projects / linux-block.git / blame
| Commit | Line | Data |
|---|---|---|
| 2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
| 77b9900e JP |
2 | /* |
| 3 | * net/sched/cls_flower.c Flower classifier | |
| 4 | * | |
| 5 | * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us> | |
| 77b9900e JP |
6 | */ |
| 7 | ||
| 8 | #include <linux/kernel.h> | |
| 9 | #include <linux/init.h> | |
| 10 | #include <linux/module.h> | |
| 11 | #include <linux/rhashtable.h> | |
| d9363774 | 12 | #include <linux/workqueue.h> |
| 06177558 | 13 | #include <linux/refcount.h> |
| 77b9900e JP |
14 | |
| 15 | #include <linux/if_ether.h> | |
| 16 | #include <linux/in6.h> | |
| 17 | #include <linux/ip.h> | |
| a577d8f7 | 18 | #include <linux/mpls.h> |
| 77b9900e JP |
19 | |
| 20 | #include <net/sch_generic.h> | |
| 21 | #include <net/pkt_cls.h> | |
| 22 | #include <net/ip.h> | |
| 23 | #include <net/flow_dissector.h> | |
| 0a6e7778 | 24 | #include <net/geneve.h> |
| d8f9dfae | 25 | #include <net/vxlan.h> |
| 79b1011c | 26 | #include <net/erspan.h> |
| 77b9900e | 27 | |
| bc3103f1 AV |
28 | #include <net/dst.h> |
| 29 | #include <net/dst_metadata.h> | |
| 30 | ||
| e0ace68a PB |
31 | #include <uapi/linux/netfilter/nf_conntrack_common.h> |
| 32 | ||
| 77b9900e | 33 | struct fl_flow_key { |
| 8212ed77 | 34 | struct flow_dissector_key_meta meta; |
| 42aecaa9 | 35 | struct flow_dissector_key_control control; |
| bc3103f1 | 36 | struct flow_dissector_key_control enc_control; |
| 77b9900e JP |
37 | struct flow_dissector_key_basic basic; |
| 38 | struct flow_dissector_key_eth_addrs eth; | |
| 9399ae9a | 39 | struct flow_dissector_key_vlan vlan; |
| d64efd09 | 40 | struct flow_dissector_key_vlan cvlan; |
| 77b9900e | 41 | union { |
| c3f83241 | 42 | struct flow_dissector_key_ipv4_addrs ipv4; |
| 77b9900e JP |
43 | struct flow_dissector_key_ipv6_addrs ipv6; |
| 44 | }; | |
| 45 | struct flow_dissector_key_ports tp; | |
| 7b684884 | 46 | struct flow_dissector_key_icmp icmp; |
| 99d31326 | 47 | struct flow_dissector_key_arp arp; |
| bc3103f1 AV |
48 | struct flow_dissector_key_keyid enc_key_id; |
| 49 | union { | |
| 50 | struct flow_dissector_key_ipv4_addrs enc_ipv4; | |
| 51 | struct flow_dissector_key_ipv6_addrs enc_ipv6; | |
| 52 | }; | |
| f4d997fd | 53 | struct flow_dissector_key_ports enc_tp; |
| a577d8f7 | 54 | struct flow_dissector_key_mpls mpls; |
| fdfc7dd6 | 55 | struct flow_dissector_key_tcp tcp; |
| 4d80cc0a | 56 | struct flow_dissector_key_ip ip; |
| 0e2c17b6 | 57 | struct flow_dissector_key_ip enc_ip; |
| 0a6e7778 | 58 | struct flow_dissector_key_enc_opts enc_opts; |
| 8ffb055b YK |
59 | union { |
| 60 | struct flow_dissector_key_ports tp; | |
| 61 | struct { | |
| 62 | struct flow_dissector_key_ports tp_min; | |
| 63 | struct flow_dissector_key_ports tp_max; | |
| 64 | }; | |
| 65 | } tp_range; | |
| e0ace68a | 66 | struct flow_dissector_key_ct ct; |
| 77b9900e JP |
67 | } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ |
| 68 | ||
| 69 | struct fl_flow_mask_range { | |
| 70 | unsigned short int start; | |
| 71 | unsigned short int end; | |
| 72 | }; | |
| 73 | ||
| 74 | struct fl_flow_mask { | |
| 75 | struct fl_flow_key key; | |
| 76 | struct fl_flow_mask_range range; | |
| 5c72299f | 77 | u32 flags; |
| 05cd271f PB |
78 | struct rhash_head ht_node; |
| 79 | struct rhashtable ht; | |
| 80 | struct rhashtable_params filter_ht_params; | |
| 81 | struct flow_dissector dissector; | |
| 82 | struct list_head filters; | |
| 44a5cd43 | 83 | struct rcu_work rwork; |
| 05cd271f | 84 | struct list_head list; |
| f48ef4d5 | 85 | refcount_t refcnt; |
| 77b9900e JP |
86 | }; |
| 87 | ||
| b95ec7eb JP |
88 | struct fl_flow_tmplt { |
| 89 | struct fl_flow_key dummy_key; | |
| 90 | struct fl_flow_key mask; | |
| 91 | struct flow_dissector dissector; | |
| 92 | struct tcf_chain *chain; | |
| 93 | }; | |
| 94 | ||
| 77b9900e JP |
95 | struct cls_fl_head { |
| 96 | struct rhashtable ht; | |
| 259e60f9 | 97 | spinlock_t masks_lock; /* Protect masks list */ |
| 05cd271f | 98 | struct list_head masks; |
| c049d56e | 99 | struct list_head hw_filters; |
| aaa908ff | 100 | struct rcu_work rwork; |
| c15ab236 | 101 | struct idr handle_idr; |
| 77b9900e JP |
102 | }; |
| 103 | ||
| 104 | struct cls_fl_filter { | |
| 05cd271f | 105 | struct fl_flow_mask *mask; |
| 77b9900e JP |
106 | struct rhash_head ht_node; |
| 107 | struct fl_flow_key mkey; | |
| 108 | struct tcf_exts exts; | |
| 109 | struct tcf_result res; | |
| 110 | struct fl_flow_key key; | |
| 111 | struct list_head list; | |
| c049d56e | 112 | struct list_head hw_list; |
| 77b9900e | 113 | u32 handle; |
| e69985c6 | 114 | u32 flags; |
| 86c55361 | 115 | u32 in_hw_count; |
| aaa908ff | 116 | struct rcu_work rwork; |
| 7091d8c7 | 117 | struct net_device *hw_dev; |
| 06177558 VB |
118 | /* Flower classifier is unlocked, which means that its reference counter |
| 119 | * can be changed concurrently without any kind of external | |
| 120 | * synchronization. Use atomic reference counter to be concurrency-safe. | |
| 121 | */ | |
| 122 | refcount_t refcnt; | |
| b2552b8c | 123 | bool deleted; |
| 77b9900e JP |
124 | }; |
| 125 | ||
| 05cd271f PB |
126 | static const struct rhashtable_params mask_ht_params = { |
| 127 | .key_offset = offsetof(struct fl_flow_mask, key), | |
| 128 | .key_len = sizeof(struct fl_flow_key), | |
| 129 | .head_offset = offsetof(struct fl_flow_mask, ht_node), | |
| 130 | .automatic_shrinking = true, | |
| 131 | }; | |
| 132 | ||
| 77b9900e JP |
133 | static unsigned short int fl_mask_range(const struct fl_flow_mask *mask) |
| 134 | { | |
| 135 | return mask->range.end - mask->range.start; | |
| 136 | } | |
| 137 | ||
| 138 | static void fl_mask_update_range(struct fl_flow_mask *mask) | |
| 139 | { | |
| 140 | const u8 *bytes = (const u8 *) &mask->key; | |
| 141 | size_t size = sizeof(mask->key); | |
| 05cd271f | 142 | size_t i, first = 0, last; |
| 77b9900e | 143 | |
| 05cd271f PB |
144 | for (i = 0; i < size; i++) { |
| 145 | if (bytes[i]) { | |
| 146 | first = i; | |
| 147 | break; | |
| 148 | } | |
| 149 | } | |
| 150 | last = first; | |
| 151 | for (i = size - 1; i != first; i--) { | |
| 77b9900e | 152 | if (bytes[i]) { |
| 77b9900e | 153 | last = i; |
| 05cd271f | 154 | break; |
| 77b9900e JP |
155 | } |
| 156 | } | |
| 157 | mask->range.start = rounddown(first, sizeof(long)); | |
| 158 | mask->range.end = roundup(last + 1, sizeof(long)); | |
| 159 | } | |
| 160 | ||
| 161 | static void *fl_key_get_start(struct fl_flow_key *key, | |
| 162 | const struct fl_flow_mask *mask) | |
| 163 | { | |
| 164 | return (u8 *) key + mask->range.start; | |
| 165 | } | |
| 166 | ||
| 167 | static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key, | |
| 168 | struct fl_flow_mask *mask) | |
| 169 | { | |
| 170 | const long *lkey = fl_key_get_start(key, mask); | |
| 171 | const long *lmask = fl_key_get_start(&mask->key, mask); | |
| 172 | long *lmkey = fl_key_get_start(mkey, mask); | |
| 173 | int i; | |
| 174 | ||
| 175 | for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) | |
| 176 | *lmkey++ = *lkey++ & *lmask++; | |
| 177 | } | |
| 178 | ||
| b95ec7eb JP |
179 | static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt, |
| 180 | struct fl_flow_mask *mask) | |
| 181 | { | |
| 182 | const long *lmask = fl_key_get_start(&mask->key, mask); | |
| 183 | const long *ltmplt; | |
| 184 | int i; | |
| 185 | ||
| 186 | if (!tmplt) | |
| 187 | return true; | |
| 188 | ltmplt = fl_key_get_start(&tmplt->mask, mask); | |
| 189 | for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) { | |
| 190 | if (~*ltmplt++ & *lmask++) | |
| 191 | return false; | |
| 192 | } | |
| 193 | return true; | |
| 194 | } | |
| 195 | ||
| 77b9900e JP |
196 | static void fl_clear_masked_range(struct fl_flow_key *key, |
| 197 | struct fl_flow_mask *mask) | |
| 198 | { | |
| 199 | memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask)); | |
| 200 | } | |
| 201 | ||
| 5c72299f AN |
202 | static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter, |
| 203 | struct fl_flow_key *key, | |
| 204 | struct fl_flow_key *mkey) | |
| 205 | { | |
| 206 | __be16 min_mask, max_mask, min_val, max_val; | |
| 207 | ||
| 8ffb055b YK |
208 | min_mask = htons(filter->mask->key.tp_range.tp_min.dst); |
| 209 | max_mask = htons(filter->mask->key.tp_range.tp_max.dst); | |
| 210 | min_val = htons(filter->key.tp_range.tp_min.dst); | |
| 211 | max_val = htons(filter->key.tp_range.tp_max.dst); | |
| 5c72299f AN |
212 | |
| 213 | if (min_mask && max_mask) { | |
| 8ffb055b YK |
214 | if (htons(key->tp_range.tp.dst) < min_val || |
| 215 | htons(key->tp_range.tp.dst) > max_val) | |
| 5c72299f AN |
216 | return false; |
| 217 | ||
| 218 | /* skb does not have min and max values */ | |
| 8ffb055b YK |
219 | mkey->tp_range.tp_min.dst = filter->mkey.tp_range.tp_min.dst; |
| 220 | mkey->tp_range.tp_max.dst = filter->mkey.tp_range.tp_max.dst; | |
| 5c72299f AN |
221 | } |
| 222 | return true; | |
| 223 | } | |
| 224 | ||
| 225 | static bool fl_range_port_src_cmp(struct cls_fl_filter *filter, | |
| 226 | struct fl_flow_key *key, | |
| 227 | struct fl_flow_key *mkey) | |
| 228 | { | |
| 229 | __be16 min_mask, max_mask, min_val, max_val; | |
| 230 | ||
| 8ffb055b YK |
231 | min_mask = htons(filter->mask->key.tp_range.tp_min.src); |
| 232 | max_mask = htons(filter->mask->key.tp_range.tp_max.src); | |
| 233 | min_val = htons(filter->key.tp_range.tp_min.src); | |
| 234 | max_val = htons(filter->key.tp_range.tp_max.src); | |
| 5c72299f AN |
235 | |
| 236 | if (min_mask && max_mask) { | |
| 8ffb055b YK |
237 | if (htons(key->tp_range.tp.src) < min_val || |
| 238 | htons(key->tp_range.tp.src) > max_val) | |
| 5c72299f AN |
239 | return false; |
| 240 | ||
| 241 | /* skb does not have min and max values */ | |
| 8ffb055b YK |
242 | mkey->tp_range.tp_min.src = filter->mkey.tp_range.tp_min.src; |
| 243 | mkey->tp_range.tp_max.src = filter->mkey.tp_range.tp_max.src; | |
| 5c72299f AN |
244 | } |
| 245 | return true; | |
| 246 | } | |
| 247 | ||
| 248 | static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask, | |
| 249 | struct fl_flow_key *mkey) | |
| a3308d8f | 250 | { |
| 05cd271f PB |
251 | return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask), |
| 252 | mask->filter_ht_params); | |
| a3308d8f PB |
253 | } |
| 254 | ||
| 5c72299f AN |
255 | static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask, |
| 256 | struct fl_flow_key *mkey, | |
| 257 | struct fl_flow_key *key) | |
| 258 | { | |
| 259 | struct cls_fl_filter *filter, *f; | |
| 260 | ||
| 261 | list_for_each_entry_rcu(filter, &mask->filters, list) { | |
| 262 | if (!fl_range_port_dst_cmp(filter, key, mkey)) | |
| 263 | continue; | |
| 264 | ||
| 265 | if (!fl_range_port_src_cmp(filter, key, mkey)) | |
| 266 | continue; | |
| 267 | ||
| 268 | f = __fl_lookup(mask, mkey); | |
| 269 | if (f) | |
| 270 | return f; | |
| 271 | } | |
| 272 | return NULL; | |
| 273 | } | |
| 274 | ||
| 275 | static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask, | |
| 276 | struct fl_flow_key *mkey, | |
| 277 | struct fl_flow_key *key) | |
| 278 | { | |
| 279 | if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE)) | |
| 280 | return fl_lookup_range(mask, mkey, key); | |
| 281 | ||
| 282 | return __fl_lookup(mask, mkey); | |
| 283 | } | |
| 284 | ||
| e0ace68a PB |
285 | static u16 fl_ct_info_to_flower_map[] = { |
| 286 | [IP_CT_ESTABLISHED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 287 | TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED, | |
| 288 | [IP_CT_RELATED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 289 | TCA_FLOWER_KEY_CT_FLAGS_RELATED, | |
| 290 | [IP_CT_ESTABLISHED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 291 | TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED, | |
| 292 | [IP_CT_RELATED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 293 | TCA_FLOWER_KEY_CT_FLAGS_RELATED, | |
| 294 | [IP_CT_NEW] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED | | |
| 295 | TCA_FLOWER_KEY_CT_FLAGS_NEW, | |
| 296 | }; | |
| 297 | ||
| 77b9900e JP |
298 | static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp, |
| 299 | struct tcf_result *res) | |
| 300 | { | |
| 301 | struct cls_fl_head *head = rcu_dereference_bh(tp->root); | |
| 77b9900e | 302 | struct fl_flow_key skb_mkey; |
| e0ace68a PB |
303 | struct fl_flow_key skb_key; |
| 304 | struct fl_flow_mask *mask; | |
| 305 | struct cls_fl_filter *f; | |
| 77b9900e | 306 | |
| 05cd271f | 307 | list_for_each_entry_rcu(mask, &head->masks, list) { |
| 8a9093c7 | 308 | flow_dissector_init_keys(&skb_key.control, &skb_key.basic); |
| 05cd271f | 309 | fl_clear_masked_range(&skb_key, mask); |
| bc3103f1 | 310 | |
| 8212ed77 | 311 | skb_flow_dissect_meta(skb, &mask->dissector, &skb_key); |
| 05cd271f PB |
312 | /* skb_flow_dissect() does not set n_proto in case an unknown |
| 313 | * protocol, so do it rather here. | |
| 314 | */ | |
| 315 | skb_key.basic.n_proto = skb->protocol; | |
| 316 | skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key); | |
| e0ace68a PB |
317 | skb_flow_dissect_ct(skb, &mask->dissector, &skb_key, |
| 318 | fl_ct_info_to_flower_map, | |
| 319 | ARRAY_SIZE(fl_ct_info_to_flower_map)); | |
| 05cd271f | 320 | skb_flow_dissect(skb, &mask->dissector, &skb_key, 0); |
| 77b9900e | 321 | |
| 05cd271f | 322 | fl_set_masked_key(&skb_mkey, &skb_key, mask); |
| 77b9900e | 323 | |
| 5c72299f | 324 | f = fl_lookup(mask, &skb_mkey, &skb_key); |
| 05cd271f PB |
325 | if (f && !tc_skip_sw(f->flags)) { |
| 326 | *res = f->res; | |
| 327 | return tcf_exts_exec(skb, &f->exts, res); | |
| 328 | } | |
| 77b9900e JP |
329 | } |
| 330 | return -1; | |
| 331 | } | |
| 332 | ||
| 333 | static int fl_init(struct tcf_proto *tp) | |
| 334 | { | |
| 335 | struct cls_fl_head *head; | |
| 336 | ||
| 337 | head = kzalloc(sizeof(*head), GFP_KERNEL); | |
| 338 | if (!head) | |
| 339 | return -ENOBUFS; | |
| 340 | ||
| 259e60f9 | 341 | spin_lock_init(&head->masks_lock); |
| 05cd271f | 342 | INIT_LIST_HEAD_RCU(&head->masks); |
| c049d56e | 343 | INIT_LIST_HEAD(&head->hw_filters); |
| 77b9900e | 344 | rcu_assign_pointer(tp->root, head); |
| c15ab236 | 345 | idr_init(&head->handle_idr); |
| 77b9900e | 346 | |
| 05cd271f PB |
347 | return rhashtable_init(&head->ht, &mask_ht_params); |
| 348 | } | |
| 349 | ||
| 99815f50 | 350 | static void fl_mask_free(struct fl_flow_mask *mask, bool mask_init_done) |
| 44a5cd43 | 351 | { |
| 99815f50 VB |
352 | /* temporary masks don't have their filters list and ht initialized */ |
| 353 | if (mask_init_done) { | |
| 354 | WARN_ON(!list_empty(&mask->filters)); | |
| 355 | rhashtable_destroy(&mask->ht); | |
| 356 | } | |
| 44a5cd43 PA |
357 | kfree(mask); |
| 358 | } | |
| 359 | ||
| 360 | static void fl_mask_free_work(struct work_struct *work) | |
| 361 | { | |
| 362 | struct fl_flow_mask *mask = container_of(to_rcu_work(work), | |
| 363 | struct fl_flow_mask, rwork); | |
| 364 | ||
| 99815f50 VB |
365 | fl_mask_free(mask, true); |
| 366 | } | |
| 367 | ||
| 368 | static void fl_uninit_mask_free_work(struct work_struct *work) | |
| 369 | { | |
| 370 | struct fl_flow_mask *mask = container_of(to_rcu_work(work), | |
| 371 | struct fl_flow_mask, rwork); | |
| 372 | ||
| 373 | fl_mask_free(mask, false); | |
| 44a5cd43 PA |
374 | } |
| 375 | ||
| 9994677c | 376 | static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask) |
| 05cd271f | 377 | { |
