);
1896                 if (err < 0)
1897                         NL_SET_ERR_MSG(extack, "Failed to send chain notify message");
1898                 break;
1899         default:
1900                 err = -EOPNOTSUPP;
1901                 NL_SET_ERR_MSG(extack, "Unsupported message type");
1902                 goto errout;
1903         }
1904
1905 errout:
1906         tcf_chain_put(chain);
1907         if (err == -EAGAIN)
1908                 /* Replay the request. */
1909                 goto replay;
1910         return err;
1911 }
1912
1913 /* called with RTNL */
1914 static int tc_dump_chain(struct sk_buff *skb, struct netlink_callback *cb)
1915 {
1916         struct net *net = sock_net(skb->sk);
1917         struct nlattr *tca[TCA_MAX + 1];
1918         struct Qdisc *q = NULL;
1919         struct tcf_block *block;
1920         struct tcf_chain *chain;
1921         struct tcmsg *tcm = nlmsg_data(cb->nlh);
1922         long index_start;
1923         long index;
1924         u32 parent;
1925         int err;
1926
1927         if (nlmsg_len(cb->nlh) < sizeof(*tcm))
1928                 return skb->len;
1929
1930         err = nlmsg_parse(cb->nlh, sizeof(*tcm), tca, TCA_MAX, NULL, NULL);
1931         if (err)
1932                 return err;
1933
1934         if (tcm->tcm_ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
1935                 block = tcf_block_lookup(net, tcm->tcm_block_index);
1936                 if (!block)
1937                         goto out;
1938                 /* If we work with block index, q is NULL and parent value
1939                  * will never be used in the following code. The check
1940                  * in tcf_fill_node prevents it. However, compiler does not
1941                  * see that far, so set parent to zero to silence the warning
1942                  * about parent being uninitialized.
1943                  */
1944                 parent = 0;
1945         } else {
1946                 const struct Qdisc_class_ops *cops;
1947                 struct net_device *dev;
1948                 unsigned long cl = 0;
1949
1950                 dev = __dev_get_by_index(net, tcm->tcm_ifindex);
1951                 if (!dev)
1952                         return skb->len;
1953
1954                 parent = tcm->tcm_parent;
1955                 if (!parent) {
1956                         q = dev->qdisc;
1957                         parent = q->handle;
1958                 } else {
1959                         q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
1960                 }
1961                 if (!q)
1962                         goto out;
1963                 cops = q->ops->cl_ops;
1964                 if (!cops)
1965                         goto out;
1966                 if (!cops->tcf_block)
1967                         goto out;
1968                 if (TC_H_MIN(tcm->tcm_parent)) {
1969                         cl = cops->find(q, tcm->tcm_parent);
1970                         if (cl == 0)
1971                                 goto out;
1972                 }
1973                 block = cops->tcf_block(q, cl, NULL);
1974                 if (!block)
1975                         goto out;
1976                 if (tcf_block_shared(block))
1977                         q = NULL;
1978         }
1979
1980         index_start = cb->args[0];
1981         index = 0;
1982
1983         list_for_each_entry(chain, &block->chain_list, list) {
1984                 if ((tca[TCA_CHAIN] &&
1985                      nla_get_u32(tca[TCA_CHAIN]) != chain->index))
1986                         continue;
1987                 if (index < index_start) {
1988                         index++;
1989                         continue;
1990                 }
1991                 if (tcf_chain_is_zombie(chain))
1992                         continue;
1993                 err = tc_chain_fill_node(chain, net, skb, block,
1994                                          NETLINK_CB(cb->skb).portid,
1995                                          cb->nlh->nlmsg_seq, NLM_F_MULTI,
1996                                          RTM_NEWCHAIN);
1997                 if (err <= 0)
1998                         break;
1999                 index++;
2000         }
2001
