search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.19.168
[linux/fpc-iii.git] / net / sched / cls_flower.c
blob208436eb107c440d811ce1bbc2e0c57fd1885bfc
1 /*
2 * net/sched/cls_flower.c Flower classifier
3 *
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
17
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
20 #include <linux/ip.h>
21 #include <linux/mpls.h>
22
23 #include <net/sch_generic.h>
24 #include <net/pkt_cls.h>
25 #include <net/ip.h>
26 #include <net/flow_dissector.h>
27 #include <net/geneve.h>
28
29 #include <net/dst.h>
30 #include <net/dst_metadata.h>
31
32 struct fl_flow_key {
33 int indev_ifindex;
34 struct flow_dissector_key_control control;
35 struct flow_dissector_key_control enc_control;
36 struct flow_dissector_key_basic basic;
37 struct flow_dissector_key_eth_addrs eth;
38 struct flow_dissector_key_vlan vlan;
39 struct flow_dissector_key_vlan cvlan;
40 union {
41 struct flow_dissector_key_ipv4_addrs ipv4;
42 struct flow_dissector_key_ipv6_addrs ipv6;
43 };
44 struct flow_dissector_key_ports tp;
45 struct flow_dissector_key_icmp icmp;
46 struct flow_dissector_key_arp arp;
47 struct flow_dissector_key_keyid enc_key_id;
48 union {
49 struct flow_dissector_key_ipv4_addrs enc_ipv4;
50 struct flow_dissector_key_ipv6_addrs enc_ipv6;
51 };
52 struct flow_dissector_key_ports enc_tp;
53 struct flow_dissector_key_mpls mpls;
54 struct flow_dissector_key_tcp tcp;
55 struct flow_dissector_key_ip ip;
56 struct flow_dissector_key_ip enc_ip;
57 struct flow_dissector_key_enc_opts enc_opts;
58 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
59
60 struct fl_flow_mask_range {
61 unsigned short int start;
62 unsigned short int end;
63 };
64
65 struct fl_flow_mask {
66 struct fl_flow_key key;
67 struct fl_flow_mask_range range;
68 struct rhash_head ht_node;
69 struct rhashtable ht;
70 struct rhashtable_params filter_ht_params;
71 struct flow_dissector dissector;
72 struct list_head filters;
73 struct rcu_work rwork;
74 struct list_head list;
75 };
76
77 struct fl_flow_tmplt {
78 struct fl_flow_key dummy_key;
79 struct fl_flow_key mask;
80 struct flow_dissector dissector;
81 struct tcf_chain *chain;
82 };
83
84 struct cls_fl_head {
85 struct rhashtable ht;
86 struct list_head masks;
87 struct rcu_work rwork;
88 struct idr handle_idr;
89 };
90
91 struct cls_fl_filter {
92 struct fl_flow_mask *mask;
93 struct rhash_head ht_node;
94 struct fl_flow_key mkey;
95 struct tcf_exts exts;
96 struct tcf_result res;
97 struct fl_flow_key key;
98 struct list_head list;
99 u32 handle;
100 u32 flags;
101 unsigned int in_hw_count;
102 struct rcu_work rwork;
103 struct net_device *hw_dev;
104 };
105
106 static const struct rhashtable_params mask_ht_params = {
107 .key_offset = offsetof(struct fl_flow_mask, key),
108 .key_len = sizeof(struct fl_flow_key),
109 .head_offset = offsetof(struct fl_flow_mask, ht_node),
110 .automatic_shrinking = true,
111 };
112
113 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
114 {
115 return mask->range.end - mask->range.start;
116 }
117
118 static void fl_mask_update_range(struct fl_flow_mask *mask)
119 {
120 const u8 *bytes = (const u8 *) &mask->key;
121 size_t size = sizeof(mask->key);
122 size_t i, first = 0, last;
123
124 for (i = 0; i < size; i++) {
125 if (bytes[i]) {
126 first = i;
127 break;
128 }
129 }
130 last = first;
131 for (i = size - 1; i != first; i--) {
132 if (bytes[i]) {
133 last = i;
134 break;
135 }
136 }
137 mask->range.start = rounddown(first, sizeof(long));
138 mask->range.end = roundup(last + 1, sizeof(long));
139 }
140
141 static void *fl_key_get_start(struct fl_flow_key *key,
142 const struct fl_flow_mask *mask)
143 {
144 return (u8 *) key + mask->range.start;
145 }
146
147 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
148 struct fl_flow_mask *mask)
149 {
150 const long *lkey = fl_key_get_start(key, mask);
151 const long *lmask = fl_key_get_start(&mask->key, mask);
152 long *lmkey = fl_key_get_start(mkey, mask);
153 int i;
154
155 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
156 *lmkey++ = *lkey++ & *lmask++;
157 }
158
159 static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
160 struct fl_flow_mask *mask)
161 {
162 const long *lmask = fl_key_get_start(&mask->key, mask);
163 const long *ltmplt;
164 int i;
165
166 if (!tmplt)
167 return true;
168 ltmplt = fl_key_get_start(&tmplt->mask, mask);
169 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
170 if (~*ltmplt++ & *lmask++)
171 return false;
172 }
173 return true;
174 }
175
176 static void fl_clear_masked_range(struct fl_flow_key *key,
177 struct fl_flow_mask *mask)
178 {
179 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
180 }
181
182 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