| f48ef4d5 | 378 | if (!refcount_dec_and_test(&mask->refcnt)) |
| 05cd271f PB |
379 | return false; |
| 380 | ||
| 381 | rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params); | |
| 259e60f9 VB |
382 | |
| 383 | spin_lock(&head->masks_lock); | |
| 05cd271f | 384 | list_del_rcu(&mask->list); |
| 259e60f9 VB |
385 | spin_unlock(&head->masks_lock); |
| 386 | ||
| 9994677c | 387 | tcf_queue_work(&mask->rwork, fl_mask_free_work); |
| 05cd271f PB |
388 | |
| 389 | return true; | |
| 77b9900e JP |
390 | } |
| 391 | ||
| c049d56e VB |
392 | static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp) |
| 393 | { | |
| 394 | /* Flower classifier only changes root pointer during init and destroy. | |
| 395 | * Users must obtain reference to tcf_proto instance before calling its | |
| 396 | * API, so tp->root pointer is protected from concurrent call to | |
| 397 | * fl_destroy() by reference counting. | |
| 398 | */ | |
| 399 | return rcu_dereference_raw(tp->root); | |
| 400 | } | |
| 401 | ||
| 0dadc117 CW |
402 | static void __fl_destroy_filter(struct cls_fl_filter *f) |
| 403 | { | |
| 404 | tcf_exts_destroy(&f->exts); | |
| 405 | tcf_exts_put_net(&f->exts); | |
| 406 | kfree(f); | |
| 407 | } | |
| 408 | ||
| 0552c8af | 409 | static void fl_destroy_filter_work(struct work_struct *work) |
| 77b9900e | 410 | { |
| aaa908ff CW |
411 | struct cls_fl_filter *f = container_of(to_rcu_work(work), |
| 412 | struct cls_fl_filter, rwork); | |
| 77b9900e | 413 | |
| 0dadc117 | 414 | __fl_destroy_filter(f); |
| 0552c8af CW |
415 | } |
| 416 | ||
| 1b0f8037 | 417 | static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f, |
| c24e43d8 | 418 | bool rtnl_held, struct netlink_ext_ack *extack) |
| 5b33f488 | 419 | { |
| 208c0f4b | 420 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 421 | struct flow_cls_offload cls_flower = {}; |
| 5b33f488 | 422 | |
| d6787147 | 423 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack); |
| f9e30088 | 424 | cls_flower.command = FLOW_CLS_DESTROY; |
| de4784ca | 425 | cls_flower.cookie = (unsigned long) f; |
| 5b33f488 | 426 | |
| 40119211 | 427 | tc_setup_cb_destroy(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, false, |
| 918190f5 | 428 | &f->flags, &f->in_hw_count, rtnl_held); |
| c24e43d8 | 429 | |
| 5b33f488 AV |
430 | } |
| 431 | ||
| e8eb36cd | 432 | static int fl_hw_replace_filter(struct tcf_proto *tp, |
| c24e43d8 | 433 | struct cls_fl_filter *f, bool rtnl_held, |
| 41002038 | 434 | struct netlink_ext_ack *extack) |
| 5b33f488 | 435 | { |
| 208c0f4b | 436 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 437 | struct flow_cls_offload cls_flower = {}; |
| 717503b9 | 438 | bool skip_sw = tc_skip_sw(f->flags); |
| c24e43d8 VB |
439 | int err = 0; |
| 440 | ||
| e3ab786b | 441 | cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts)); |
| 918190f5 VB |
442 | if (!cls_flower.rule) |
| 443 | return -ENOMEM; | |
| 8f256622 | 444 | |
| d6787147 | 445 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack); |
| f9e30088 | 446 | cls_flower.command = FLOW_CLS_REPLACE; |
| de4784ca | 447 | cls_flower.cookie = (unsigned long) f; |
| 8f256622 PNA |
448 | cls_flower.rule->match.dissector = &f->mask->dissector; |
| 449 | cls_flower.rule->match.mask = &f->mask->key; | |
| 450 | cls_flower.rule->match.key = &f->mkey; | |
| 384c181e | 451 | cls_flower.classid = f->res.classid; |
| 5b33f488 | 452 | |
| b15e7a6e | 453 | err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts); |
| 3a7b6861 PNA |
454 | if (err) { |
| 455 | kfree(cls_flower.rule); | |
| 918190f5 | 456 | if (skip_sw) { |
| 1f15bb4f | 457 | NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action"); |
| 918190f5 VB |
458 | return err; |
| 459 | } | |
| 460 | return 0; | |
| 3a7b6861 PNA |
461 | } |
| 462 | ||
| 40119211 | 463 | err = tc_setup_cb_add(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, |
| 918190f5 | 464 | skip_sw, &f->flags, &f->in_hw_count, rtnl_held); |
| 5a6ff4b1 | 465 | tc_cleanup_flow_action(&cls_flower.rule->action); |
| 8f256622 PNA |
466 | kfree(cls_flower.rule); |
| 467 | ||
| 40119211 | 468 | if (err) { |
| 918190f5 VB |
469 | fl_hw_destroy_filter(tp, f, rtnl_held, NULL); |
| 470 | return err; | |
| 717503b9 JP |
471 | } |
| 472 | ||
| 918190f5 VB |
473 | if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW)) |
| 474 | return -EINVAL; | |
| c24e43d8 | 475 | |
| 918190f5 | 476 | return 0; |
| 5b33f488 AV |
477 | } |
| 478 | ||
| c24e43d8 VB |
479 | static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f, |
| 480 | bool rtnl_held) | |
| 10cbc684 | 481 | { |
| 208c0f4b | 482 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 483 | struct flow_cls_offload cls_flower = {}; |
| 10cbc684 | 484 | |
| d6787147 | 485 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL); |
| f9e30088 | 486 | cls_flower.command = FLOW_CLS_STATS; |
| de4784ca | 487 | cls_flower.cookie = (unsigned long) f; |
| 384c181e | 488 | cls_flower.classid = f->res.classid; |
| 10cbc684 | 489 | |
| 918190f5 VB |
490 | tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, |
| 491 | rtnl_held); | |
| 3b1903ef PNA |
492 | |
| 493 | tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes, | |
| 494 | cls_flower.stats.pkts, | |
| 495 | cls_flower.stats.lastused); | |
| 10cbc684 AV |
496 | } |
| 497 | ||
| 06177558 VB |
498 | static void __fl_put(struct cls_fl_filter *f) |
| 499 | { | |
| 500 | if (!refcount_dec_and_test(&f->refcnt)) | |
| 501 | return; | |
| 502 | ||
| 503 | if (tcf_exts_get_net(&f->exts)) | |
| 504 | tcf_queue_work(&f->rwork, fl_destroy_filter_work); | |
| 505 | else | |
| 506 | __fl_destroy_filter(f); | |
| 507 | } | |
| 508 | ||
| 509 | static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle) | |
| 510 | { | |
| 511 | struct cls_fl_filter *f; | |
| 512 | ||
| 513 | rcu_read_lock(); | |
| 514 | f = idr_find(&head->handle_idr, handle); | |
| 515 | if (f && !refcount_inc_not_zero(&f->refcnt)) | |
| 516 | f = NULL; | |
| 517 | rcu_read_unlock(); | |
| 518 | ||
| 519 | return f; | |
| 520 | } | |
| 521 | ||
| b2552b8c | 522 | static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f, |
| c24e43d8 VB |
523 | bool *last, bool rtnl_held, |
| 524 | struct netlink_ext_ack *extack) | |
| 13fa876e | 525 | { |
| e474619a | 526 | struct cls_fl_head *head = fl_head_dereference(tp); |
| c15ab236 | 527 | |
| b2552b8c VB |
528 | *last = false; |
| 529 | ||
| 3d81e711 VB |
530 | spin_lock(&tp->lock); |
| 531 | if (f->deleted) { | |
| 532 | spin_unlock(&tp->lock); | |
| b2552b8c | 533 | return -ENOENT; |
| 3d81e711 | 534 | } |
| b2552b8c VB |
535 | |
| 536 | f->deleted = true; | |
| 537 | rhashtable_remove_fast(&f->mask->ht, &f->ht_node, | |
| 538 | f->mask->filter_ht_params); | |
| 9c160941 | 539 | idr_remove(&head->handle_idr, f->handle); |
| 13fa876e | 540 | list_del_rcu(&f->list); |
| 3d81e711 VB |
541 | spin_unlock(&tp->lock); |
| 542 | ||
| 9994677c | 543 | *last = fl_mask_put(head, f->mask); |
| 79685219 | 544 | if (!tc_skip_hw(f->flags)) |
| c24e43d8 | 545 | fl_hw_destroy_filter(tp, f, rtnl_held, extack); |
| 13fa876e | 546 | tcf_unbind_filter(tp, &f->res); |
| 06177558 | 547 | __fl_put(f); |
| 05cd271f | 548 | |
| b2552b8c | 549 | return 0; |
| 13fa876e RD |
550 | } |
| 551 | ||
| d9363774 DB |
552 | static void fl_destroy_sleepable(struct work_struct *work) |
| 553 | { | |
| aaa908ff CW |
554 | struct cls_fl_head *head = container_of(to_rcu_work(work), |
| 555 | struct cls_fl_head, | |
| 556 | rwork); | |
| de9dc650 PB |
557 | |
| 558 | rhashtable_destroy(&head->ht); | |
| d9363774 DB |
559 | kfree(head); |
| 560 | module_put(THIS_MODULE); | |
| 561 | } | |
| 562 | ||
| 12db03b6 VB |
563 | static void fl_destroy(struct tcf_proto *tp, bool rtnl_held, |
| 564 | struct netlink_ext_ack *extack) | |
| 77b9900e | 565 | { |
| e474619a | 566 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 05cd271f | 567 | struct fl_flow_mask *mask, *next_mask; |
| 77b9900e | 568 | struct cls_fl_filter *f, *next; |
| b2552b8c | 569 | bool last; |
| 77b9900e | 570 | |
| 05cd271f PB |
571 | list_for_each_entry_safe(mask, next_mask, &head->masks, list) { |
| 572 | list_for_each_entry_safe(f, next, &mask->filters, list) { | |
| c24e43d8 | 573 | __fl_delete(tp, f, &last, rtnl_held, extack); |
| b2552b8c | 574 | if (last) |
| 05cd271f PB |
575 | break; |
| 576 | } | |
| 577 | } | |
| c15ab236 | 578 | idr_destroy(&head->handle_idr); |
| d9363774 DB |
579 | |
| 580 | __module_get(THIS_MODULE); | |
| aaa908ff | 581 | tcf_queue_work(&head->rwork, fl_destroy_sleepable); |
| 77b9900e JP |
582 | } |
| 583 | ||
| 06177558 VB |
584 | static void fl_put(struct tcf_proto *tp, void *arg) |
| 585 | { | |
| 586 | struct cls_fl_filter *f = arg; | |
| 587 | ||
| 588 | __fl_put(f); | |
| 589 | } | |
| 590 | ||
| 8113c095 | 591 | static void *fl_get(struct tcf_proto *tp, u32 handle) |
| 77b9900e | 592 | { |
| e474619a | 593 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 77b9900e | 594 | |
| 06177558 | 595 | return __fl_get(head, handle); |
| 77b9900e JP |
596 | } |
| 597 | ||
| 598 | static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = { | |
| 599 | [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC }, | |
| 600 | [TCA_FLOWER_CLASSID] = { .type = NLA_U32 }, | |
| 601 | [TCA_FLOWER_INDEV] = { .type = NLA_STRING, | |
| 602 | .len = IFNAMSIZ }, | |
| 603 | [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN }, | |
| 604 | [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN }, | |
| 605 | [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN }, | |
| 606 | [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN }, | |
| 607 | [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 }, | |
| 608 | [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 }, | |
| 609 | [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 }, | |
| 610 | [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 }, | |
| 611 | [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 }, | |
| 612 | [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 }, | |
| 613 | [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, | |
| 614 | [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, | |
| 615 | [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) }, | |
| 616 | [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, | |
| 617 | [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 }, | |
| 618 | [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 }, | |
| b175c3a4 JHS |
619 | [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 }, |
| 620 | [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 }, | |
| 9399ae9a HHZ |
621 | [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 }, |
| 622 | [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 }, | |
| 623 | [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 }, | |
| bc3103f1 AV |
624 | [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 }, |
| 625 | [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 }, | |
| 626 | [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 }, | |
| 627 | [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 }, | |
| 628 | [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 }, | |
| 629 | [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, | |
| 630 | [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, | |
| 631 | [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) }, | |
| 632 | [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, | |
| aa72d708 OG |
633 | [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 }, |
| 634 | [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 }, | |
| 635 | [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 }, | |
| 636 | [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 }, | |
| 5976c5f4 SH |
637 | [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 }, |
| 638 | [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 }, | |
| 639 | [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 }, | |
| 640 | [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 }, | |
| f4d997fd HHZ |
641 | [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 }, |
| 642 | [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 }, | |
| 643 | [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 }, | |
| 644 | [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 }, | |
| faa3ffce OG |
645 | [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 }, |
| 646 | [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 }, | |
| 7b684884 SH |
647 | [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 }, |
| 648 | [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 }, | |
| 649 | [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 }, | |
| 650 | [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 }, | |
| 651 | [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 }, | |
| 652 | [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 }, | |
| 653 | [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 }, | |
| 654 | [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 }, | |
| 99d31326 SH |
655 | [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 }, |
| 656 | [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 }, | |
| 657 | [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 }, | |
| 658 | [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 }, | |
| 659 | [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 }, | |
| 660 | [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 }, | |
| 661 | [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN }, | |
| 662 | [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN }, | |
| 663 | [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN }, | |
| 664 | [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN }, | |
| a577d8f7 BL |
665 | [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 }, |
| 666 | [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 }, | |
| 667 | [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 }, | |
| 668 | [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 }, | |
| fdfc7dd6 JP |
669 | [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 }, |
| 670 | [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 }, | |
| 4d80cc0a OG |
671 | [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 }, |
| 672 | [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 }, | |
| 673 | [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 }, | |
| 674 | [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 }, | |
| d64efd09 JL |
675 | [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 }, |
| 676 | [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 }, | |
| 677 | [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 }, | |
| 0e2c17b6 OG |
678 | [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 }, |
| 679 | [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 }, | |
| 680 | [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 }, | |
| 681 | [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 }, | |
| 0a6e7778 PJV |
682 | [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED }, |
| 683 | [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED }, | |
| e0ace68a PB |
684 | [TCA_FLOWER_KEY_CT_STATE] = { .type = NLA_U16 }, |
| 685 | [TCA_FLOWER_KEY_CT_STATE_MASK] = { .type = NLA_U16 }, | |
| 686 | [TCA_FLOWER_KEY_CT_ZONE] = { .type = NLA_U16 }, | |
| 687 | [TCA_FLOWER_KEY_CT_ZONE_MASK] = { .type = NLA_U16 }, | |