2002         cb->args[0] = index;
2003
2004 out:
2005         /* If we did no progress, the error (EMSGSIZE) is real */
2006         if (skb->len == 0 && err)
2007                 return err;
2008         return skb->len;
2009 }
2010
2011 void tcf_exts_destroy(struct tcf_exts *exts)
2012 {
2013 #ifdef CONFIG_NET_CLS_ACT
2014         tcf_action_destroy(exts->actions, TCA_ACT_UNBIND);
2015         kfree(exts->actions);
2016         exts->nr_actions = 0;
2017 #endif
2018 }
2019 EXPORT_SYMBOL(tcf_exts_destroy);
2020
2021 int tcf_exts_validate(struct net *net, struct tcf_proto *tp, struct nlattr **tb,
2022                       struct nlattr *rate_tlv, struct tcf_exts *exts, bool ovr,
2023                       struct netlink_ext_ack *extack)
2024 {
2025 #ifdef CONFIG_NET_CLS_ACT
2026         {
2027                 struct tc_action *act;
2028                 size_t attr_size = 0;
2029
2030                 if (exts->police && tb[exts->police]) {
2031                         act = tcf_action_init_1(net, tp, tb[exts->police],
2032                                                 rate_tlv, "police", ovr,
2033                                                 TCA_ACT_BIND, true, extack);
2034                         if (IS_ERR(act))
2035                                 return PTR_ERR(act);
2036
2037                         act->type = exts->type = TCA_OLD_COMPAT;
2038                         exts->actions[0] = act;
2039                         exts->nr_actions = 1;
2040                 } else if (exts->action && tb[exts->action]) {
2041                         int err;
2042
2043                         err = tcf_action_init(net, tp, tb[exts->action],
2044                                               rate_tlv, NULL, ovr, TCA_ACT_BIND,
2045                                               exts->actions, &attr_size, true,
2046                                               extack);
2047                         if (err < 0)
2048                                 return err;
2049                         exts->nr_actions = err;
2050                 }
2051                 exts->net = net;
2052         }
2053 #else
2054         if ((exts->action && tb[exts->action]) ||
2055             (exts->police && tb[exts->police])) {
2056                 NL_SET_ERR_MSG(extack, "Classifier actions are not supported per compile options (CONFIG_NET_CLS_ACT)");
2057                 return -EOPNOTSUPP;
2058         }
2059 #endif
2060
2061         return 0;
2062 }
2063 EXPORT_SYMBOL(tcf_exts_validate);
2064
2065 void tcf_exts_change(struct tcf_exts *dst, struct tcf_exts *src)
2066 {
2067 #ifdef CONFIG_NET_CLS_ACT
2068         struct tcf_exts old = *dst;
2069
2070         *dst = *src;
2071         tcf_exts_destroy(&old);
2072 #endif
2073 }
2074 EXPORT_SYMBOL(tcf_exts_change);
2075
2076 #ifdef CONFIG_NET_CLS_ACT
2077 static struct tc_action *tcf_exts_first_act(struct tcf_exts *exts)
2078 {
2079         if (exts->nr_actions == 0)
2080                 return NULL;
2081         else
2082                 return exts->actions[0];
2083 }
2084 #endif
2085
2086 int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts)
2087 {
2088 #ifdef CONFIG_NET_CLS_ACT
2089         struct nlattr *nest;
2090
2091         if (exts->action && tcf_exts_has_actions(exts)) {
2092                 /*
2093                  * again for backward compatible mode - we want
2094                  * to work with both old and new modes of entering
2095                  * tc data even if iproute2  was newer - jhs
2096                  */
2097                 if (exts->type != TCA_OLD_COMPAT) {
2098                         nest = nla_nest_start(skb, exts->action);
2099                         if (nest == NULL)
2100                                 goto nla_put_failure;
2101
2102                         if (tcf_action_dump(skb, exts->actions, 0, 0) < 0)
2103                                 goto nla_put_failure;
2104                         nla_nest_end(skb, nest);
2105                 } else if (exts->police) {
2106                         struct tc_action *act = tcf_exts_first_act(exts);
2107                         nest = nla_nest_start(skb, exts->police);
2108                         if (nest == NULL || !act)
2109                                 goto nla_put_failure;
