search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
btrfs: migrate the block group ref counting stuff
[linux/fpc-iii.git] / net / netfilter / nft_queue.c
blob5ece0a6aa8c3c246a0b9f33dbbe3e068bfaa64bc
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (c) 2013 Eric Leblond <eric@regit.org>
4 *
5 * Development of this code partly funded by OISF
6 * (http://www.openinfosecfoundation.org/)
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/init.h>
11 #include <linux/module.h>
12 #include <linux/netlink.h>
13 #include <linux/jhash.h>
14 #include <linux/netfilter.h>
15 #include <linux/netfilter/nf_tables.h>
16 #include <net/netfilter/nf_tables.h>
17 #include <net/netfilter/nf_queue.h>
18
19 static u32 jhash_initval __read_mostly;
20
21 struct nft_queue {
22 enum nft_registers sreg_qnum:8;
23 u16 queuenum;
24 u16 queues_total;
25 u16 flags;
26 };
27
28 static void nft_queue_eval(const struct nft_expr *expr,
29 struct nft_regs *regs,
30 const struct nft_pktinfo *pkt)
31 {
32 struct nft_queue *priv = nft_expr_priv(expr);
33 u32 queue = priv->queuenum;
34 u32 ret;
35
36 if (priv->queues_total > 1) {
37 if (priv->flags & NFT_QUEUE_FLAG_CPU_FANOUT) {
38 int cpu = raw_smp_processor_id();
39
40 queue = priv->queuenum + cpu % priv->queues_total;
41 } else {
42 queue = nfqueue_hash(pkt->skb, queue,
43 priv->queues_total, nft_pf(pkt),
44 jhash_initval);
45 }
46 }
47
48 ret = NF_QUEUE_NR(queue);
49 if (priv->flags & NFT_QUEUE_FLAG_BYPASS)
50 ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
51
52 regs->verdict.code = ret;
53 }
54
55 static void nft_queue_sreg_eval(const struct nft_expr *expr,
56 struct nft_regs *regs,
57 const struct nft_pktinfo *pkt)
58 {
59 struct nft_queue *priv = nft_expr_priv(expr);
60 u32 queue, ret;
61
62 queue = regs->data[priv->sreg_qnum];
63
64 ret = NF_QUEUE_NR(queue);
65 if (priv->flags & NFT_QUEUE_FLAG_BYPASS)
66 ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
67
68 regs->verdict.code = ret;
69 }
70
71 static const struct nla_policy nft_queue_policy[NFTA_QUEUE_MAX + 1] = {
72 [NFTA_QUEUE_NUM] = { .type = NLA_U16 },
73 [NFTA_QUEUE_TOTAL] = { .type = NLA_U16 },
74 [NFTA_QUEUE_FLAGS] = { .type = NLA_U16 },
75 [NFTA_QUEUE_SREG_QNUM] = { .type = NLA_U32 },
76 };
77
78 static int nft_queue_init(const struct nft_ctx *ctx,
79 const struct nft_expr *expr,
80 const struct nlattr * const tb[])
81 {
82 struct nft_queue *priv = nft_expr_priv(expr);
83 u32 maxid;
84
85 priv->queuenum = ntohs(nla_get_be16(tb[NFTA_QUEUE_NUM]));
86
87 if (tb[NFTA_QUEUE_TOTAL])
88 priv->queues_total = ntohs(nla_get_be16(tb[NFTA_QUEUE_TOTAL]));
89 else
90 priv->queues_total = 1;
91
92 if (priv->queues_total == 0)
93 return -EINVAL;
94
95 maxid = priv->queues_total - 1 + priv->queuenum;
96 if (maxid > U16_MAX)
97 return -ERANGE;
98
99 if (tb[NFTA_QUEUE_FLAGS]) {
100 priv->flags = ntohs(nla_get_be16(tb[NFTA_QUEUE_FLAGS]));
101 if (priv->flags & ~NFT_QUEUE_FLAG_MASK)
102 return -EINVAL;
103 }
104 return 0;
105 }
106
107 static int nft_queue_sreg_init(const struct nft_ctx *ctx,