| 688 | [TCA_FLOWER_KEY_CT_MARK] = { .type = NLA_U32 }, | |
| 689 | [TCA_FLOWER_KEY_CT_MARK_MASK] = { .type = NLA_U32 }, | |
| 690 | [TCA_FLOWER_KEY_CT_LABELS] = { .type = NLA_BINARY, | |
| 691 | .len = 128 / BITS_PER_BYTE }, | |
| 692 | [TCA_FLOWER_KEY_CT_LABELS_MASK] = { .type = NLA_BINARY, | |
| 693 | .len = 128 / BITS_PER_BYTE }, | |
| e2debf08 | 694 | [TCA_FLOWER_FLAGS] = { .type = NLA_U32 }, |
| 0a6e7778 PJV |
695 | }; |
| 696 | ||
| 697 | static const struct nla_policy | |
| 698 | enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = { | |
| d8f9dfae XL |
699 | [TCA_FLOWER_KEY_ENC_OPTS_UNSPEC] = { |
| 700 | .strict_start_type = TCA_FLOWER_KEY_ENC_OPTS_VXLAN }, | |
| 0a6e7778 | 701 | [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED }, |
| d8f9dfae | 702 | [TCA_FLOWER_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED }, |
| 79b1011c | 703 | [TCA_FLOWER_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED }, |
| 0a6e7778 PJV |
704 | }; |
| 705 | ||
| 706 | static const struct nla_policy | |
| 707 | geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = { | |
| 708 | [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 }, | |
| 709 | [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 }, | |
| 710 | [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY, | |
| 711 | .len = 128 }, | |
| 77b9900e JP |
712 | }; |
| 713 | ||
| d8f9dfae XL |
714 | static const struct nla_policy |
| 715 | vxlan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1] = { | |
| 716 | [TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 }, | |
| 717 | }; | |
| 718 | ||
| 79b1011c XL |
719 | static const struct nla_policy |
| 720 | erspan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1] = { | |
| 721 | [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 }, | |
| 722 | [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 }, | |
| 723 | [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 }, | |
| 724 | [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 }, | |
| 725 | }; | |
| 726 | ||
| 77b9900e JP |
727 | static void fl_set_key_val(struct nlattr **tb, |
| 728 | void *val, int val_type, | |
| 729 | void *mask, int mask_type, int len) | |
| 730 | { | |
| 731 | if (!tb[val_type]) | |
| 732 | return; | |
| e0ace68a | 733 | nla_memcpy(val, tb[val_type], len); |
| 77b9900e JP |
734 | if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type]) |
| 735 | memset(mask, 0xff, len); | |
| 736 | else | |
| e0ace68a | 737 | nla_memcpy(mask, tb[mask_type], len); |
| 77b9900e JP |
738 | } |
| 739 | ||
| 5c72299f AN |
740 | static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key, |
| 741 | struct fl_flow_key *mask) | |
| 742 | { | |
| 8ffb055b YK |
743 | fl_set_key_val(tb, &key->tp_range.tp_min.dst, |
| 744 | TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_range.tp_min.dst, | |
| 745 | TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.dst)); | |
| 746 | fl_set_key_val(tb, &key->tp_range.tp_max.dst, | |
| 747 | TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_range.tp_max.dst, | |
| 748 | TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.dst)); | |
| 749 | fl_set_key_val(tb, &key->tp_range.tp_min.src, | |
| 750 | TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_range.tp_min.src, | |
| 751 | TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.src)); | |
| 752 | fl_set_key_val(tb, &key->tp_range.tp_max.src, | |
| 753 | TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_range.tp_max.src, | |
| 754 | TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.src)); | |
| 755 | ||
| 756 | if ((mask->tp_range.tp_min.dst && mask->tp_range.tp_max.dst && | |
| 757 | htons(key->tp_range.tp_max.dst) <= | |
| 758 | htons(key->tp_range.tp_min.dst)) || | |
| 759 | (mask->tp_range.tp_min.src && mask->tp_range.tp_max.src && | |
| 760 | htons(key->tp_range.tp_max.src) <= | |
| 761 | htons(key->tp_range.tp_min.src))) | |
| 5c72299f AN |
762 | return -EINVAL; |
| 763 | ||
| 764 | return 0; | |
| 765 | } | |
| 766 | ||
| 1a7fca63 BL |
767 | static int fl_set_key_mpls(struct nlattr **tb, |
| 768 | struct flow_dissector_key_mpls *key_val, | |
| 442f730e GN |
769 | struct flow_dissector_key_mpls *key_mask, |
| 770 | struct netlink_ext_ack *extack) | |
| a577d8f7 BL |
771 | { |
| 772 | if (tb[TCA_FLOWER_KEY_MPLS_TTL]) { | |
| 773 | key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]); | |
| 774 | key_mask->mpls_ttl = MPLS_TTL_MASK; | |
| 775 | } | |
| 776 | if (tb[TCA_FLOWER_KEY_MPLS_BOS]) { | |
| 1a7fca63 BL |
777 | u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]); |
| 778 | ||
| 442f730e GN |
779 | if (bos & ~MPLS_BOS_MASK) { |
| 780 | NL_SET_ERR_MSG_ATTR(extack, | |
| 781 | tb[TCA_FLOWER_KEY_MPLS_BOS], | |
| 782 | "Bottom Of Stack (BOS) must be 0 or 1"); | |
| 1a7fca63 | 783 | return -EINVAL; |
| 442f730e | 784 | } |
| 1a7fca63 | 785 | key_val->mpls_bos = bos; |
| a577d8f7 BL |
786 | key_mask->mpls_bos = MPLS_BOS_MASK; |
| 787 | } | |
| 788 | if (tb[TCA_FLOWER_KEY_MPLS_TC]) { | |
| 1a7fca63 BL |
789 | u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]); |
| 790 | ||
| 442f730e GN |
791 | if (tc & ~MPLS_TC_MASK) { |
| 792 | NL_SET_ERR_MSG_ATTR(extack, | |
| 793 | tb[TCA_FLOWER_KEY_MPLS_TC], | |
| 794 | "Traffic Class (TC) must be between 0 and 7"); | |
| 1a7fca63 | 795 | return -EINVAL; |
| 442f730e | 796 | } |
| 1a7fca63 | 797 | key_val->mpls_tc = tc; |
| a577d8f7 BL |
798 | key_mask->mpls_tc = MPLS_TC_MASK; |
| 799 | } | |
| 800 | if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) { | |
| 1a7fca63 BL |
801 | u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]); |
| 802 | ||
| 442f730e GN |
803 | if (label & ~MPLS_LABEL_MASK) { |
| 804 | NL_SET_ERR_MSG_ATTR(extack, | |
| 805 | tb[TCA_FLOWER_KEY_MPLS_LABEL], | |
| 806 | "Label must be between 0 and 1048575"); | |
| 1a7fca63 | 807 | return -EINVAL; |
| 442f730e | 808 | } |
| 1a7fca63 | 809 | key_val->mpls_label = label; |
| a577d8f7 BL |
810 | key_mask->mpls_label = MPLS_LABEL_MASK; |
| 811 | } | |
| 1a7fca63 | 812 | return 0; |
| a577d8f7 BL |
813 | } |
| 814 | ||
| 9399ae9a | 815 | static void fl_set_key_vlan(struct nlattr **tb, |
| aaab0834 | 816 | __be16 ethertype, |
| d64efd09 | 817 | int vlan_id_key, int vlan_prio_key, |
| 9399ae9a HHZ |
818 | struct flow_dissector_key_vlan *key_val, |
| 819 | struct flow_dissector_key_vlan *key_mask) | |
| 820 | { | |
| 821 | #define VLAN_PRIORITY_MASK 0x7 | |
| 822 | ||
| d64efd09 | 823 | if (tb[vlan_id_key]) { |
| 9399ae9a | 824 | key_val->vlan_id = |
| d64efd09 | 825 | nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK; |
| 9399ae9a HHZ |
826 | key_mask->vlan_id = VLAN_VID_MASK; |
| 827 | } | |
| d64efd09 | 828 | if (tb[vlan_prio_key]) { |
| 9399ae9a | 829 | key_val->vlan_priority = |
| d64efd09 | 830 | nla_get_u8(tb[vlan_prio_key]) & |
| 9399ae9a HHZ |
831 | VLAN_PRIORITY_MASK; |
| 832 | key_mask->vlan_priority = VLAN_PRIORITY_MASK; | |
| 833 | } | |
| aaab0834 JL |
834 | key_val->vlan_tpid = ethertype; |
| 835 | key_mask->vlan_tpid = cpu_to_be16(~0); | |
| 9399ae9a HHZ |
836 | } |
| 837 | ||
| faa3ffce OG |
838 | static void fl_set_key_flag(u32 flower_key, u32 flower_mask, |
| 839 | u32 *dissector_key, u32 *dissector_mask, | |
| 840 | u32 flower_flag_bit, u32 dissector_flag_bit) | |
| 841 | { | |
| 842 | if (flower_mask & flower_flag_bit) { | |
| 843 | *dissector_mask |= dissector_flag_bit; | |
| 844 | if (flower_key & flower_flag_bit) | |
| 845 | *dissector_key |= dissector_flag_bit; | |
| 846 | } | |
| 847 | } | |
| 848 | ||
| d9724772 OG |
849 | static int fl_set_key_flags(struct nlattr **tb, |
| 850 | u32 *flags_key, u32 *flags_mask) | |
| faa3ffce OG |
851 | { |
| 852 | u32 key, mask; | |
| 853 | ||
| d9724772 OG |
854 | /* mask is mandatory for flags */ |
| 855 | if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) | |
| 856 | return -EINVAL; | |
| faa3ffce OG |
857 | |
| 858 | key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS])); | |
| d9724772 | 859 | mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK])); |
| faa3ffce OG |
860 | |
| 861 | *flags_key = 0; | |
| 862 | *flags_mask = 0; | |
| 863 | ||
| 864 | fl_set_key_flag(key, mask, flags_key, flags_mask, | |
| 865 | TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); | |
| 459d153d PJV |
866 | fl_set_key_flag(key, mask, flags_key, flags_mask, |
| 867 | TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, | |
| 868 | FLOW_DIS_FIRST_FRAG); | |
| d9724772 OG |
869 | |
| 870 | return 0; | |
| faa3ffce OG |
871 | } |
| 872 | ||
| 0e2c17b6 | 873 | static void fl_set_key_ip(struct nlattr **tb, bool encap, |
| 4d80cc0a OG |
874 | struct flow_dissector_key_ip *key, |
| 875 | struct flow_dissector_key_ip *mask) | |
| 876 | { | |
| 0e2c17b6 OG |
877 | int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS; |
| 878 | int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL; | |
| 879 | int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK; | |
| 880 | int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK; | |
| 4d80cc0a | 881 | |
| 0e2c17b6 OG |
882 | fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)); |
| 883 | fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)); | |
| 4d80cc0a OG |
884 | } |
| 885 | ||
| 0a6e7778 PJV |
886 | static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key, |
| 887 | int depth, int option_len, | |
| 888 | struct netlink_ext_ack *extack) | |
| 889 | { | |
| 890 | struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1]; | |
| 891 | struct nlattr *class = NULL, *type = NULL, *data = NULL; | |
| 892 | struct geneve_opt *opt; | |
| 893 | int err, data_len = 0; | |
| 894 | ||
| 895 | if (option_len > sizeof(struct geneve_opt)) | |
| 896 | data_len = option_len - sizeof(struct geneve_opt); | |
| 897 | ||
| 898 | opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len]; | |
| 899 | memset(opt, 0xff, option_len); | |
| 900 | opt->length = data_len / 4; | |
| 901 | opt->r1 = 0; | |
| 902 | opt->r2 = 0; | |
| 903 | opt->r3 = 0; | |
| 904 | ||
| 905 | /* If no mask has been prodived we assume an exact match. */ | |
| 906 | if (!depth) | |
| 907 | return sizeof(struct geneve_opt) + data_len; | |
| 908 | ||
| 909 | if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) { | |
| 910 | NL_SET_ERR_MSG(extack, "Non-geneve option type for mask"); | |
| 911 | return -EINVAL; | |
| 912 | } | |
| 913 | ||
| 8cb08174 JB |
914 | err = nla_parse_nested_deprecated(tb, |
| 915 | TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX, | |
| 916 | nla, geneve_opt_policy, extack); | |
| 0a6e7778 PJV |
917 | if (err < 0) |
| 918 | return err; | |
| 919 | ||
| 920 | /* We are not allowed to omit any of CLASS, TYPE or DATA | |
| 921 | * fields from the key. | |
| 922 | */ | |
| 923 | if (!option_len && | |
| 924 | (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] || | |
| 925 | !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] || | |
| 926 | !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) { | |
| 927 | NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data"); | |
| 928 | return -EINVAL; | |
| 929 | } | |
| 930 | ||
| 931 | /* Omitting any of CLASS, TYPE or DATA fields is allowed | |
| 932 | * for the mask. | |
| 933 | */ | |
| 934 | if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) { | |
| 935 | int new_len = key->enc_opts.len; | |
| 936 | ||
| 937 | data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]; | |
| 938 | data_len = nla_len(data); | |
| 939 | if (data_len < 4) { | |
| 940 | NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long"); | |
| 941 | return -ERANGE; | |
| 942 | } | |
| 943 | if (data_len % 4) { | |
| 944 | NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long"); | |
| 945 | return -ERANGE; | |
| 946 | } | |
| 947 | ||
| 948 | new_len += sizeof(struct geneve_opt) + data_len; | |
| 949 | BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX); | |
| 950 | if (new_len > FLOW_DIS_TUN_OPTS_MAX) { | |
| 951 | NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size"); | |
| 952 | return -ERANGE; | |
| 953 | } | |
| 954 | opt->length = data_len / 4; | |
| 955 | memcpy(opt->opt_data, nla_data(data), data_len); | |
| 956 | } | |
| 957 | ||
| 958 | if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) { | |
| 959 | class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]; | |
| 960 | opt->opt_class = nla_get_be16(class); | |
| 961 | } | |
| 962 | ||
| 963 | if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) { | |
| 964 | type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]; | |
| 965 | opt->type = nla_get_u8(type); | |
| 966 | } | |
| 967 | ||
| 968 | return sizeof(struct geneve_opt) + data_len; | |
| 969 | } | |
| 970 | ||
| d8f9dfae XL |
971 | static int fl_set_vxlan_opt(const struct nlattr *nla, struct fl_flow_key *key, |
| 972 | int depth, int option_len, | |
| 973 | struct netlink_ext_ack *extack) | |
| 974 | { | |
| 975 | struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1]; | |
| 976 | struct vxlan_metadata *md; | |
| 977 | int err; | |
| 978 | ||
| 979 | md = (struct vxlan_metadata *)&key->enc_opts.data[key->enc_opts.len]; | |
| 980 | memset(md, 0xff, sizeof(*md)); | |
| 981 | ||
| 982 | if (!depth) | |
| 983 | return sizeof(*md); | |
| 984 | ||
| 985 | if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_VXLAN) { | |
| 986 | NL_SET_ERR_MSG(extack, "Non-vxlan option type for mask"); | |
| 987 | return -EINVAL; | |
| 988 | } | |
| 989 | ||
| 990 | err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX, nla, | |
| 991 | vxlan_opt_policy, extack); | |
| 992 | if (err < 0) | |
| 993 | return err; | |
| 994 | ||
| 995 | if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]) { | |
| 996 | NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp"); | |
| 997 | return -EINVAL; | |
| 998 | } | |
| 999 | ||
| 1000 | if (tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]) | |
| 1001 | md->gbp = nla_get_u32(tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]); | |
| 1002 | ||
| 1003 | return sizeof(*md); | |
| 1004 | } | |
| 1005 | ||
| 79b1011c XL |
1006 | static int fl_set_erspan_opt(const struct nlattr *nla, struct fl_flow_key *key, |
| 1007 | int depth, int option_len, | |
| 1008 | struct netlink_ext_ack *extack) | |
| 1009 | { | |
| 1010 | struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1]; | |
| 1011 | struct erspan_metadata *md; | |
| 1012 | int err; | |
| 1013 | ||
| 1014 | md = (struct erspan_metadata *)&key->enc_opts.data[key->enc_opts.len]; | |
| 1015 | memset(md, 0xff, sizeof(*md)); | |
| 1016 | md->version = 1; | |
| 1017 | ||
| 1018 | if (!depth) | |
| 1019 | return sizeof(*md); | |
| 1020 | ||
| 1021 | if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_ERSPAN) { | |
| 1022 | NL_SET_ERR_MSG(extack, "Non-erspan option type for mask"); | |
| 1023 | return -EINVAL; | |
| 1024 | } | |
| 1025 | ||
| 1026 | err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX, nla, | |
| 1027 | erspan_opt_policy, extack); | |
| 1028 | if (err < 0) | |
| 1029 | return err; | |
| 1030 | ||
| 1031 | if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]) { | |
| 1032 | NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver"); | |
| 1033 | return -EINVAL; | |
| 1034 | } | |
| 1035 | ||
| 1036 | if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]) | |
| 1037 | md->version = nla_get_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]); | |
| 1038 | ||
| 1039 | if (md->version == 1) { | |