183 struct fl_flow_key *mkey)
184 {
185 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
186 mask->filter_ht_params);
187 }
188
189 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
190 struct tcf_result *res)
191 {
192 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
193 struct cls_fl_filter *f;
194 struct fl_flow_mask *mask;
195 struct fl_flow_key skb_key;
196 struct fl_flow_key skb_mkey;
197
198 list_for_each_entry_rcu(mask, &head->masks, list) {
199 flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
200 fl_clear_masked_range(&skb_key, mask);
201
202 skb_key.indev_ifindex = skb->skb_iif;
203 /* skb_flow_dissect() does not set n_proto in case an unknown
204 * protocol, so do it rather here.
205 */
206 skb_key.basic.n_proto = skb_protocol(skb, false);
207 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
208 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
209
210 fl_set_masked_key(&skb_mkey, &skb_key, mask);
211
212 f = fl_lookup(mask, &skb_mkey);
213 if (f && !tc_skip_sw(f->flags)) {
214 *res = f->res;
215 return tcf_exts_exec(skb, &f->exts, res);
216 }
217 }
218 return -1;
219 }
220
221 static int fl_init(struct tcf_proto *tp)
222 {
223 struct cls_fl_head *head;
224
225 head = kzalloc(sizeof(*head), GFP_KERNEL);
226 if (!head)
227 return -ENOBUFS;
228
229 INIT_LIST_HEAD_RCU(&head->masks);
230 rcu_assign_pointer(tp->root, head);
231 idr_init(&head->handle_idr);
232
233 return rhashtable_init(&head->ht, &mask_ht_params);
234 }
235
236 static void fl_mask_free(struct fl_flow_mask *mask)
237 {
238 rhashtable_destroy(&mask->ht);
239 kfree(mask);
240 }
241
242 static void fl_mask_free_work(struct work_struct *work)
243 {
244 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
245 struct fl_flow_mask, rwork);
246
247 fl_mask_free(mask);
248 }
249
250 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask,
251 bool async)
252 {
253 if (!list_empty(&mask->filters))
254 return false;
255
256 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
257 list_del_rcu(&mask->list);
258 if (async)
259 tcf_queue_work(&mask->rwork, fl_mask_free_work);
260 else
261 fl_mask_free(mask);
262
263 return true;
264 }
265
266 static void __fl_destroy_filter(struct cls_fl_filter *f)
267 {
268 tcf_exts_destroy(&f->exts);
269 tcf_exts_put_net(&f->exts);
270 kfree(f);
271 }
272
273 static void fl_destroy_filter_work(struct work_struct *work)
274 {
275 struct cls_fl_filter *f = container_of(to_rcu_work(work),
276 struct cls_fl_filter, rwork);
277
278 rtnl_lock();
279 __fl_destroy_filter(f);
280 rtnl_unlock();
281 }
282
283 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
284 struct netlink_ext_ack *extack)
285 {
286 struct tc_cls_flower_offload cls_flower = {};
287 struct tcf_block *block = tp->chain->block;
288
289 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
290 cls_flower.command = TC_CLSFLOWER_DESTROY;
291 cls_flower.cookie = (unsigned long) f;
292
293 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
294 &cls_flower, false);
295 tcf_block_offload_dec(block, &f->flags);
296 }
297
298 static int fl_hw_replace_filter(struct tcf_proto *tp,
299 struct cls_fl_filter *f,
300 struct netlink_ext_ack *extack)
301 {
302 struct tc_cls_flower_offload cls_flower = {};
303 struct tcf_block *block = tp->chain->block;
304 bool skip_sw = tc_skip_sw(f->flags);
305 int err;
306
307 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
308 cls_flower.command = TC_CLSFLOWER_REPLACE;
309 cls_flower.cookie = (unsigned long) f;
310 cls_flower.dissector = &f->mask->dissector;
311 cls_flower.mask = &f->mask->key;
312 cls_flower.key = &f->mkey;
313 cls_flower.exts = &f->exts;
314 cls_flower.classid = f->res.classid;
315
316 err = tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
317 &cls_flower, skip_sw);
318 if (err < 0) {
319 fl_hw_destroy_filter(tp, f, NULL);
320 return err;
321 } else if (err > 0) {
322 f->in_hw_count = err;
323 tcf_block_offload_inc(block, &f->flags);
324 }
325
326 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
327 return -EINVAL;
328
329 return 0;
330 }
331
332 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
333 {
334 struct tc_cls_flower_offload cls_flower = {};
335 struct tcf_block *block = tp->chain->block;
336
337 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
338 cls_flower.command = TC_CLSFLOWER_STATS;
339 cls_flower.cookie = (unsigned long) f;
340 cls_flower.exts = &f->exts;
341 cls_flower.classid = f->res.classid;
342
343 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER,
344 &cls_flower, false);
345 }
346
347 static bool __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
348 struct netlink_ext_ack *extack)
349 {
350 struct cls_fl_head *head = rtnl_dereference(tp->root);