2110                         if (tcf_action_dump_old(skb, act, 0, 0) < 0)
2111                                 goto nla_put_failure;
2112                         nla_nest_end(skb, nest);
2113                 }
2114         }
2115         return 0;
2116
2117 nla_put_failure:
2118         nla_nest_cancel(skb, nest);
2119         return -1;
2120 #else
2121         return 0;
2122 #endif
2123 }
2124 EXPORT_SYMBOL(tcf_exts_dump);
2125
2126
2127 int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts)
2128 {
2129 #ifdef CONFIG_NET_CLS_ACT
2130         struct tc_action *a = tcf_exts_first_act(exts);
2131         if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0)
2132                 return -1;
2133 #endif
2134         return 0;
2135 }
2136 EXPORT_SYMBOL(tcf_exts_dump_stats);
2137
2138 static int tc_exts_setup_cb_egdev_call(struct tcf_exts *exts,
2139                                        enum tc_setup_type type,
2140                                        void *type_data, bool err_stop)
2141 {
2142         int ok_count = 0;
2143 #ifdef CONFIG_NET_CLS_ACT
2144         const struct tc_action *a;
2145         struct net_device *dev;
2146         int i, ret;
2147
2148         if (!tcf_exts_has_actions(exts))
2149                 return 0;
2150
2151         for (i = 0; i < exts->nr_actions; i++) {
2152                 a = exts->actions[i];
2153                 if (!a->ops->get_dev)
2154                         continue;
2155                 dev = a->ops->get_dev(a);
2156                 if (!dev)
2157                         continue;
2158                 ret = tc_setup_cb_egdev_call(dev, type, type_data, err_stop);
2159                 if (ret < 0)
2160                         return ret;
2161                 ok_count += ret;
2162         }
2163 #endif
2164         return ok_count;
2165 }
2166
2167 int tc_setup_cb_call(struct tcf_block *block, struct tcf_exts *exts,
2168                      enum tc_setup_type type, void *type_data, bool err_stop)
2169 {
2170         int ok_count;
2171         int ret;
2172
2173         ret = tcf_block_cb_call(block, type, type_data, err_stop);
2174         if (ret < 0)
2175                 return ret;
2176         ok_count = ret;
2177
2178         if (!exts || ok_count)
2179                 return ok_count;
2180         ret = tc_exts_setup_cb_egdev_call(exts, type, type_data, err_stop);
2181         if (ret < 0)
2182                 return ret;
2183         ok_count += ret;
2184
2185         return ok_count;
2186 }
2187 EXPORT_SYMBOL(tc_setup_cb_call);
2188
2189 static __net_init int tcf_net_init(struct net *net)
2190 {
2191         struct tcf_net *tn = net_generic(net, tcf_net_id);
2192
2193         idr_init(&tn->idr);
2194         return 0;
2195 }
2196
2197 static void __net_exit tcf_net_exit(struct net *net)
2198 {
2199         struct tcf_net *tn = net_generic(net, tcf_net_id);
2200
2201         idr_destroy(&tn->idr);
2202 }
2203
2204 static struct pernet_operations tcf_net_ops = {
2205         .init = tcf_net_init,
2206         .exit = tcf_net_exit,
2207         .id   = &tcf_net_id,
2208         .size = sizeof(struct tcf_net),
2209 };
2210
2211 static int __init tc_filter_init(void)
2212 {
2213         int err;
2214
2215         tc_filter_wq = alloc_ordered_workqueue("tc_filter_workqueue", 0);
2216         if (!tc_filter_wq)
2217                 return -ENOMEM;
2218
2219         err = register_pernet_subsys(&tcf_net_ops);
2220         if (err)
2221                 goto err_register_pernet_subsys;
2222
2223         rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_new_tfilter, NULL, 0);
2224         rtnl_register(PF_UNSPEC, RTM_DELTFILTER, tc_del_tfilter, NULL, 0);
2225         rtnl_register(PF_UNSPEC, RTM_GETTFILTER, tc_get_tfilter,
2226                       tc_dump_tfilter, 0);
2227         rtnl_register(PF_UNSPEC, RTM_NEWCHAIN, tc_ctl_chain, NULL, 0);
2228         rtnl_register(PF_UNSPEC, RTM_DELCHAIN, tc_ctl_chain, NULL, 0);
2229         rtnl_register(PF_UNSPEC, RTM_GETCHAIN, tc_ctl_chain,
2230                       tc_dump_chain, 0);
2231
2232         return 0;
2233
2234 err_register_pernet_subsys:
2235         destroy_workqueue(tc_filter_wq);
2236         return err;
2237 }
2238
2239 subsys_initcall(tc_filter_init);