| 1040 | if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) { | |
| 1041 | NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index"); | |
| 1042 | return -EINVAL; | |
| 1043 | } | |
| 1044 | if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) { | |
| 1045 | nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]; | |
| 1046 | md->u.index = nla_get_be32(nla); | |
| 1047 | } | |
| 1048 | } else if (md->version == 2) { | |
| 1049 | if (!option_len && (!tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] || | |
| 1050 | !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID])) { | |
| 1051 | NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid"); | |
| 1052 | return -EINVAL; | |
| 1053 | } | |
| 1054 | if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR]) { | |
| 1055 | nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR]; | |
| 1056 | md->u.md2.dir = nla_get_u8(nla); | |
| 1057 | } | |
| 1058 | if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID]) { | |
| 1059 | nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID]; | |
| 1060 | set_hwid(&md->u.md2, nla_get_u8(nla)); | |
| 1061 | } | |
| 1062 | } else { | |
| 1063 | NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect"); | |
| 1064 | return -EINVAL; | |
| 1065 | } | |
| 1066 | ||
| 1067 | return sizeof(*md); | |
| 1068 | } | |
| 1069 | ||
| 0a6e7778 PJV |
1070 | static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key, |
| 1071 | struct fl_flow_key *mask, | |
| 1072 | struct netlink_ext_ack *extack) | |
| 1073 | { | |
| 1074 | const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL; | |
| 63c82997 JK |
1075 | int err, option_len, key_depth, msk_depth = 0; |
| 1076 | ||
| 8cb08174 JB |
1077 | err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS], |
| 1078 | TCA_FLOWER_KEY_ENC_OPTS_MAX, | |
| 1079 | enc_opts_policy, extack); | |
| 63c82997 JK |
1080 | if (err) |
| 1081 | return err; | |
| 0a6e7778 PJV |
1082 | |
| 1083 | nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]); | |
| 1084 | ||
| 1085 | if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) { | |
| 8cb08174 JB |
1086 | err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK], |
| 1087 | TCA_FLOWER_KEY_ENC_OPTS_MAX, | |
| 1088 | enc_opts_policy, extack); | |
| 63c82997 JK |
1089 | if (err) |
| 1090 | return err; | |
| 1091 | ||
| 0a6e7778 PJV |
1092 | nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]); |
| 1093 | msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]); | |
| 1094 | } | |
| 1095 | ||
| 1096 | nla_for_each_attr(nla_opt_key, nla_enc_key, | |
| 1097 | nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) { | |
| 1098 | switch (nla_type(nla_opt_key)) { | |
| 1099 | case TCA_FLOWER_KEY_ENC_OPTS_GENEVE: | |
| d8f9dfae XL |
1100 | if (key->enc_opts.dst_opt_type && |
| 1101 | key->enc_opts.dst_opt_type != TUNNEL_GENEVE_OPT) { | |
| 1102 | NL_SET_ERR_MSG(extack, "Duplicate type for geneve options"); | |
| 1103 | return -EINVAL; | |
| 1104 | } | |
| 0a6e7778 PJV |
1105 | option_len = 0; |
| 1106 | key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT; | |
| 1107 | option_len = fl_set_geneve_opt(nla_opt_key, key, | |
| 1108 | key_depth, option_len, | |
| 1109 | extack); | |
| 1110 | if (option_len < 0) | |
| 1111 | return option_len; | |
| 1112 | ||
| 1113 | key->enc_opts.len += option_len; | |
| 1114 | /* At the same time we need to parse through the mask | |
| 1115 | * in order to verify exact and mask attribute lengths. | |
| 1116 | */ | |
| 1117 | mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT; | |
| 1118 | option_len = fl_set_geneve_opt(nla_opt_msk, mask, | |
| 1119 | msk_depth, option_len, | |
| 1120 | extack); | |
| 1121 | if (option_len < 0) | |
| 1122 | return option_len; | |
| 1123 | ||
| 1124 | mask->enc_opts.len += option_len; | |
| 1125 | if (key->enc_opts.len != mask->enc_opts.len) { | |
| 1126 | NL_SET_ERR_MSG(extack, "Key and mask miss aligned"); | |
| 1127 | return -EINVAL; | |
| 1128 | } | |
| 1129 | ||
| d8f9dfae XL |
1130 | if (msk_depth) |
| 1131 | nla_opt_msk = nla_next(nla_opt_msk, &msk_depth); | |
| 1132 | break; | |
| 1133 | case TCA_FLOWER_KEY_ENC_OPTS_VXLAN: | |
| 1134 | if (key->enc_opts.dst_opt_type) { | |
| 1135 | NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options"); | |
| 1136 | return -EINVAL; | |
| 1137 | } | |
| 1138 | option_len = 0; | |
| 1139 | key->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT; | |
| 1140 | option_len = fl_set_vxlan_opt(nla_opt_key, key, | |
| 1141 | key_depth, option_len, | |
| 1142 | extack); | |
| 1143 | if (option_len < 0) | |
| 1144 | return option_len; | |
| 1145 | ||
| 1146 | key->enc_opts.len += option_len; | |
| 1147 | /* At the same time we need to parse through the mask | |
| 1148 | * in order to verify exact and mask attribute lengths. | |
| 1149 | */ | |
| 1150 | mask->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT; | |
| 1151 | option_len = fl_set_vxlan_opt(nla_opt_msk, mask, | |
| 1152 | msk_depth, option_len, | |
| 1153 | extack); | |
| 1154 | if (option_len < 0) | |
| 1155 | return option_len; | |
| 1156 | ||
| 1157 | mask->enc_opts.len += option_len; | |
| 1158 | if (key->enc_opts.len != mask->enc_opts.len) { | |
| 1159 | NL_SET_ERR_MSG(extack, "Key and mask miss aligned"); | |
| 1160 | return -EINVAL; | |
| 1161 | } | |
| 1162 | ||
| 79b1011c XL |
1163 | if (msk_depth) |
| 1164 | nla_opt_msk = nla_next(nla_opt_msk, &msk_depth); | |
| 1165 | break; | |
| 1166 | case TCA_FLOWER_KEY_ENC_OPTS_ERSPAN: | |
| 1167 | if (key->enc_opts.dst_opt_type) { | |
| 1168 | NL_SET_ERR_MSG(extack, "Duplicate type for erspan options"); | |
| 1169 | return -EINVAL; | |
| 1170 | } | |
| 1171 | option_len = 0; | |
| 1172 | key->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT; | |
| 1173 | option_len = fl_set_erspan_opt(nla_opt_key, key, | |
| 1174 | key_depth, option_len, | |
| 1175 | extack); | |
| 1176 | if (option_len < 0) | |
| 1177 | return option_len; | |
| 1178 | ||
| 1179 | key->enc_opts.len += option_len; | |
| 1180 | /* At the same time we need to parse through the mask | |
| 1181 | * in order to verify exact and mask attribute lengths. | |
| 1182 | */ | |
| 1183 | mask->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT; | |
| 1184 | option_len = fl_set_erspan_opt(nla_opt_msk, mask, | |
| 1185 | msk_depth, option_len, | |
| 1186 | extack); | |
| 1187 | if (option_len < 0) | |
| 1188 | return option_len; | |
| 1189 | ||
| 1190 | mask->enc_opts.len += option_len; | |
| 1191 | if (key->enc_opts.len != mask->enc_opts.len) { | |
| 1192 | NL_SET_ERR_MSG(extack, "Key and mask miss aligned"); | |
| 1193 | return -EINVAL; | |
| 1194 | } | |
| 1195 | ||
| 0a6e7778 PJV |
1196 | if (msk_depth) |
| 1197 | nla_opt_msk = nla_next(nla_opt_msk, &msk_depth); | |
| 1198 | break; | |
| 1199 | default: | |
| 1200 | NL_SET_ERR_MSG(extack, "Unknown tunnel option type"); | |
| 1201 | return -EINVAL; | |
| 1202 | } | |
| 1203 | } | |
| 1204 | ||
| 1205 | return 0; | |
| 1206 | } | |
| 1207 | ||
| e0ace68a PB |
1208 | static int fl_set_key_ct(struct nlattr **tb, |
| 1209 | struct flow_dissector_key_ct *key, | |
| 1210 | struct flow_dissector_key_ct *mask, | |
| 1211 | struct netlink_ext_ack *extack) | |
| 1212 | { | |
| 1213 | if (tb[TCA_FLOWER_KEY_CT_STATE]) { | |
| 1214 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK)) { | |
| 1215 | NL_SET_ERR_MSG(extack, "Conntrack isn't enabled"); | |
| 1216 | return -EOPNOTSUPP; | |
| 1217 | } | |
| 1218 | fl_set_key_val(tb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE, | |
| 1219 | &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK, | |
| 1220 | sizeof(key->ct_state)); | |
| 1221 | } | |
| 1222 | if (tb[TCA_FLOWER_KEY_CT_ZONE]) { | |
| 1223 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)) { | |
| 1224 | NL_SET_ERR_MSG(extack, "Conntrack zones isn't enabled"); | |
| 1225 | return -EOPNOTSUPP; | |
| 1226 | } | |
| 1227 | fl_set_key_val(tb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE, | |
| 1228 | &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK, | |
| 1229 | sizeof(key->ct_zone)); | |
| 1230 | } | |
| 1231 | if (tb[TCA_FLOWER_KEY_CT_MARK]) { | |
| 1232 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)) { | |
| 1233 | NL_SET_ERR_MSG(extack, "Conntrack mark isn't enabled"); | |
| 1234 | return -EOPNOTSUPP; | |
| 1235 | } | |
| 1236 | fl_set_key_val(tb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK, | |
| 1237 | &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK, | |
| 1238 | sizeof(key->ct_mark)); | |
| 1239 | } | |
| 1240 | if (tb[TCA_FLOWER_KEY_CT_LABELS]) { | |
| 1241 | if (!IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS)) { | |
| 1242 | NL_SET_ERR_MSG(extack, "Conntrack labels aren't enabled"); | |
| 1243 | return -EOPNOTSUPP; | |
| 1244 | } | |
| 1245 | fl_set_key_val(tb, key->ct_labels, TCA_FLOWER_KEY_CT_LABELS, | |
| 1246 | mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK, | |
| 1247 | sizeof(key->ct_labels)); | |
| 1248 | } | |
| 1249 | ||
| 1250 | return 0; | |
| 1251 | } | |
| 1252 | ||
| 77b9900e | 1253 | static int fl_set_key(struct net *net, struct nlattr **tb, |
| 1057c55f AA |
1254 | struct fl_flow_key *key, struct fl_flow_key *mask, |
| 1255 | struct netlink_ext_ack *extack) | |
| 77b9900e | 1256 | { |
| 9399ae9a | 1257 | __be16 ethertype; |
| d9724772 | 1258 | int ret = 0; |
| a5148626 | 1259 | |
| 77b9900e | 1260 | if (tb[TCA_FLOWER_INDEV]) { |
| 1057c55f | 1261 | int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack); |
| 77b9900e JP |
1262 | if (err < 0) |
| 1263 | return err; | |
| 8212ed77 JP |
1264 | key->meta.ingress_ifindex = err; |
| 1265 | mask->meta.ingress_ifindex = 0xffffffff; | |
| 77b9900e JP |
1266 | } |
| 1267 | ||
| 1268 | fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, | |
| 1269 | mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, | |
| 1270 | sizeof(key->eth.dst)); | |
| 1271 | fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, | |
| 1272 | mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, | |
| 1273 | sizeof(key->eth.src)); | |
| 66530bdf | 1274 | |
| 0b498a52 | 1275 | if (tb[TCA_FLOWER_KEY_ETH_TYPE]) { |
| 9399ae9a HHZ |
1276 | ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]); |
| 1277 | ||
| aaab0834 | 1278 | if (eth_type_vlan(ethertype)) { |
| d64efd09 JL |
1279 | fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID, |
| 1280 | TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, | |
| 1281 | &mask->vlan); | |
| 1282 | ||
| 5e9a0fe4 JL |
1283 | if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) { |
| 1284 | ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]); | |
| 1285 | if (eth_type_vlan(ethertype)) { | |
| 1286 | fl_set_key_vlan(tb, ethertype, | |
| 1287 | TCA_FLOWER_KEY_CVLAN_ID, | |
| 1288 | TCA_FLOWER_KEY_CVLAN_PRIO, | |
| 1289 | &key->cvlan, &mask->cvlan); | |
| 1290 | fl_set_key_val(tb, &key->basic.n_proto, | |
| 1291 | TCA_FLOWER_KEY_CVLAN_ETH_TYPE, | |
| 1292 | &mask->basic.n_proto, | |
| 1293 | TCA_FLOWER_UNSPEC, | |
| 1294 | sizeof(key->basic.n_proto)); | |
| 1295 | } else { | |
| 1296 | key->basic.n_proto = ethertype; | |
| 1297 | mask->basic.n_proto = cpu_to_be16(~0); | |
| 1298 | } | |
| d64efd09 | 1299 | } |
| 0b498a52 AB |
1300 | } else { |
| 1301 | key->basic.n_proto = ethertype; | |
| 1302 | mask->basic.n_proto = cpu_to_be16(~0); | |
| 1303 | } | |
| 9399ae9a | 1304 | } |
| 66530bdf | 1305 | |
| 77b9900e JP |
1306 | if (key->basic.n_proto == htons(ETH_P_IP) || |
| 1307 | key->basic.n_proto == htons(ETH_P_IPV6)) { | |
| 1308 | fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, | |
| 1309 | &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, | |
| 1310 | sizeof(key->basic.ip_proto)); | |
| 0e2c17b6 | 1311 | fl_set_key_ip(tb, false, &key->ip, &mask->ip); |
| 77b9900e | 1312 | } |
| 66530bdf JHS |
1313 | |
| 1314 | if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) { | |
| 1315 | key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; | |
| 970bfcd0 | 1316 | mask->control.addr_type = ~0; |
| 77b9900e JP |
1317 | fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, |
| 1318 | &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, | |
| 1319 | sizeof(key->ipv4.src)); | |
| 1320 | fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, | |
| 1321 | &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, | |
| 1322 | sizeof(key->ipv4.dst)); | |
| 66530bdf JHS |
1323 | } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) { |
| 1324 | key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; | |
| 970bfcd0 | 1325 | mask->control.addr_type = ~0; |
| 77b9900e JP |
1326 | fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, |
| 1327 | &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, | |
| 1328 | sizeof(key->ipv6.src)); | |
| 1329 | fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, | |
| 1330 | &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, | |
| 1331 | sizeof(key->ipv6.dst)); | |
| 1332 | } | |
| 66530bdf | 1333 | |
| 77b9900e JP |
1334 | if (key->basic.ip_proto == IPPROTO_TCP) { |
| 1335 | fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, | |
| aa72d708 | 1336 | &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, |
| 77b9900e JP |
1337 | sizeof(key->tp.src)); |
| 1338 | fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, | |
| aa72d708 | 1339 | &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, |
| 77b9900e | 1340 | sizeof(key->tp.dst)); |
| fdfc7dd6 JP |
1341 | fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, |
| 1342 | &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, | |
| 1343 | sizeof(key->tcp.flags)); | |
| 77b9900e JP |
1344 | } else if (key->basic.ip_proto == IPPROTO_UDP) { |
| 1345 | fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, | |
| aa72d708 | 1346 | &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, |
| 77b9900e JP |
1347 | sizeof(key->tp.src)); |
| 1348 | fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, | |
| aa72d708 | 1349 | &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, |
| 77b9900e | 1350 | sizeof(key->tp.dst)); |
| 5976c5f4 SH |
1351 | } else if (key->basic.ip_proto == IPPROTO_SCTP) { |
| 1352 | fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, | |
| 1353 | &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, | |
| 1354 | sizeof(key->tp.src)); | |
| 1355 | fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, | |
| 1356 | &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, | |
| 1357 | sizeof(key->tp.dst)); | |
| 7b684884 SH |
1358 | } else if (key->basic.n_proto == htons(ETH_P_IP) && |
| 1359 | key->basic.ip_proto == IPPROTO_ICMP) { | |
| 1360 | fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE, | |
| 1361 | &mask->icmp.type, | |
| 1362 | TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, | |
| 1363 | sizeof(key->icmp.type)); | |
| 1364 | fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE, | |
| 1365 | &mask->icmp.code, | |
| 1366 | TCA_FLOWER_KEY_ICMPV4_CODE_MASK, | |
| 1367 | sizeof(key->icmp.code)); | |
| 1368 | } else if (key->basic.n_proto == htons(ETH_P_IPV6) && | |
| 1369 | key->basic.ip_proto == IPPROTO_ICMPV6) { | |
| 1370 | fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE, | |
| 1371 | &mask->icmp.type, | |
| 1372 | TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, | |
| 1373 | sizeof(key->icmp.type)); | |
| 040587af | 1374 | fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE, |