351 bool async = tcf_exts_get_net(&f->exts);
352 bool last;
353
354 idr_remove(&head->handle_idr, f->handle);
355 list_del_rcu(&f->list);
356 last = fl_mask_put(head, f->mask, async);
357 if (!tc_skip_hw(f->flags))
358 fl_hw_destroy_filter(tp, f, extack);
359 tcf_unbind_filter(tp, &f->res);
360 if (async)
361 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
362 else
363 __fl_destroy_filter(f);
364
365 return last;
366 }
367
368 static void fl_destroy_sleepable(struct work_struct *work)
369 {
370 struct cls_fl_head *head = container_of(to_rcu_work(work),
371 struct cls_fl_head,
372 rwork);
373
374 rhashtable_destroy(&head->ht);
375 kfree(head);
376 module_put(THIS_MODULE);
377 }
378
379 static void fl_destroy(struct tcf_proto *tp, struct netlink_ext_ack *extack)
380 {
381 struct cls_fl_head *head = rtnl_dereference(tp->root);
382 struct fl_flow_mask *mask, *next_mask;
383 struct cls_fl_filter *f, *next;
384
385 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
386 list_for_each_entry_safe(f, next, &mask->filters, list) {
387 if (__fl_delete(tp, f, extack))
388 break;
389 }
390 }
391 idr_destroy(&head->handle_idr);
392
393 __module_get(THIS_MODULE);
394 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
395 }
396
397 static void *fl_get(struct tcf_proto *tp, u32 handle)
398 {
399 struct cls_fl_head *head = rtnl_dereference(tp->root);
400
401 return idr_find(&head->handle_idr, handle);
402 }
403
404 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
405 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
406 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
407 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
408 .len = IFNAMSIZ },
409 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
410 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
411 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
412 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
413 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
414 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
415 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
416 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
417 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
418 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
419 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
420 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
421 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
422 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
423 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
424 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
425 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
426 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
427 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
428 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
429 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
430 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
431 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
432 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
433 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
434 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
435 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
436 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
437 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
438 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
439 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
440 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
441 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
442 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
443 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
444 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
445 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
446 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
447 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
448 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
449 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
450 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
451 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
452 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
453 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
454 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
455 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
456 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
457 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
458 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
459 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
460 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