108 const struct nft_expr *expr,
109 const struct nlattr * const tb[])
110 {
111 struct nft_queue *priv = nft_expr_priv(expr);
112 int err;
113
114 priv->sreg_qnum = nft_parse_register(tb[NFTA_QUEUE_SREG_QNUM]);
115 err = nft_validate_register_load(priv->sreg_qnum, sizeof(u32));
116 if (err < 0)
117 return err;
118
119 if (tb[NFTA_QUEUE_FLAGS]) {
120 priv->flags = ntohs(nla_get_be16(tb[NFTA_QUEUE_FLAGS]));
121 if (priv->flags & ~NFT_QUEUE_FLAG_MASK)
122 return -EINVAL;
123 if (priv->flags & NFT_QUEUE_FLAG_CPU_FANOUT)
124 return -EOPNOTSUPP;
125 }
126
127 return 0;
128 }
129
130 static int nft_queue_dump(struct sk_buff *skb, const struct nft_expr *expr)
131 {
132 const struct nft_queue *priv = nft_expr_priv(expr);
133
134 if (nla_put_be16(skb, NFTA_QUEUE_NUM, htons(priv->queuenum)) ||
135 nla_put_be16(skb, NFTA_QUEUE_TOTAL, htons(priv->queues_total)) ||
136 nla_put_be16(skb, NFTA_QUEUE_FLAGS, htons(priv->flags)))
137 goto nla_put_failure;
138
139 return 0;
140
141 nla_put_failure:
142 return -1;
143 }
144
145 static int
146 nft_queue_sreg_dump(struct sk_buff *skb, const struct nft_expr *expr)
147 {
148 const struct nft_queue *priv = nft_expr_priv(expr);
149
150 if (nft_dump_register(skb, NFTA_QUEUE_SREG_QNUM, priv->sreg_qnum) ||
151 nla_put_be16(skb, NFTA_QUEUE_FLAGS, htons(priv->flags)))
152 goto nla_put_failure;
153
154 return 0;
155
156 nla_put_failure:
157 return -1;
158 }
159
160 static struct nft_expr_type nft_queue_type;
161 static const struct nft_expr_ops nft_queue_ops = {
162 .type = &nft_queue_type,
163 .size = NFT_EXPR_SIZE(sizeof(struct nft_queue)),
164 .eval = nft_queue_eval,
165 .init = nft_queue_init,
166 .dump = nft_queue_dump,
167 };
168
169 static const struct nft_expr_ops nft_queue_sreg_ops = {
170 .type = &nft_queue_type,
171 .size = NFT_EXPR_SIZE(sizeof(struct nft_queue)),
172 .eval = nft_queue_sreg_eval,
173 .init = nft_queue_sreg_init,
174 .dump = nft_queue_sreg_dump,
175 };
176
177 static const struct nft_expr_ops *
178 nft_queue_select_ops(const struct nft_ctx *ctx,
179 const struct nlattr * const tb[])
180 {
181 if (tb[NFTA_QUEUE_NUM] && tb[NFTA_QUEUE_SREG_QNUM])
182 return ERR_PTR(-EINVAL);
183
184 init_hashrandom(&jhash_initval);
185
186 if (tb[NFTA_QUEUE_NUM])
187 return &nft_queue_ops;
188
189 if (tb[NFTA_QUEUE_SREG_QNUM])
190 return &nft_queue_sreg_ops;
191
192 return ERR_PTR(-EINVAL);
193 }
194
195 static struct nft_expr_type nft_queue_type __read_mostly = {
196 .name = "queue",
197 .select_ops = nft_queue_select_ops,
198 .policy = nft_queue_policy,
199 .maxattr = NFTA_QUEUE_MAX,
200 .owner = THIS_MODULE,
201 };
202
203 static int __init nft_queue_module_init(void)
204 {
205 return nft_register_expr(&nft_queue_type);
206 }
207
208 static void __exit nft_queue_module_exit(void)
209 {
210 nft_unregister_expr(&nft_queue_type);
211 }
212
213 module_init(nft_queue_module_init);
214 module_exit(nft_queue_module_exit);
215
216 MODULE_LICENSE("GPL");
217 MODULE_AUTHOR("Eric Leblond <eric@regit.org>");
218 MODULE_ALIAS_NFT_EXPR("queue");
Linux with added FPC-III support