| 7b684884 | 1375 | &mask->icmp.code, |
| 040587af | 1376 | TCA_FLOWER_KEY_ICMPV6_CODE_MASK, |
| 7b684884 | 1377 | sizeof(key->icmp.code)); |
| a577d8f7 BL |
1378 | } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) || |
| 1379 | key->basic.n_proto == htons(ETH_P_MPLS_MC)) { | |
| 442f730e | 1380 | ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls, extack); |
| 1a7fca63 BL |
1381 | if (ret) |
| 1382 | return ret; | |
| 99d31326 SH |
1383 | } else if (key->basic.n_proto == htons(ETH_P_ARP) || |
| 1384 | key->basic.n_proto == htons(ETH_P_RARP)) { | |
| 1385 | fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP, | |
| 1386 | &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK, | |
| 1387 | sizeof(key->arp.sip)); | |
| 1388 | fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP, | |
| 1389 | &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK, | |
| 1390 | sizeof(key->arp.tip)); | |
| 1391 | fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP, | |
| 1392 | &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK, | |
| 1393 | sizeof(key->arp.op)); | |
| 1394 | fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, | |
| 1395 | mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, | |
| 1396 | sizeof(key->arp.sha)); | |
| 1397 | fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, | |
| 1398 | mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, | |
| 1399 | sizeof(key->arp.tha)); | |
| 77b9900e JP |
1400 | } |
| 1401 | ||
| 5c72299f AN |
1402 | if (key->basic.ip_proto == IPPROTO_TCP || |
| 1403 | key->basic.ip_proto == IPPROTO_UDP || | |
| 1404 | key->basic.ip_proto == IPPROTO_SCTP) { | |
| 1405 | ret = fl_set_key_port_range(tb, key, mask); | |
| 1406 | if (ret) | |
| 1407 | return ret; | |
| 1408 | } | |
| 1409 | ||
| bc3103f1 AV |
1410 | if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] || |
| 1411 | tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) { | |
| 1412 | key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; | |
| 970bfcd0 | 1413 | mask->enc_control.addr_type = ~0; |
| bc3103f1 AV |
1414 | fl_set_key_val(tb, &key->enc_ipv4.src, |
| 1415 | TCA_FLOWER_KEY_ENC_IPV4_SRC, | |
| 1416 | &mask->enc_ipv4.src, | |
| 1417 | TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, | |
| 1418 | sizeof(key->enc_ipv4.src)); | |
| 1419 | fl_set_key_val(tb, &key->enc_ipv4.dst, | |
| 1420 | TCA_FLOWER_KEY_ENC_IPV4_DST, | |
| 1421 | &mask->enc_ipv4.dst, | |
| 1422 | TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, | |
| 1423 | sizeof(key->enc_ipv4.dst)); | |
| 1424 | } | |
| 1425 | ||
| 1426 | if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] || | |
| 1427 | tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) { | |
| 1428 | key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; | |
| 970bfcd0 | 1429 | mask->enc_control.addr_type = ~0; |
| bc3103f1 AV |
1430 | fl_set_key_val(tb, &key->enc_ipv6.src, |
| 1431 | TCA_FLOWER_KEY_ENC_IPV6_SRC, | |
| 1432 | &mask->enc_ipv6.src, | |
| 1433 | TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, | |
| 1434 | sizeof(key->enc_ipv6.src)); | |
| 1435 | fl_set_key_val(tb, &key->enc_ipv6.dst, | |
| 1436 | TCA_FLOWER_KEY_ENC_IPV6_DST, | |
| 1437 | &mask->enc_ipv6.dst, | |
| 1438 | TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, | |
| 1439 | sizeof(key->enc_ipv6.dst)); | |
| 1440 | } | |
| 1441 | ||
| 1442 | fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID, | |
| eb523f42 | 1443 | &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC, |
| bc3103f1 AV |
1444 | sizeof(key->enc_key_id.keyid)); |
| 1445 | ||
| f4d997fd HHZ |
1446 | fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, |
| 1447 | &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, | |
| 1448 | sizeof(key->enc_tp.src)); | |
| 1449 | ||
| 1450 | fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, | |
| 1451 | &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, | |
| 1452 | sizeof(key->enc_tp.dst)); | |
| 1453 | ||
| 0e2c17b6 OG |
1454 | fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip); |
| 1455 | ||
| 0a6e7778 PJV |
1456 | if (tb[TCA_FLOWER_KEY_ENC_OPTS]) { |
| 1457 | ret = fl_set_enc_opt(tb, key, mask, extack); | |
| 1458 | if (ret) | |
| 1459 | return ret; | |
| 1460 | } | |
| 1461 | ||
| e0ace68a PB |
1462 | ret = fl_set_key_ct(tb, &key->ct, &mask->ct, extack); |
| 1463 | if (ret) | |
| 1464 | return ret; | |
| 1465 | ||
| d9724772 OG |
1466 | if (tb[TCA_FLOWER_KEY_FLAGS]) |
| 1467 | ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags); | |
| faa3ffce | 1468 | |
| d9724772 | 1469 | return ret; |
| 77b9900e JP |
1470 | } |
| 1471 | ||
| 05cd271f PB |
1472 | static void fl_mask_copy(struct fl_flow_mask *dst, |
| 1473 | struct fl_flow_mask *src) | |
| 77b9900e | 1474 | { |
| 05cd271f PB |
1475 | const void *psrc = fl_key_get_start(&src->key, src); |
| 1476 | void *pdst = fl_key_get_start(&dst->key, src); | |
| 77b9900e | 1477 | |
| 05cd271f PB |
1478 | memcpy(pdst, psrc, fl_mask_range(src)); |
| 1479 | dst->range = src->range; | |
| 77b9900e JP |
1480 | } |
| 1481 | ||
| 1482 | static const struct rhashtable_params fl_ht_params = { | |
| 1483 | .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */ | |
| 1484 | .head_offset = offsetof(struct cls_fl_filter, ht_node), | |
| 1485 | .automatic_shrinking = true, | |
| 1486 | }; | |
| 1487 | ||
| 05cd271f | 1488 | static int fl_init_mask_hashtable(struct fl_flow_mask *mask) |
| 77b9900e | 1489 | { |
| 05cd271f PB |
1490 | mask->filter_ht_params = fl_ht_params; |
| 1491 | mask->filter_ht_params.key_len = fl_mask_range(mask); | |
| 1492 | mask->filter_ht_params.key_offset += mask->range.start; | |
| 77b9900e | 1493 | |
| 05cd271f | 1494 | return rhashtable_init(&mask->ht, &mask->filter_ht_params); |
| 77b9900e JP |
1495 | } |
| 1496 | ||
| 1497 | #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member) | |
| c593642c | 1498 | #define FL_KEY_MEMBER_SIZE(member) sizeof_field(struct fl_flow_key, member) |
| 77b9900e | 1499 | |
| 339ba878 HHZ |
1500 | #define FL_KEY_IS_MASKED(mask, member) \ |
| 1501 | memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \ | |
| 1502 | 0, FL_KEY_MEMBER_SIZE(member)) \ | |
| 77b9900e JP |
1503 | |
| 1504 | #define FL_KEY_SET(keys, cnt, id, member) \ | |
| 1505 | do { \ | |
| 1506 | keys[cnt].key_id = id; \ | |
| 1507 | keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \ | |
| 1508 | cnt++; \ | |
| 1509 | } while(0); | |
| 1510 | ||
| 339ba878 | 1511 | #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \ |
| 77b9900e | 1512 | do { \ |
| 339ba878 | 1513 | if (FL_KEY_IS_MASKED(mask, member)) \ |
| 77b9900e JP |
1514 | FL_KEY_SET(keys, cnt, id, member); \ |
| 1515 | } while(0); | |
| 1516 | ||
| 33fb5cba JP |
1517 | static void fl_init_dissector(struct flow_dissector *dissector, |
| 1518 | struct fl_flow_key *mask) | |
| 77b9900e JP |
1519 | { |
| 1520 | struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX]; | |
| 1521 | size_t cnt = 0; | |
| 1522 | ||
| 8212ed77 JP |
1523 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 1524 | FLOW_DISSECTOR_KEY_META, meta); | |
| 42aecaa9 | 1525 | FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control); |
| 77b9900e | 1526 | FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic); |
| 33fb5cba | 1527 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 339ba878 | 1528 | FLOW_DISSECTOR_KEY_ETH_ADDRS, eth); |
| 33fb5cba | 1529 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 339ba878 | 1530 | FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4); |
| 33fb5cba | 1531 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 339ba878 | 1532 | FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6); |
| 8ffb055b YK |
1533 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 1534 | FLOW_DISSECTOR_KEY_PORTS, tp); | |
| 1535 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, | |
| 1536 | FLOW_DISSECTOR_KEY_PORTS_RANGE, tp_range); | |
| 33fb5cba | 1537 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 4d80cc0a | 1538 | FLOW_DISSECTOR_KEY_IP, ip); |
| 33fb5cba | 1539 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| fdfc7dd6 | 1540 | FLOW_DISSECTOR_KEY_TCP, tcp); |
| 33fb5cba | 1541 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 7b684884 | 1542 | FLOW_DISSECTOR_KEY_ICMP, icmp); |
| 33fb5cba | 1543 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 99d31326 | 1544 | FLOW_DISSECTOR_KEY_ARP, arp); |
| 33fb5cba | 1545 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| a577d8f7 | 1546 | FLOW_DISSECTOR_KEY_MPLS, mpls); |
| 33fb5cba | 1547 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 9399ae9a | 1548 | FLOW_DISSECTOR_KEY_VLAN, vlan); |
| 33fb5cba | 1549 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| d64efd09 | 1550 | FLOW_DISSECTOR_KEY_CVLAN, cvlan); |
| 33fb5cba | 1551 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 519d1052 | 1552 | FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id); |
| 33fb5cba | 1553 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 519d1052 | 1554 | FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4); |
| 33fb5cba | 1555 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 519d1052 | 1556 | FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6); |
| 33fb5cba JP |
1557 | if (FL_KEY_IS_MASKED(mask, enc_ipv4) || |
| 1558 | FL_KEY_IS_MASKED(mask, enc_ipv6)) | |
| 519d1052 HHZ |
1559 | FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL, |
| 1560 | enc_control); | |
| 33fb5cba | 1561 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| f4d997fd | 1562 | FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp); |
| 33fb5cba | 1563 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 0e2c17b6 | 1564 | FLOW_DISSECTOR_KEY_ENC_IP, enc_ip); |
| 0a6e7778 PJV |
1565 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 1566 | FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts); | |
| e0ace68a PB |
1567 | FL_KEY_SET_IF_MASKED(mask, keys, cnt, |
| 1568 | FLOW_DISSECTOR_KEY_CT, ct); | |
| 77b9900e | 1569 | |
| 33fb5cba | 1570 | skb_flow_dissector_init(dissector, keys, cnt); |
| 05cd271f PB |
1571 | } |
| 1572 | ||
| 1573 | static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head, | |
| 1574 | struct fl_flow_mask *mask) | |
| 1575 | { | |
| 1576 | struct fl_flow_mask *newmask; | |
| 1577 | int err; | |
| 1578 | ||
| 1579 | newmask = kzalloc(sizeof(*newmask), GFP_KERNEL); | |
| 1580 | if (!newmask) | |
| 1581 | return ERR_PTR(-ENOMEM); | |
| 1582 | ||
| 1583 | fl_mask_copy(newmask, mask); | |
| 1584 | ||
| 8ffb055b YK |
1585 | if ((newmask->key.tp_range.tp_min.dst && |
| 1586 | newmask->key.tp_range.tp_max.dst) || | |
| 1587 | (newmask->key.tp_range.tp_min.src && | |
| 1588 | newmask->key.tp_range.tp_max.src)) | |
| 5c72299f AN |
1589 | newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE; |
| 1590 | ||
| 05cd271f PB |
1591 | err = fl_init_mask_hashtable(newmask); |
| 1592 | if (err) | |
| 1593 | goto errout_free; | |
| 1594 | ||
| 33fb5cba | 1595 | fl_init_dissector(&newmask->dissector, &newmask->key); |
| 05cd271f PB |
1596 | |
| 1597 | INIT_LIST_HEAD_RCU(&newmask->filters); | |
| 1598 | ||
| f48ef4d5 | 1599 | refcount_set(&newmask->refcnt, 1); |
| 195c234d VB |
1600 | err = rhashtable_replace_fast(&head->ht, &mask->ht_node, |
| 1601 | &newmask->ht_node, mask_ht_params); | |
| 05cd271f PB |
1602 | if (err) |
| 1603 | goto errout_destroy; | |
| 1604 | ||
| 259e60f9 | 1605 | spin_lock(&head->masks_lock); |
| 05cd271f | 1606 | list_add_tail_rcu(&newmask->list, &head->masks); |
| 259e60f9 | 1607 | spin_unlock(&head->masks_lock); |
| 05cd271f PB |
1608 | |
| 1609 | return newmask; | |
| 1610 | ||
| 1611 | errout_destroy: | |
| 1612 | rhashtable_destroy(&newmask->ht); | |
| 1613 | errout_free: | |
| 1614 | kfree(newmask); | |
| 1615 | ||
| 1616 | return ERR_PTR(err); | |
| 77b9900e JP |
1617 | } |
| 1618 | ||
| 1619 | static int fl_check_assign_mask(struct cls_fl_head *head, | |
| 05cd271f PB |
1620 | struct cls_fl_filter *fnew, |
| 1621 | struct cls_fl_filter *fold, | |
| 77b9900e JP |
1622 | struct fl_flow_mask *mask) |
| 1623 | { | |
| 05cd271f | 1624 | struct fl_flow_mask *newmask; |
| f48ef4d5 | 1625 | int ret = 0; |
| 77b9900e | 1626 | |
| f48ef4d5 | 1627 | rcu_read_lock(); |
| 195c234d VB |
1628 | |
| 1629 | /* Insert mask as temporary node to prevent concurrent creation of mask | |
| 1630 | * with same key. Any concurrent lookups with same key will return | |
| 99815f50 | 1631 | * -EAGAIN because mask's refcnt is zero. |
| 195c234d VB |
1632 | */ |
| 1633 | fnew->mask = rhashtable_lookup_get_insert_fast(&head->ht, | |
| 1634 | &mask->ht_node, | |
| 1635 | mask_ht_params); | |
| 05cd271f | 1636 | if (!fnew->mask) { |
| f48ef4d5 VB |
1637 | rcu_read_unlock(); |
| 1638 | ||
| 195c234d VB |
1639 | if (fold) { |
| 1640 | ret = -EINVAL; | |
| 1641 | goto errout_cleanup; | |
| 1642 | } | |
| 77b9900e | 1643 | |
| 05cd271f | 1644 | newmask = fl_create_new_mask(head, mask); |
| 195c234d VB |
1645 | if (IS_ERR(newmask)) { |
| 1646 | ret = PTR_ERR(newmask); | |
| 1647 | goto errout_cleanup; | |
| 1648 | } | |
| 77b9900e | 1649 | |
| 05cd271f | 1650 | fnew->mask = newmask; |
| f48ef4d5 | 1651 | return 0; |
| 195c234d VB |
1652 | } else if (IS_ERR(fnew->mask)) { |
| 1653 | ret = PTR_ERR(fnew->mask); | |
| f6521c58 | 1654 | } else if (fold && fold->mask != fnew->mask) { |
| f48ef4d5 VB |
1655 | ret = -EINVAL; |
| 1656 | } else if (!refcount_inc_not_zero(&fnew->mask->refcnt)) { | |
| 1657 | /* Mask was deleted concurrently, try again */ | |
| 1658 | ret = -EAGAIN; | |
| 05cd271f | 1659 | } |
| f48ef4d5 VB |
1660 | rcu_read_unlock(); |
| 1661 | return ret; | |
| 195c234d VB |
1662 | |
| 1663 | errout_cleanup: | |
| 1664 | rhashtable_remove_fast(&head->ht, &mask->ht_node, | |
| 1665 | mask_ht_params); | |
| 195c234d | 1666 | return ret; |
| 77b9900e JP |
1667 | } |
| 1668 | ||
| 1669 | static int fl_set_parms(struct net *net, struct tcf_proto *tp, | |
| 1670 | struct cls_fl_filter *f, struct fl_flow_mask *mask, | |
| 1671 | unsigned long base, struct nlattr **tb, | |
| 50a56190 | 1672 | struct nlattr *est, bool ovr, |
| c24e43d8 | 1673 | struct fl_flow_tmplt *tmplt, bool rtnl_held, |
| 50a56190 | 1674 | struct netlink_ext_ack *extack) |
| 77b9900e | 1675 | { |
| 77b9900e JP |
1676 | int err; |
| 1677 | ||
| c24e43d8 | 1678 | err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, rtnl_held, |
| ec6743a1 | 1679 | extack); |
| 77b9900e JP |
1680 | if (err < 0) |
| 1681 | return err; | |
| 1682 | ||
| 1683 | if (tb[TCA_FLOWER_CLASSID]) { | |
| 1684 | f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]); | |
| c24e43d8 VB |
1685 | if (!rtnl_held) |
| 1686 | rtnl_lock(); | |
| 77b9900e | 1687 | tcf_bind_filter(tp, &f->res, base); |
| c24e43d8 VB |
1688 | if (!rtnl_held) |
| 1689 | rtnl_unlock(); | |
| 77b9900e JP |
1690 | } |
| 1691 | ||
| 1057c55f | 1692 | err = fl_set_key(net, tb, &f->key, &mask->key, extack); |
| 77b9900e | 1693 | if (err) |
| 45507529 | 1694 | return err; |
| 77b9900e JP |
1695 | |
| 1696 | fl_mask_update_range(mask); | |
| 1697 | fl_set_masked_key(&f->mkey, &f->key, mask); | |
| 1698 | ||
| b95ec7eb JP |
1699 | if (!fl_mask_fits_tmplt(tmplt, mask)) { |
| 1700 | NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template"); | |
| 1701 | return -EINVAL; | |
| 1702 | } | |
| 1703 | ||
| 77b9900e | 1704 | return 0; |
| 77b9900e JP |
1705 | } |
| 1706 | ||
| 1f17f774 VB |