461 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
462 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
463 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
464 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
465 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
466 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
467 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
468 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
469 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
470 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
471 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
472 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
473 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
474 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
475 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
476 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
477 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
478 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
479 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
480 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
481 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
482 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
483 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
484 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
485 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
486 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
487 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
488 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
489 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
490 [TCA_FLOWER_FLAGS] = { .type = NLA_U32 },
491 };
492
493 static const struct nla_policy
494 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
495 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
496 };
497
498 static const struct nla_policy
499 geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
500 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
501 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
502 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
503 .len = 128 },
504 };
505
506 static void fl_set_key_val(struct nlattr **tb,
507 void *val, int val_type,
508 void *mask, int mask_type, int len)
509 {
510 if (!tb[val_type])
511 return;
512 memcpy(val, nla_data(tb[val_type]), len);
513 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
514 memset(mask, 0xff, len);
515 else
516 memcpy(mask, nla_data(tb[mask_type]), len);
517 }
518
519 static int fl_set_key_mpls(struct nlattr **tb,
520 struct flow_dissector_key_mpls *key_val,
521 struct flow_dissector_key_mpls *key_mask)
522 {
523 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
524 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
525 key_mask->mpls_ttl = MPLS_TTL_MASK;
526 }
527 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
528 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
529
530 if (bos & ~MPLS_BOS_MASK)
531 return -EINVAL;
532 key_val->mpls_bos = bos;
533 key_mask->mpls_bos = MPLS_BOS_MASK;
534 }
535 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
536 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
537
538 if (tc & ~MPLS_TC_MASK)
539 return -EINVAL;
540 key_val->mpls_tc = tc;
541 key_mask->mpls_tc = MPLS_TC_MASK;
542 }
543 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
544 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
545
546 if (label & ~MPLS_LABEL_MASK)
547 return -EINVAL;
548 key_val->mpls_label = label;
549 key_mask->mpls_label = MPLS_LABEL_MASK;
550 }
551 return 0;
552 }
553
554 static void fl_set_key_vlan(struct nlattr **tb,
555 __be16 ethertype,
556 int vlan_id_key, int vlan_prio_key,
557 struct flow_dissector_key_vlan *key_val,
558 struct flow_dissector_key_vlan *key_mask)
559 {
560 #define VLAN_PRIORITY_MASK 0x7
561
562 if (tb[vlan_id_key]) {
563 key_val->vlan_id =
564 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
565 key_mask->vlan_id = VLAN_VID_MASK;
566 }
567 if (tb[vlan_prio_key]) {
568 key_val->vlan_priority =
569 nla_get_u8(tb[vlan_prio_key]) &
570 VLAN_PRIORITY_MASK;
571 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
572 }
573 key_val->vlan_tpid = ethertype;
574 key_mask->vlan_tpid = cpu_to_be16(~0);
575 }
576
577 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
578 u32 *dissector_key, u32 *dissector_mask,
579 u32 flower_flag_bit, u32 dissector_flag_bit)
580 {
581 if (flower_mask & flower_flag_bit) {
582 *dissector_mask |= dissector_flag_bit;
583 if (flower_key & flower_flag_bit)
584 *dissector_key |= dissector_flag_bit;
585 }
586 }
587
588 static int fl_set_key_flags(struct nlattr **tb,