1707 | static int fl_ht_insert_unique(struct cls_fl_filter *fnew, |
| 1708 | struct cls_fl_filter *fold, | |
| 1709 | bool *in_ht) | |
| 1710 | { | |
| 1711 | struct fl_flow_mask *mask = fnew->mask; | |
| 1712 | int err; | |
| 1713 | ||
| 9e35552a VB |
1714 | err = rhashtable_lookup_insert_fast(&mask->ht, |
| 1715 | &fnew->ht_node, | |
| 1716 | mask->filter_ht_params); | |
| 1f17f774 VB |
1717 | if (err) { |
| 1718 | *in_ht = false; | |
| 1719 | /* It is okay if filter with same key exists when | |
| 1720 | * overwriting. | |
| 1721 | */ | |
| 1722 | return fold && err == -EEXIST ? 0 : err; | |
| 1723 | } | |
| 1724 | ||
| 1725 | *in_ht = true; | |
| 1726 | return 0; | |
| 1727 | } | |
| 1728 | ||
| 77b9900e JP |
1729 | static int fl_change(struct net *net, struct sk_buff *in_skb, |
| 1730 | struct tcf_proto *tp, unsigned long base, | |
| 1731 | u32 handle, struct nlattr **tca, | |
| 12db03b6 VB |
1732 | void **arg, bool ovr, bool rtnl_held, |
| 1733 | struct netlink_ext_ack *extack) | |
| 77b9900e | 1734 | { |
| e474619a | 1735 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 8113c095 | 1736 | struct cls_fl_filter *fold = *arg; |
| 77b9900e | 1737 | struct cls_fl_filter *fnew; |
| 2cddd201 | 1738 | struct fl_flow_mask *mask; |
| 39b7b6a6 | 1739 | struct nlattr **tb; |
| 1f17f774 | 1740 | bool in_ht; |
| 77b9900e JP |
1741 | int err; |
| 1742 | ||
| 06177558 VB |
1743 | if (!tca[TCA_OPTIONS]) { |
| 1744 | err = -EINVAL; | |
| 1745 | goto errout_fold; | |
| 1746 | } | |
| 77b9900e | 1747 | |
| 2cddd201 | 1748 | mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL); |
| 06177558 VB |
1749 | if (!mask) { |
| 1750 | err = -ENOBUFS; | |
| 1751 | goto errout_fold; | |
| 1752 | } | |
| 39b7b6a6 | 1753 | |
| 2cddd201 IV |
1754 | tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL); |
| 1755 | if (!tb) { | |
| 1756 | err = -ENOBUFS; | |
| 1757 | goto errout_mask_alloc; | |
| 1758 | } | |
| 1759 | ||
| 8cb08174 JB |
1760 | err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX, |
| 1761 | tca[TCA_OPTIONS], fl_policy, NULL); | |
| 77b9900e | 1762 | if (err < 0) |
| 39b7b6a6 | 1763 | goto errout_tb; |
| 77b9900e | 1764 | |
| 39b7b6a6 AB |
1765 | if (fold && handle && fold->handle != handle) { |
| 1766 | err = -EINVAL; | |
| 1767 | goto errout_tb; | |
| 1768 | } | |
| 77b9900e JP |
1769 | |
| 1770 | fnew = kzalloc(sizeof(*fnew), GFP_KERNEL); | |
| 39b7b6a6 AB |
1771 | if (!fnew) { |
| 1772 | err = -ENOBUFS; | |
| 1773 | goto errout_tb; | |
| 1774 | } | |
| c049d56e | 1775 | INIT_LIST_HEAD(&fnew->hw_list); |
| 06177558 | 1776 | refcount_set(&fnew->refcnt, 1); |
| 77b9900e | 1777 | |
| 14215108 | 1778 | err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0); |
| b9a24bb7 WC |
1779 | if (err < 0) |
| 1780 | goto errout; | |
| 77b9900e | 1781 | |
| e69985c6 AV |
1782 | if (tb[TCA_FLOWER_FLAGS]) { |
| 1783 | fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]); | |
| 1784 | ||
| 1785 | if (!tc_flags_valid(fnew->flags)) { | |
| 1786 | err = -EINVAL; | |
| ecb3dea4 | 1787 | goto errout; |
| e69985c6 AV |
1788 | } |
| 1789 | } | |
| 5b33f488 | 1790 | |
| 2cddd201 | 1791 | err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr, |
| c24e43d8 | 1792 | tp->chain->tmplt_priv, rtnl_held, extack); |
| 77b9900e | 1793 | if (err) |
| ecb3dea4 | 1794 | goto errout; |
| 77b9900e | 1795 | |
| 2cddd201 | 1796 | err = fl_check_assign_mask(head, fnew, fold, mask); |
| 77b9900e | 1797 | if (err) |
| ecb3dea4 VB |
1798 | goto errout; |
| 1799 | ||
| 1f17f774 VB |
1800 | err = fl_ht_insert_unique(fnew, fold, &in_ht); |
| 1801 | if (err) | |
| 1802 | goto errout_mask; | |
| 1803 | ||
| 79685219 | 1804 | if (!tc_skip_hw(fnew->flags)) { |
| c24e43d8 | 1805 | err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack); |
| 79685219 | 1806 | if (err) |
| 1f17f774 | 1807 | goto errout_ht; |
| 79685219 | 1808 | } |
| 5b33f488 | 1809 | |
| 55593960 OG |
1810 | if (!tc_in_hw(fnew->flags)) |
| 1811 | fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW; | |
| 1812 | ||
| 3d81e711 VB |
1813 | spin_lock(&tp->lock); |
| 1814 | ||
| 272ffaad VB |
1815 | /* tp was deleted concurrently. -EAGAIN will cause caller to lookup |
| 1816 | * proto again or create new one, if necessary. | |
| 1817 | */ | |
| 1818 | if (tp->deleting) { | |
| 1819 | err = -EAGAIN; | |
| 1820 | goto errout_hw; | |
| 1821 | } | |
| 1822 | ||
| 5b33f488 | 1823 | if (fold) { |
| b2552b8c VB |
1824 | /* Fold filter was deleted concurrently. Retry lookup. */ |
| 1825 | if (fold->deleted) { | |
| 1826 | err = -EAGAIN; | |
| 1827 | goto errout_hw; | |
| 1828 | } | |
| 1829 | ||
| 620da486 VB |
1830 | fnew->handle = handle; |
| 1831 | ||
| 1f17f774 VB |
1832 | if (!in_ht) { |
| 1833 | struct rhashtable_params params = | |
| 1834 | fnew->mask->filter_ht_params; | |
| 1835 | ||
| 1836 | err = rhashtable_insert_fast(&fnew->mask->ht, | |
| 1837 | &fnew->ht_node, | |
| 1838 | params); | |
| 1839 | if (err) | |
| 1840 | goto errout_hw; | |
| 1841 | in_ht = true; | |
| 1842 | } | |
| 620da486 | 1843 | |
| c049d56e | 1844 | refcount_inc(&fnew->refcnt); |
| 599d2570 RD |
1845 | rhashtable_remove_fast(&fold->mask->ht, |
| 1846 | &fold->ht_node, | |
| 1847 | fold->mask->filter_ht_params); | |
| 234a4624 | 1848 | idr_replace(&head->handle_idr, fnew, fnew->handle); |
| ff3532f2 | 1849 | list_replace_rcu(&fold->list, &fnew->list); |
| b2552b8c | 1850 | fold->deleted = true; |
| 620da486 | 1851 | |
| 3d81e711 VB |
1852 | spin_unlock(&tp->lock); |
| 1853 | ||
| 9994677c | 1854 | fl_mask_put(head, fold->mask); |
| 620da486 | 1855 | if (!tc_skip_hw(fold->flags)) |
| c24e43d8 | 1856 | fl_hw_destroy_filter(tp, fold, rtnl_held, NULL); |
| 77b9900e | 1857 | tcf_unbind_filter(tp, &fold->res); |
| 06177558 VB |
1858 | /* Caller holds reference to fold, so refcnt is always > 0 |
| 1859 | * after this. | |
| 1860 | */ | |
| 1861 | refcount_dec(&fold->refcnt); | |
| 1862 | __fl_put(fold); | |
| 77b9900e | 1863 | } else { |
| 620da486 VB |
1864 | if (handle) { |
| 1865 | /* user specifies a handle and it doesn't exist */ | |
| 1866 | err = idr_alloc_u32(&head->handle_idr, fnew, &handle, | |
| 1867 | handle, GFP_ATOMIC); | |
| 9a2d9389 VB |
1868 | |
| 1869 | /* Filter with specified handle was concurrently | |
| 1870 | * inserted after initial check in cls_api. This is not | |
| 1871 | * necessarily an error if NLM_F_EXCL is not set in | |
| 1872 | * message flags. Returning EAGAIN will cause cls_api to | |
| 1873 | * try to update concurrently inserted rule. | |
| 1874 | */ | |
| 1875 | if (err == -ENOSPC) | |
| 1876 | err = -EAGAIN; | |
| 620da486 VB |
1877 | } else { |
| 1878 | handle = 1; | |
| 1879 | err = idr_alloc_u32(&head->handle_idr, fnew, &handle, | |
| 1880 | INT_MAX, GFP_ATOMIC); | |
| 1881 | } | |
| 1882 | if (err) | |
| 1883 | goto errout_hw; | |
| 1884 | ||
| c049d56e | 1885 | refcount_inc(&fnew->refcnt); |
| 620da486 | 1886 | fnew->handle = handle; |
| 05cd271f | 1887 | list_add_tail_rcu(&fnew->list, &fnew->mask->filters); |
| 3d81e711 | 1888 | spin_unlock(&tp->lock); |
| 77b9900e JP |
1889 | } |
| 1890 | ||
| 620da486 VB |
1891 | *arg = fnew; |
| 1892 | ||
| 39b7b6a6 | 1893 | kfree(tb); |
| 99815f50 | 1894 | tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work); |
| 77b9900e JP |
1895 | return 0; |
| 1896 | ||
| c049d56e VB |
1897 | errout_ht: |
| 1898 | spin_lock(&tp->lock); | |
| 620da486 | 1899 | errout_hw: |
| c049d56e | 1900 | fnew->deleted = true; |
| 3d81e711 | 1901 | spin_unlock(&tp->lock); |
| 620da486 | 1902 | if (!tc_skip_hw(fnew->flags)) |
| c24e43d8 | 1903 | fl_hw_destroy_filter(tp, fnew, rtnl_held, NULL); |
| 1f17f774 VB |
1904 | if (in_ht) |
| 1905 | rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node, | |
| 1906 | fnew->mask->filter_ht_params); | |
| ecb3dea4 | 1907 | errout_mask: |
| 9994677c | 1908 | fl_mask_put(head, fnew->mask); |
| 77b9900e | 1909 | errout: |
| c049d56e | 1910 | __fl_put(fnew); |
| 39b7b6a6 AB |
1911 | errout_tb: |
| 1912 | kfree(tb); | |
| 2cddd201 | 1913 | errout_mask_alloc: |
| 99815f50 | 1914 | tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work); |
| 06177558 VB |
1915 | errout_fold: |
| 1916 | if (fold) | |
| 1917 | __fl_put(fold); | |
| 77b9900e JP |
1918 | return err; |
| 1919 | } | |
| 1920 | ||
| 571acf21 | 1921 | static int fl_delete(struct tcf_proto *tp, void *arg, bool *last, |
| 12db03b6 | 1922 | bool rtnl_held, struct netlink_ext_ack *extack) |
| 77b9900e | 1923 | { |
| e474619a | 1924 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 8113c095 | 1925 | struct cls_fl_filter *f = arg; |
| b2552b8c VB |
1926 | bool last_on_mask; |
| 1927 | int err = 0; | |
| 77b9900e | 1928 | |
| c24e43d8 | 1929 | err = __fl_delete(tp, f, &last_on_mask, rtnl_held, extack); |
| 05cd271f | 1930 | *last = list_empty(&head->masks); |
| 06177558 VB |
1931 | __fl_put(f); |
| 1932 | ||
| b2552b8c | 1933 | return err; |
| 77b9900e JP |
1934 | } |
| 1935 | ||
| 12db03b6 VB |
1936 | static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg, |
| 1937 | bool rtnl_held) | |
| 77b9900e | 1938 | { |
| d39d7149 CW |
1939 | struct cls_fl_head *head = fl_head_dereference(tp); |
| 1940 | unsigned long id = arg->cookie, tmp; | |
| 77b9900e | 1941 | struct cls_fl_filter *f; |
| 05cd271f | 1942 | |
| 01683a14 VB |
1943 | arg->count = arg->skip; |
| 1944 | ||
| d39d7149 CW |
1945 | idr_for_each_entry_continue_ul(&head->handle_idr, f, tmp, id) { |
| 1946 | /* don't return filters that are being deleted */ | |
| 1947 | if (!refcount_inc_not_zero(&f->refcnt)) | |
| 1948 | continue; | |
| 01683a14 | 1949 | if (arg->fn(tp, f, arg) < 0) { |
| 06177558 | 1950 | __fl_put(f); |
| 01683a14 VB |
1951 | arg->stop = 1; |
| 1952 | break; | |
| 05cd271f | 1953 | } |
| 06177558 | 1954 | __fl_put(f); |
| 01683a14 | 1955 | arg->count++; |
| 77b9900e | 1956 | } |
| d39d7149 | 1957 | arg->cookie = id; |
| 77b9900e JP |
1958 | } |
| 1959 | ||
| c049d56e VB |
1960 | static struct cls_fl_filter * |
| 1961 | fl_get_next_hw_filter(struct tcf_proto *tp, struct cls_fl_filter *f, bool add) | |
| 1962 | { | |
| 1963 | struct cls_fl_head *head = fl_head_dereference(tp); | |
| 1964 | ||
| 1965 | spin_lock(&tp->lock); | |
| 1966 | if (list_empty(&head->hw_filters)) { | |
| 1967 | spin_unlock(&tp->lock); | |
| 1968 | return NULL; | |
| 1969 | } | |
| 1970 | ||
| 1971 | if (!f) | |
| 1972 | f = list_entry(&head->hw_filters, struct cls_fl_filter, | |
| 1973 | hw_list); | |
| 1974 | list_for_each_entry_continue(f, &head->hw_filters, hw_list) { | |
| 1975 | if (!(add && f->deleted) && refcount_inc_not_zero(&f->refcnt)) { | |
| 1976 | spin_unlock(&tp->lock); | |
| 1977 | return f; | |
| 1978 | } | |
| 1979 | } | |
| 1980 | ||
| 1981 | spin_unlock(&tp->lock); | |
| 1982 | return NULL; | |
| 1983 | } | |
| 1984 | ||
| a7323311 | 1985 | static int fl_reoffload(struct tcf_proto *tp, bool add, flow_setup_cb_t *cb, |
| 31533cba JH |
1986 | void *cb_priv, struct netlink_ext_ack *extack) |
| 1987 | { | |
| 31533cba | 1988 | struct tcf_block *block = tp->chain->block; |
| f9e30088 | 1989 | struct flow_cls_offload cls_flower = {}; |
| c049d56e | 1990 | struct cls_fl_filter *f = NULL; |
| 31533cba JH |
1991 | int err; |
| 1992 | ||
| c049d56e VB |
1993 | /* hw_filters list can only be changed by hw offload functions after |
| 1994 | * obtaining rtnl lock. Make sure it is not changed while reoffload is | |
| 1995 | * iterating it. | |
| 1996 | */ | |
| 1997 | ASSERT_RTNL(); | |
| 3a7b6861 | 1998 | |
| c049d56e | 1999 | while ((f = fl_get_next_hw_filter(tp, f, add))) { |
| 95e27a4d JH |
2000 | cls_flower.rule = |
| 2001 | flow_rule_alloc(tcf_exts_num_actions(&f->exts)); | |
| 2002 | if (!cls_flower.rule) { | |
| 2003 | __fl_put(f); | |
| 2004 | return -ENOMEM; | |
| 2005 | } | |
| 31533cba | 2006 | |
| 95e27a4d | 2007 | tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, |
| d6787147 | 2008 | extack); |
| 95e27a4d | 2009 | cls_flower.command = add ? |
| f9e30088 | 2010 | FLOW_CLS_REPLACE : FLOW_CLS_DESTROY; |
| 95e27a4d JH |
2011 | cls_flower.cookie = (unsigned long)f; |
| 2012 | cls_flower.rule->match.dissector = &f->mask->dissector; | |
| 2013 | cls_flower.rule->match.mask = &f->mask->key; | |
| 2014 | cls_flower.rule->match.key = &f->mkey; | |
| 2015 | ||
| b15e7a6e | 2016 | err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts); |
| 95e27a4d | 2017 | if (err) { |
| 8f256622 | 2018 | kfree(cls_flower.rule); |
| 95e27a4d JH |
2019 | if (tc_skip_sw(f->flags)) { |
| 2020 | NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action"); | |
| 2021 | __fl_put(f); | |
| 2022 | return err; | |
| 31533cba | 2023 | } |
| 95e27a4d JH |
2024 | goto next_flow; |
| 2025 | } | |
| 31533cba | 2026 | |
| 95e27a4d JH |
2027 | cls_flower.classid = f->res.classid; |
| 2028 | ||
| 40119211 VB |
2029 | err = tc_setup_cb_reoffload(block, tp, add, cb, |
| 2030 | TC_SETUP_CLSFLOWER, &cls_flower, | |
| 2031 | cb_priv, &f->flags, | |
| 2032 | &f->in_hw_count); | |
| 5a6ff4b1 | 2033 | tc_cleanup_flow_action(&cls_flower.rule->action); |
| 95e27a4d JH |
2034 | kfree(cls_flower.rule); |
| 2035 | ||
| 2036 | if (err) { | |
| 40119211 VB |
2037 | __fl_put(f); |
| 2038 | return err; | |
| 31533cba | 2039 | } |
| 95e27a4d | 2040 | next_flow: |
| 95e27a4d | 2041 | __fl_put(f); |
| 31533cba JH |
2042 | } |
| 2043 | ||
| 2044 | return 0; | |
| 2045 | } | |
| 2046 | ||
| a449a3e7 VB |
2047 | static void fl_hw_add(struct tcf_proto *tp, void *type_data) |
| 2048 | { | |
| 2049 | struct flow_cls_offload *cls_flower = type_data; | |
| 2050 | struct cls_fl_filter *f = | |
| 2051 | (struct cls_fl_filter *) cls_flower->cookie; | |
| 2052 | struct cls_fl_head *head = fl_head_dereference(tp); | |
| 2053 | ||
| 2054 | spin_lock(&tp->lock); | |
| 2055 | list_add(&f->hw_list, &head->hw_filters); | |
| 2056 | spin_unlock(&tp->lock); | |
| 2057 | } | |
| 2058 | ||
| 2059 | static void fl_hw_del(struct tcf_proto *tp, void *type_data) | |
| 2060 | { | |
| 2061 | struct flow_cls_offload *cls_flower = type_data; | |
| 2062 | struct cls_fl_filter *f = | |
| 2063 | (struct cls_fl_filter *) cls_flower->cookie; | |
| 2064 | ||
| 2065 | spin_lock(&tp->lock); | |
| 2066 | if (!list_empty(&f->hw_list)) | |
| 2067 | list_del_init(&f->hw_list); | |
| 2068 | spin_unlock(&tp->lock); | |
| 2069 | } | |
| 2070 | ||
| 8f256622 PNA |
2071 | static int fl_hw_create_tmplt(struct tcf_chain *chain, |
| 2072 | struct fl_flow_tmplt *tmplt) | |
| 34738452 | 2073 | { |
| f9e30088 | 2074 | struct flow_cls_offload cls_flower = {}; |
| 34738452 | 2075 | struct tcf_block *block = chain->block; |
| 34738452 | 2076 | |
| e3ab786b | 2077 | cls_flower.rule = flow_rule_alloc(0); |
| 8f256622 PNA |
2078 | if (!cls_flower.rule) |
| 2079 | return -ENOMEM; | |
| 2080 | ||
| 34738452 | 2081 | cls_flower.common.chain_index = chain->index; |
| f9e30088 | 2082 | cls_flower.command = FLOW_CLS_TMPLT_CREATE; |
| 34738452 | 2083 | cls_flower.cookie = (unsigned long) tmplt; |
| 8f256622 PNA |
2084 | cls_flower.rule->match.dissector = &tmplt->dissector; |
| 2085 | cls_flower.rule->match.mask = &tmplt->mask; | |
| 2086 | cls_flower.rule->match.key = &tmplt->dummy_key; | |
| 34738452 JP |
2087 | |
| 2088 | /* We don't care if driver (any of them) fails to handle this | |
| 2089 | * call. It serves just as a hint for it. | |
| 2090 | */ | |
| 40119211 | 2091 | tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true); |
| 8f256622 PNA |
2092 | kfree(cls_flower.rule); |
| 2093 | ||
| 2094 | return 0; | |
| 34738452 JP |
2095 | } |
| 2096 | ||
| 2097 | static void fl_hw_destroy_tmplt(struct tcf_chain *chain, | |
| 2098 | struct fl_flow_tmplt *tmplt) | |
| 2099 | { | |
| f9e30088 | 2100 | struct flow_cls_offload cls_flower = {}; |
| 34738452 JP |
2101 | struct tcf_block *block = chain->block; |
| 2102 | ||
| 2103 | cls_flower.common.chain_index = chain->index; | |
| f9e30088 | 2104 | cls_flower.command = FLOW_CLS_TMPLT_DESTROY; |
| 34738452 JP |
2105 | cls_flower.cookie = (unsigned long) tmplt; |
| 2106 | ||
| 40119211 | 2107 | tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true); |
| 34738452 JP |
2108 | } |
| 2109 | ||
| b95ec7eb JP |
2110 | static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain, |
| 2111 | struct nlattr **tca, | |
| 2112 | struct netlink_ext_ack *extack) | |
| 2113 | { | |
| 2114 | struct fl_flow_tmplt *tmplt; | |
| 2115 | struct nlattr **tb; | |
| 2116 | int err; | |
| 2117 | ||
| 2118 | if (!tca[TCA_OPTIONS]) | |
| 2119 | return ERR_PTR(-EINVAL); | |
| 2120 | ||
| 2121 | tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL); | |
| 2122 | if (!tb) | |
| 2123 | return ERR_PTR(-ENOBUFS); | |
| 8cb08174 JB |
2124 | err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX, |
| 2125 | tca[TCA_OPTIONS], fl_policy, NULL); | |
| b95ec7eb JP |
2126 | if (err) |
| 2127 | goto errout_tb; | |
| 2128 | ||
| 2129 | tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL); | |
| 1cbc36a5 DC |
2130 | if (!tmplt) { |
| 2131 | err = -ENOMEM; | |
| b95ec7eb | 2132 | goto errout_tb; |
| 1cbc36a5 | 2133 | } |
| b95ec7eb JP |
2134 | tmplt->chain = chain; |
| 2135 | err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack); | |
| 2136 | if (err) | |
| 2137 | goto errout_tmplt; | |
| b95ec7eb JP |
2138 | |
| 2139 | fl_init_dissector(&tmplt->dissector, &tmplt->mask); | |
| 2140 | ||
| 8f256622 PNA |
2141 | err = fl_hw_create_tmplt(chain, tmplt); |
| 2142 | if (err) | |
| 2143 | goto errout_tmplt; | |
| 34738452 | 2144 | |
| 8f256622 | 2145 | kfree(tb); |
| b95ec7eb JP |
2146 | return tmplt; |
| 2147 | ||
| 2148 | errout_tmplt: | |
| 2149 | kfree(tmplt); | |
| 2150 | errout_tb: | |
| 2151 | kfree(tb); | |
| 2152 | return ERR_PTR(err); | |
| 2153 | } | |
| 2154 | ||
| ec3ed293 VB |
2155 | static void fl_tmplt_destroy(void *tmplt_priv) |
| 2156 | { | |
| 2157 | struct fl_flow_tmplt *tmplt = tmplt_priv; | |
| 2158 | ||
| 95278dda CW |
2159 | fl_hw_destroy_tmplt(tmplt->chain, tmplt); |
| 2160 | kfree(tmplt); | |
| ec3ed293 VB |
2161 | } |
| 2162 | ||
| 77b9900e JP |
2163 | static int fl_dump_key_val(struct sk_buff *skb, |
| 2164 | void *val, int val_type, | |
| 2165 | void *mask, int mask_type, int len) | |
| 2166 | { | |
| 2167 | int err; | |
| 2168 | ||
| 2169 | if (!memchr_inv(mask, 0, len)) | |
| 2170 | return 0; | |
| 2171 | err = nla_put(skb, val_type, len, val); | |
| 2172 | if (err) | |
| 2173 | return err; | |
| 2174 | if (mask_type != TCA_FLOWER_UNSPEC) { | |
| 2175 | err = nla_put(skb, mask_type, len, mask); | |
| 2176 | if (err) | |
| 2177 | return err; | |
| 2178 | } | |
| 2179 | return 0; | |
| 2180 | } | |
| 2181 | ||
| 5c72299f AN |
2182 | static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key, |
| 2183 | struct fl_flow_key *mask) | |
| 2184 | { | |
| 8ffb055b YK |
2185 | if (fl_dump_key_val(skb, &key->tp_range.tp_min.dst, |
| 2186 | TCA_FLOWER_KEY_PORT_DST_MIN, | |
| 2187 | &mask->tp_range.tp_min.dst, TCA_FLOWER_UNSPEC, | |
| 2188 | sizeof(key->tp_range.tp_min.dst)) || | |
| 2189 | fl_dump_key_val(skb, &key->tp_range.tp_max.dst, | |
| 2190 | TCA_FLOWER_KEY_PORT_DST_MAX, | |
| 2191 | &mask->tp_range.tp_max.dst, TCA_FLOWER_UNSPEC, | |
| 2192 | sizeof(key->tp_range.tp_max.dst)) || | |
| 2193 | fl_dump_key_val(skb, &key->tp_range.tp_min.src, | |
| 2194 | TCA_FLOWER_KEY_PORT_SRC_MIN, | |
| 2195 | &mask->tp_range.tp_min.src, TCA_FLOWER_UNSPEC, | |
| 2196 | sizeof(key->tp_range.tp_min.src)) || | |
| 2197 | fl_dump_key_val(skb, &key->tp_range.tp_max.src, | |
| 2198 | TCA_FLOWER_KEY_PORT_SRC_MAX, | |
| 2199 | &mask->tp_range.tp_max.src, TCA_FLOWER_UNSPEC, | |
| 2200 | sizeof(key->tp_range.tp_max.src))) | |
| 5c72299f AN |
2201 | return -1; |
| 2202 | ||
| 2203 | return 0; | |
| 2204 | } | |
| 2205 | ||
| a577d8f7 BL |
2206 | static int fl_dump_key_mpls(struct sk_buff *skb, |
| 2207 | struct flow_dissector_key_mpls *mpls_key, | |
| 2208 | struct flow_dissector_key_mpls *mpls_mask) | |
| 2209 | { | |
| 2210 | int err; | |
| 2211 | ||
| 2212 | if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask))) | |
| 2213 | return 0; | |
| 2214 | if (mpls_mask->mpls_ttl) { | |
| 2215 | err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL, | |
| 2216 | mpls_key->mpls_ttl); | |
| 2217 | if (err) | |
| 2218 | return err; | |
| 2219 | } | |
| 2220 | if (mpls_mask->mpls_tc) { | |
| 2221 | err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC, | |
| 2222 | mpls_key->mpls_tc); | |
| 2223 | if (err) | |
| 2224 | return err; | |
| 2225 | } | |
| 2226 | if (mpls_mask->mpls_label) { | |
| 2227 | err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL, | |
| 2228 | mpls_key->mpls_label); | |
| 2229 | if (err) | |
| 2230 | return err; | |
| 2231 | } | |
| 2232 | if (mpls_mask->mpls_bos) { | |
| 2233 | err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS, | |
| 2234 | mpls_key->mpls_bos); | |
| 2235 | if (err) | |
| 2236 | return err; | |
| 2237 | } | |
| 2238 | return 0; | |
| 2239 | } | |
| 2240 | ||
| 0e2c17b6 | 2241 | static int fl_dump_key_ip(struct sk_buff *skb, bool encap, |
| 4d80cc0a OG |
2242 | struct flow_dissector_key_ip *key, |
| 2243 | struct flow_dissector_key_ip *mask) | |
| 2244 | { | |
| 0e2c17b6 OG |
2245 | int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS; |
| 2246 | int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL; | |
| 2247 | int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK; | |
| 2248 | int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK; | |
| 2249 | ||
| 2250 | if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) || | |
| 2251 | fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl))) | |
| 4d80cc0a OG |
2252 | return -1; |
| 2253 | ||
| 2254 | return 0; | |
| 2255 | } | |
| 2256 | ||
| 9399ae9a | 2257 | static int fl_dump_key_vlan(struct sk_buff *skb, |
| d64efd09 | 2258 | int vlan_id_key, int vlan_prio_key, |
| 9399ae9a HHZ |
2259 | struct flow_dissector_key_vlan *vlan_key, |
| 2260 | struct flow_dissector_key_vlan *vlan_mask) | |
| 2261 | { | |
| 2262 | int err; | |
| 2263 | ||
| 2264 | if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask))) | |
| 2265 | return 0; | |
| 2266 | if (vlan_mask->vlan_id) { | |
| d64efd09 | 2267 | err = nla_put_u16(skb, vlan_id_key, |
| 9399ae9a HHZ |
2268 | vlan_key->vlan_id); |
| 2269 | if (err) | |
| 2270 | return err; | |
| 2271 | } | |
| 2272 | if (vlan_mask->vlan_priority) { | |
| d64efd09 | 2273 | err = nla_put_u8(skb, vlan_prio_key, |
| 9399ae9a HHZ |
2274 | vlan_key->vlan_priority); |
| 2275 | if (err) | |
| 2276 | return err; | |
| 2277 | } | |
| 2278 | return 0; | |
| 2279 | } | |
| 2280 | ||
| faa3ffce OG |
2281 | static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask, |
| 2282 | u32 *flower_key, u32 *flower_mask, | |
| 2283 | u32 flower_flag_bit, u32 dissector_flag_bit) | |
| 2284 | { | |
| 2285 | if (dissector_mask & dissector_flag_bit) { | |
| 2286 | *flower_mask |= flower_flag_bit; | |
| 2287 | if (dissector_key & dissector_flag_bit) | |
| 2288 | *flower_key |= flower_flag_bit; | |
| 2289 | } | |
| 2290 | } | |
| 2291 | ||
| 2292 | static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask) | |
| 2293 | { | |
| 2294 | u32 key, mask; | |
| 2295 | __be32 _key, _mask; | |
| 2296 | int err; | |
| 2297 | ||
| 2298 | if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask))) | |
| 2299 | return 0; | |
| 2300 | ||
| 2301 | key = 0; | |
| 2302 | mask = 0; | |
| 2303 | ||
| 2304 | fl_get_key_flag(flags_key, flags_mask, &key, &mask, | |
| 2305 | TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); | |
| 459d153d PJV |
2306 | fl_get_key_flag(flags_key, flags_mask, &key, &mask, |
| 2307 | TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, | |
| 2308 | FLOW_DIS_FIRST_FRAG); | |
| faa3ffce OG |
2309 | |
| 2310 | _key = cpu_to_be32(key); | |
| 2311 | _mask = cpu_to_be32(mask); | |
| 2312 | ||
| 2313 | err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key); | |
| 2314 | if (err) | |
| 2315 | return err; | |
| 2316 | ||
| 2317 | return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask); | |
| 2318 | } | |
| 2319 | ||
| 0a6e7778 PJV |
2320 | static int fl_dump_key_geneve_opt(struct sk_buff *skb, |
| 2321 | struct flow_dissector_key_enc_opts *enc_opts) | |
| 2322 | { | |
| 2323 | struct geneve_opt *opt; | |
| 2324 | struct nlattr *nest; | |
| 2325 | int opt_off = 0; | |
| 2326 | ||
| ae0be8de | 2327 | nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE); |
| 0a6e7778 PJV |
2328 | if (!nest) |
| 2329 | goto nla_put_failure; | |
| 2330 | ||
| 2331 | while (enc_opts->len > opt_off) { | |
| 2332 | opt = (struct geneve_opt *)&enc_opts->data[opt_off]; | |
| 2333 | ||
| 2334 | if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS, | |
| 2335 | opt->opt_class)) | |
| 2336 | goto nla_put_failure; | |
| 2337 | if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE, | |
| 2338 | opt->type)) | |
| 2339 | goto nla_put_failure; | |
| 2340 | if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA, | |
| 2341 | opt->length * 4, opt->opt_data)) | |
| 2342 | goto nla_put_failure; | |
| 2343 | ||
| 2344 | opt_off += sizeof(struct geneve_opt) + opt->length * 4; | |
| 2345 | } | |
| 2346 | nla_nest_end(skb, nest); | |
| 2347 | return 0; | |
| 2348 | ||
| 2349 | nla_put_failure: | |
| 2350 | nla_nest_cancel(skb, nest); | |
| 2351 | return -EMSGSIZE; | |
| 2352 | } | |
| 2353 | ||
| d8f9dfae XL |
2354 | static int fl_dump_key_vxlan_opt(struct sk_buff *skb, |
| 2355 | struct flow_dissector_key_enc_opts *enc_opts) | |
| 2356 | { | |
| 2357 | struct vxlan_metadata *md; | |
| 2358 | struct nlattr *nest; | |
| 2359 | ||
| 2360 | nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_VXLAN); | |
| 2361 | if (!nest) | |
| 2362 | goto nla_put_failure; | |
| 2363 | ||
| 2364 | md = (struct vxlan_metadata *)&enc_opts->data[0]; | |
| 2365 | if (nla_put_u32(skb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP, md->gbp)) | |
| 2366 | goto nla_put_failure; | |
| 2367 | ||
| 2368 | nla_nest_end(skb, nest); | |
| 2369 | return 0; | |
| 2370 | ||
| 2371 | nla_put_failure: | |
| 2372 | nla_nest_cancel(skb, nest); | |
| 2373 | return -EMSGSIZE; | |
| 2374 | } | |
| 2375 | ||
| 79b1011c XL |
2376 | static int fl_dump_key_erspan_opt(struct sk_buff *skb, |
| 2377 | struct flow_dissector_key_enc_opts *enc_opts) | |
| 2378 | { | |
| 2379 | struct erspan_metadata *md; | |
| 2380 | struct nlattr *nest; | |
| 2381 | ||
| 2382 | nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_ERSPAN); | |
| 2383 | if (!nest) | |
| 2384 | goto nla_put_failure; | |
| 2385 | ||
| 2386 | md = (struct erspan_metadata *)&enc_opts->data[0]; | |
| 2387 | if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER, md->version)) | |
| 2388 | goto nla_put_failure; | |
| 2389 | ||
| 2390 | if (md->version == 1 && | |
| 2391 | nla_put_be32(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index)) | |
| 2392 | goto nla_put_failure; | |
| 2393 | ||
| 2394 | if (md->version == 2 && | |
| 2395 | (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR, | |
| 2396 | md->u.md2.dir) || | |
| 2397 | nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID, | |
| 2398 | get_hwid(&md->u.md2)))) | |
| 2399 | goto nla_put_failure; | |
| 2400 | ||
| 2401 | nla_nest_end(skb, nest); | |
| 2402 | return 0; | |
| 2403 | ||
| 2404 | nla_put_failure: | |
| 2405 | nla_nest_cancel(skb, nest); | |
| 2406 | return -EMSGSIZE; | |
| 2407 | } | |
| 2408 | ||
| e0ace68a PB |
2409 | static int fl_dump_key_ct(struct sk_buff *skb, |
| 2410 | struct flow_dissector_key_ct *key, | |
| 2411 | struct flow_dissector_key_ct *mask) | |
| 2412 | { | |
| 2413 | if (IS_ENABLED(CONFIG_NF_CONNTRACK) && | |
| 2414 | fl_dump_key_val(skb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE, | |
| 2415 | &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK, | |
| 2416 | sizeof(key->ct_state))) | |
| 2417 | goto nla_put_failure; | |
| 2418 | ||
| 2419 | if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) && | |
| 2420 | fl_dump_key_val(skb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE, | |
| 2421 | &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK, | |
| 2422 | sizeof(key->ct_zone))) | |
| 2423 | goto nla_put_failure; | |
| 2424 | ||
| 2425 | if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) && | |
| 2426 | fl_dump_key_val(skb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK, | |
| 2427 | &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK, | |
| 2428 | sizeof(key->ct_mark))) | |
| 2429 | goto nla_put_failure; | |
| 2430 | ||
| 2431 | if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) && | |
| 2432 | fl_dump_key_val(skb, &key->ct_labels, TCA_FLOWER_KEY_CT_LABELS, | |
| 2433 | &mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK, | |
| 2434 | sizeof(key->ct_labels))) | |
| 2435 | goto nla_put_failure; | |
| 2436 | ||
| 2437 | return 0; | |
| 2438 | ||
| 2439 | nla_put_failure: | |
| 2440 | return -EMSGSIZE; | |
| 2441 | } | |
| 2442 | ||
| 0a6e7778 PJV |
2443 | static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type, |
| 2444 | struct flow_dissector_key_enc_opts *enc_opts) | |
| 2445 | { | |
| 2446 | struct nlattr *nest; | |
| 2447 | int err; | |
| 2448 | ||
| 2449 | if (!enc_opts->len) | |
| 2450 | return 0; | |
| 2451 | ||
| ae0be8de | 2452 | nest = nla_nest_start_noflag(skb, enc_opt_type); |
| 0a6e7778 PJV |
2453 | if (!nest) |
| 2454 | goto nla_put_failure; | |
| 2455 | ||
| 2456 | switch (enc_opts->dst_opt_type) { | |
| 2457 | case TUNNEL_GENEVE_OPT: | |
| 2458 | err = fl_dump_key_geneve_opt(skb, enc_opts); | |
| 2459 | if (err) | |
| 2460 | goto nla_put_failure; | |
| 2461 | break; | |
| d8f9dfae XL |
2462 | case TUNNEL_VXLAN_OPT: |
| 2463 | err = fl_dump_key_vxlan_opt(skb, enc_opts); | |
| 2464 | if (err) | |
| 2465 | goto nla_put_failure; | |
| 2466 | break; | |
| 79b1011c XL |
2467 | case TUNNEL_ERSPAN_OPT: |
| 2468 | err = fl_dump_key_erspan_opt(skb, enc_opts); | |
| 2469 | if (err) | |
| 2470 | goto nla_put_failure; | |
| 2471 | break; | |
| 0a6e7778 PJV |
2472 | default: |
| 2473 | goto nla_put_failure; | |
| 2474 | } | |
| 2475 | nla_nest_end(skb, nest); | |
| 2476 | return 0; | |
| 2477 | ||
| 2478 | nla_put_failure: | |
| 2479 | nla_nest_cancel(skb, nest); | |
| 2480 | return -EMSGSIZE; | |
| 2481 | } | |
| 2482 | ||
| 2483 | static int fl_dump_key_enc_opt(struct sk_buff *skb, | |
| 2484 | struct flow_dissector_key_enc_opts *key_opts, | |
| 2485 | struct flow_dissector_key_enc_opts *msk_opts) | |
| 2486 | { | |
| 2487 | int err; | |
| 2488 | ||
| 2489 | err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts); | |
| 2490 | if (err) | |
| 2491 | return err; | |
| 2492 | ||
| 2493 | return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts); | |
| 2494 | } | |
| 2495 | ||
| f5749081 JP |
2496 | static int fl_dump_key(struct sk_buff *skb, struct net *net, |
| 2497 | struct fl_flow_key *key, struct fl_flow_key *mask) | |
| 77b9900e | 2498 | { |
| 8212ed77 | 2499 | if (mask->meta.ingress_ifindex) { |
| 77b9900e JP |
2500 | struct net_device *dev; |
| 2501 | ||
| 8212ed77 | 2502 | dev = __dev_get_by_index(net, key->meta.ingress_ifindex); |
| 77b9900e JP |
2503 | if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name)) |
| 2504 | goto nla_put_failure; | |
| 2505 | } | |
| 2506 | ||
| 2507 | if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, | |
| 2508 | mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, | |
| 2509 | sizeof(key->eth.dst)) || | |
| 2510 | fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, | |
| 2511 | mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, | |
| 2512 | sizeof(key->eth.src)) || | |
| 2513 | fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE, | |
| 2514 | &mask->basic.n_proto, TCA_FLOWER_UNSPEC, | |
| 2515 | sizeof(key->basic.n_proto))) | |
| 2516 | goto nla_put_failure; | |
| 9399ae9a | 2517 | |
| a577d8f7 BL |
2518 | if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls)) |
| 2519 | goto nla_put_failure; | |
| 2520 | ||
| d64efd09 JL |
2521 | if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID, |
| 2522 | TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan)) | |
| 9399ae9a HHZ |
2523 | goto nla_put_failure; |
| 2524 | ||
| d64efd09 JL |
2525 | if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID, |
| 2526 | TCA_FLOWER_KEY_CVLAN_PRIO, | |
| 2527 | &key->cvlan, &mask->cvlan) || | |
| 2528 | (mask->cvlan.vlan_tpid && | |
| 158abbf1 JL |
2529 | nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE, |
| 2530 | key->cvlan.vlan_tpid))) | |
| d3069512 JL |
2531 | goto nla_put_failure; |
| 2532 | ||
| 5e9a0fe4 JL |
2533 | if (mask->basic.n_proto) { |
| 2534 | if (mask->cvlan.vlan_tpid) { | |
| 2535 | if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE, | |
| 2536 | key->basic.n_proto)) | |
| 2537 | goto nla_put_failure; | |
| 2538 | } else if (mask->vlan.vlan_tpid) { | |
| 2539 | if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE, | |
| 2540 | key->basic.n_proto)) | |
| 2541 | goto nla_put_failure; | |
| 2542 | } | |
| d64efd09 JL |
2543 | } |
| 2544 | ||
| 77b9900e JP |
2545 | if ((key->basic.n_proto == htons(ETH_P_IP) || |
| 2546 | key->basic.n_proto == htons(ETH_P_IPV6)) && | |
| 4d80cc0a | 2547 | (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, |
| 77b9900e | 2548 | &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, |
| 4d80cc0a | 2549 | sizeof(key->basic.ip_proto)) || |
| 0e2c17b6 | 2550 | fl_dump_key_ip(skb, false, &key->ip, &mask->ip))) |
| 77b9900e JP |
2551 | goto nla_put_failure; |
| 2552 | ||
| c3f83241 | 2553 | if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && |
| 77b9900e JP |
2554 | (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, |
| 2555 | &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, | |
| 2556 | sizeof(key->ipv4.src)) || | |
| 2557 | fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, | |
| 2558 | &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, | |
| 2559 | sizeof(key->ipv4.dst)))) | |
| 2560 | goto nla_put_failure; | |
| c3f83241 | 2561 | else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && |
| 77b9900e JP |
2562 | (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, |
| 2563 | &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, | |
| 2564 | sizeof(key->ipv6.src)) || | |
| 2565 | fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, | |
| 2566 | &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, | |
| 2567 | sizeof(key->ipv6.dst)))) | |
| 2568 | goto nla_put_failure; | |
| 2569 | ||
| 2570 | if (key->basic.ip_proto == IPPROTO_TCP && | |
| 2571 | (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, | |
| aa72d708 | 2572 | &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, |
| 77b9900e JP |
2573 | sizeof(key->tp.src)) || |
| 2574 | fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, | |
| aa72d708 | 2575 | &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, |
| fdfc7dd6 JP |
2576 | sizeof(key->tp.dst)) || |
| 2577 | fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, | |
| 2578 | &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, | |
| 2579 | sizeof(key->tcp.flags)))) | |
| 77b9900e JP |
2580 | goto nla_put_failure; |
| 2581 | else if (key->basic.ip_proto == IPPROTO_UDP && | |
| 2582 | (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, | |
| aa72d708 | 2583 | &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, |
| 77b9900e JP |
2584 | sizeof(key->tp.src)) || |
| 2585 | fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, | |
| aa72d708 | 2586 | &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, |
| 5976c5f4 SH |
2587 | sizeof(key->tp.dst)))) |
| 2588 | goto nla_put_failure; | |
| 2589 | else if (key->basic.ip_proto == IPPROTO_SCTP && | |
| 2590 | (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, | |
| 2591 | &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, | |
| 2592 | sizeof(key->tp.src)) || | |
| 2593 | fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, | |
| 2594 | &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, | |
| 77b9900e JP |
2595 | sizeof(key->tp.dst)))) |
| 2596 | goto nla_put_failure; | |
| 7b684884 SH |
2597 | else if (key->basic.n_proto == htons(ETH_P_IP) && |
| 2598 | key->basic.ip_proto == IPPROTO_ICMP && | |
| 2599 | (fl_dump_key_val(skb, &key->icmp.type, | |
| 2600 | TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type, | |
| 2601 | TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, | |
| 2602 | sizeof(key->icmp.type)) || | |
| 2603 | fl_dump_key_val(skb, &key->icmp.code, | |
| 2604 | TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code, | |
| 2605 | TCA_FLOWER_KEY_ICMPV4_CODE_MASK, | |
| 2606 | sizeof(key->icmp.code)))) | |
| 2607 | goto nla_put_failure; | |
| 2608 | else if (key->basic.n_proto == htons(ETH_P_IPV6) && | |
| 2609 | key->basic.ip_proto == IPPROTO_ICMPV6 && | |
| 2610 | (fl_dump_key_val(skb, &key->icmp.type, | |
| 2611 | TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type, | |
| 2612 | TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, | |
| 2613 | sizeof(key->icmp.type)) || | |
| 2614 | fl_dump_key_val(skb, &key->icmp.code, | |
| 2615 | TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code, | |
| 2616 | TCA_FLOWER_KEY_ICMPV6_CODE_MASK, | |
| 2617 | sizeof(key->icmp.code)))) | |
| 2618 | goto nla_put_failure; | |
| 99d31326 SH |
2619 | else if ((key->basic.n_proto == htons(ETH_P_ARP) || |
| 2620 | key->basic.n_proto == htons(ETH_P_RARP)) && | |
| 2621 | (fl_dump_key_val(skb, &key->arp.sip, | |
| 2622 | TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip, | |
| 2623 | TCA_FLOWER_KEY_ARP_SIP_MASK, | |
| 2624 | sizeof(key->arp.sip)) || | |
| 2625 | fl_dump_key_val(skb, &key->arp.tip, | |
| 2626 | TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip, | |
| 2627 | TCA_FLOWER_KEY_ARP_TIP_MASK, | |
| 2628 | sizeof(key->arp.tip)) || | |
| 2629 | fl_dump_key_val(skb, &key->arp.op, | |
| 2630 | TCA_FLOWER_KEY_ARP_OP, &mask->arp.op, | |
| 2631 | TCA_FLOWER_KEY_ARP_OP_MASK, | |
| 2632 | sizeof(key->arp.op)) || | |
| 2633 | fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, | |
| 2634 | mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, | |
| 2635 | sizeof(key->arp.sha)) || | |
| 2636 | fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, | |
| 2637 | mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, | |
| 2638 | sizeof(key->arp.tha)))) | |
| 2639 | goto nla_put_failure; | |
| 77b9900e | 2640 | |
| 5c72299f AN |
2641 | if ((key->basic.ip_proto == IPPROTO_TCP || |
| 2642 | key->basic.ip_proto == IPPROTO_UDP || | |
| 2643 | key->basic.ip_proto == IPPROTO_SCTP) && | |
| 2644 | fl_dump_key_port_range(skb, key, mask)) | |
| 2645 | goto nla_put_failure; | |
| 2646 | ||
| bc3103f1 AV |
2647 | if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && |
| 2648 | (fl_dump_key_val(skb, &key->enc_ipv4.src, | |
| 2649 | TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src, | |
| 2650 | TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, | |
| 2651 | sizeof(key->enc_ipv4.src)) || | |
| 2652 | fl_dump_key_val(skb, &key->enc_ipv4.dst, | |
| 2653 | TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst, | |
| 2654 | TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, | |
| 2655 | sizeof(key->enc_ipv4.dst)))) | |
| 2656 | goto nla_put_failure; | |
| 2657 | else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && | |
| 2658 | (fl_dump_key_val(skb, &key->enc_ipv6.src, | |
| 2659 | TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src, | |
| 2660 | TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, | |
| 2661 | sizeof(key->enc_ipv6.src)) || | |
| 2662 | fl_dump_key_val(skb, &key->enc_ipv6.dst, | |
| 2663 | TCA_FLOWER_KEY_ENC_IPV6_DST, | |
| 2664 | &mask->enc_ipv6.dst, | |
| 2665 | TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, | |
| 2666 | sizeof(key->enc_ipv6.dst)))) | |
| 2667 | goto nla_put_failure; | |
| 2668 | ||
| 2669 | if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID, | |
| eb523f42 | 2670 | &mask->enc_key_id, TCA_FLOWER_UNSPEC, |
| f4d997fd HHZ |
2671 | sizeof(key->enc_key_id)) || |
| 2672 | fl_dump_key_val(skb, &key->enc_tp.src, | |
| 2673 | TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, | |
| 2674 | &mask->enc_tp.src, | |
| 2675 | TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, | |
| 2676 | sizeof(key->enc_tp.src)) || | |
| 2677 | fl_dump_key_val(skb, &key->enc_tp.dst, | |
| 2678 | TCA_FLOWER_KEY_ENC_UDP_DST_PORT, | |
| 2679 | &mask->enc_tp.dst, | |
| 2680 | TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, | |
| 0e2c17b6 | 2681 | sizeof(key->enc_tp.dst)) || |
| 0a6e7778 PJV |
2682 | fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) || |
| 2683 | fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts)) | |
| bc3103f1 AV |
2684 | goto nla_put_failure; |
| 2685 | ||
| e0ace68a PB |
2686 | if (fl_dump_key_ct(skb, &key->ct, &mask->ct)) |
| 2687 | goto nla_put_failure; | |
| 2688 | ||
| faa3ffce OG |
2689 | if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags)) |
| 2690 | goto nla_put_failure; | |
| 2691 | ||
| f5749081 JP |
2692 | return 0; |
| 2693 | ||
| 2694 | nla_put_failure: | |
| 2695 | return -EMSGSIZE; | |
| 2696 | } | |
| 2697 | ||
| 2698 | static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh, | |
| 12db03b6 | 2699 | struct sk_buff *skb, struct tcmsg *t, bool rtnl_held) |
| f5749081 JP |
2700 | { |
| 2701 | struct cls_fl_filter *f = fh; | |
| 2702 | struct nlattr *nest; | |
| 2703 | struct fl_flow_key *key, *mask; | |
| 3d81e711 | 2704 | bool skip_hw; |
| f5749081 JP |
2705 | |
| 2706 | if (!f) | |
| 2707 | return skb->len; | |
| 2708 | ||
| 2709 | t->tcm_handle = f->handle; | |
| 2710 | ||
| ae0be8de | 2711 | nest = nla_nest_start_noflag(skb, TCA_OPTIONS); |
| f5749081 JP |
2712 | if (!nest) |
| 2713 | goto nla_put_failure; | |
| 2714 | ||
| 3d81e711 VB |
2715 | spin_lock(&tp->lock); |
| 2716 | ||
| f5749081 JP |
2717 | if (f->res.classid && |
| 2718 | nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid)) | |
| 3d81e711 | 2719 | goto nla_put_failure_locked; |
| f5749081 JP |
2720 | |
| 2721 | key = &f->key; | |
| 2722 | mask = &f->mask->key; | |
| 3d81e711 | 2723 | skip_hw = tc_skip_hw(f->flags); |
| f5749081 JP |
2724 | |
| 2725 | if (fl_dump_key(skb, net, key, mask)) | |
| 3d81e711 | 2726 | goto nla_put_failure_locked; |
| f5749081 | 2727 | |
| 749e6720 | 2728 | if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags)) |
| 3d81e711 VB |
2729 | goto nla_put_failure_locked; |
| 2730 | ||
| 2731 | spin_unlock(&tp->lock); | |
| 2732 | ||
| 2733 | if (!skip_hw) | |
| c24e43d8 | 2734 | fl_hw_update_stats(tp, f, rtnl_held); |
| e69985c6 | 2735 | |
| 86c55361 VB |
2736 | if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count)) |
| 2737 | goto nla_put_failure; | |
| 2738 | ||
| 77b9900e JP |
2739 | if (tcf_exts_dump(skb, &f->exts)) |
| 2740 | goto nla_put_failure; | |
| 2741 | ||
| 2742 | nla_nest_end(skb, nest); | |
| 2743 | ||
| 2744 | if (tcf_exts_dump_stats(skb, &f->exts) < 0) | |
| 2745 | goto nla_put_failure; | |
| 2746 | ||
| 2747 | return skb->len; | |
| 2748 | ||
| 3d81e711 VB |
2749 | nla_put_failure_locked: |
| 2750 | spin_unlock(&tp->lock); | |
| 77b9900e JP |
2751 | nla_put_failure: |
| 2752 | nla_nest_cancel(skb, nest); | |
| 2753 | return -1; | |
| 2754 | } | |
| 2755 | ||
| b95ec7eb JP |
2756 | static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv) |
| 2757 | { | |
| 2758 | struct fl_flow_tmplt *tmplt = tmplt_priv; | |
| 2759 | struct fl_flow_key *key, *mask; | |
| 2760 | struct nlattr *nest; | |
| 2761 | ||
| ae0be8de | 2762 | nest = nla_nest_start_noflag(skb, TCA_OPTIONS); |
| b95ec7eb JP |
2763 | if (!nest) |
| 2764 | goto nla_put_failure; | |
| 2765 | ||
| 2766 | key = &tmplt->dummy_key; | |
| 2767 | mask = &tmplt->mask; | |
| 2768 | ||
| 2769 | if (fl_dump_key(skb, net, key, mask)) | |
| 2770 | goto nla_put_failure; | |
| 2771 | ||
| 2772 | nla_nest_end(skb, nest); | |
| 2773 | ||
| 2774 | return skb->len; | |
| 2775 | ||
| 2776 | nla_put_failure: | |
| 2777 | nla_nest_cancel(skb, nest); | |
| 2778 | return -EMSGSIZE; | |
| 2779 | } | |
| 2780 | ||
| 2e24cd75 CW |
2781 | static void fl_bind_class(void *fh, u32 classid, unsigned long cl, void *q, |
| 2782 | unsigned long base) | |
| 07d79fc7 CW |
2783 | { |
| 2784 | struct cls_fl_filter *f = fh; | |
| 2785 | ||
| 2e24cd75 CW |
2786 | if (f && f->res.classid == classid) { |
| 2787 | if (cl) | |
| 2788 | __tcf_bind_filter(q, &f->res, base); | |
| 2789 | else | |
| 2790 | __tcf_unbind_filter(q, &f->res); | |
| 2791 | } | |
| 07d79fc7 CW |
2792 | } |
| 2793 | ||
| a5b72a08 DC |
2794 | static bool fl_delete_empty(struct tcf_proto *tp) |
| 2795 | { | |
| 2796 | struct cls_fl_head *head = fl_head_dereference(tp); | |
| 2797 | ||
| 2798 | spin_lock(&tp->lock); | |
| 2799 | tp->deleting = idr_is_empty(&head->handle_idr); | |
| 2800 | spin_unlock(&tp->lock); | |
| 2801 | ||
| 2802 | return tp->deleting; | |
| 2803 | } | |
| 2804 | ||
| 77b9900e JP |
2805 | static struct tcf_proto_ops cls_fl_ops __read_mostly = { |
| 2806 | .kind = "flower", | |
| 2807 | .classify = fl_classify, | |
| 2808 | .init = fl_init, | |
| 2809 | .destroy = fl_destroy, | |
| 2810 | .get = fl_get, | |
| 06177558 | 2811 | .put = fl_put, |
| 77b9900e JP |
2812 | .change = fl_change, |
| 2813 | .delete = fl_delete, | |
| a5b72a08 | 2814 | .delete_empty = fl_delete_empty, |
| 77b9900e | 2815 | .walk = fl_walk, |
| 31533cba | 2816 | .reoffload = fl_reoffload, |
| a449a3e7 VB |
2817 | .hw_add = fl_hw_add, |
| 2818 | .hw_del = fl_hw_del, | |
| 77b9900e | 2819 | .dump = fl_dump, |
| 07d79fc7 | 2820 | .bind_class = fl_bind_class, |
| b95ec7eb JP |
2821 | .tmplt_create = fl_tmplt_create, |
| 2822 | .tmplt_destroy = fl_tmplt_destroy, | |
| 2823 | .tmplt_dump = fl_tmplt_dump, | |
| 77b9900e | 2824 | .owner = THIS_MODULE, |
| 92149190 | 2825 | .flags = TCF_PROTO_OPS_DOIT_UNLOCKED, |
| 77b9900e JP |
2826 | }; |
| 2827 | ||
| 2828 | static int __init cls_fl_init(void) | |
| 2829 | { | |
| 2830 | return register_tcf_proto_ops(&cls_fl_ops); | |
| 2831 | } | |
| 2832 | ||
| 2833 | static void __exit cls_fl_exit(void) | |
| 2834 | { | |
| 2835 | unregister_tcf_proto_ops(&cls_fl_ops); | |
| 2836 | } | |
| 2837 | ||
| 2838 | module_init(cls_fl_init); | |
| 2839 | module_exit(cls_fl_exit); | |
| 2840 | ||
| 2841 | MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>"); | |
| 2842 | MODULE_DESCRIPTION("Flower classifier"); | |
| 2843 | MODULE_LICENSE("GPL v2"); |