589 u32 *flags_key, u32 *flags_mask)
590 {
591 u32 key, mask;
592
593 /* mask is mandatory for flags */
594 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
595 return -EINVAL;
596
597 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
598 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
599
600 *flags_key = 0;
601 *flags_mask = 0;
602
603 fl_set_key_flag(key, mask, flags_key, flags_mask,
604 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
605 fl_set_key_flag(key, mask, flags_key, flags_mask,
606 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
607 FLOW_DIS_FIRST_FRAG);
608
609 return 0;
610 }
611
612 static void fl_set_key_ip(struct nlattr **tb, bool encap,
613 struct flow_dissector_key_ip *key,
614 struct flow_dissector_key_ip *mask)
615 {
616 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
617 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
618 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
619 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
620
621 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
622 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
623 }
624
625 static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
626 int depth, int option_len,
627 struct netlink_ext_ack *extack)
628 {
629 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
630 struct nlattr *class = NULL, *type = NULL, *data = NULL;
631 struct geneve_opt *opt;
632 int err, data_len = 0;
633
634 if (option_len > sizeof(struct geneve_opt))
635 data_len = option_len - sizeof(struct geneve_opt);
636
637 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
638 memset(opt, 0xff, option_len);
639 opt->length = data_len / 4;
640 opt->r1 = 0;
641 opt->r2 = 0;
642 opt->r3 = 0;
643
644 /* If no mask has been prodived we assume an exact match. */
645 if (!depth)
646 return sizeof(struct geneve_opt) + data_len;
647
648 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
649 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
650 return -EINVAL;
651 }
652
653 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
654 nla, geneve_opt_policy, extack);
655 if (err < 0)
656 return err;
657
658 /* We are not allowed to omit any of CLASS, TYPE or DATA
659 * fields from the key.
660 */
661 if (!option_len &&
662 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
663 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
664 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
665 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
666 return -EINVAL;
667 }
668
669 /* Omitting any of CLASS, TYPE or DATA fields is allowed
670 * for the mask.
671 */
672 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
673 int new_len = key->enc_opts.len;
674
675 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
676 data_len = nla_len(data);
677 if (data_len < 4) {
678 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
679 return -ERANGE;
680 }
681 if (data_len % 4) {
682 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
683 return -ERANGE;
684 }
685
686 new_len += sizeof(struct geneve_opt) + data_len;
687 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
688 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
689 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
690 return -ERANGE;
691 }
692 opt->length = data_len / 4;
693 memcpy(opt->opt_data, nla_data(data), data_len);
694 }
695
696 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
697 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
698 opt->opt_class = nla_get_be16(class);
699 }
700
701 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
702 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
703 opt->type = nla_get_u8(type);
704 }
705
706 return sizeof(struct geneve_opt) + data_len;
707 }
708
709 static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
710 struct fl_flow_key *mask,
711 struct netlink_ext_ack *extack)
712 {
713 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
714 int err, option_len, key_depth, msk_depth = 0;
715
716 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS],
717 TCA_FLOWER_KEY_ENC_OPTS_MAX,
718 enc_opts_policy, extack);
719 if (err)
720 return err;
721
722 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
723
724 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
725 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
726 TCA_FLOWER_KEY_ENC_OPTS_MAX,
727 enc_opts_policy, extack);
728 if (err)
729 return err;
730
731 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
732 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
733 }
734
735 nla_for_each_attr(nla_opt_key, nla_enc_key,
736 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
737 switch (nla_type(nla_opt_key)) {
738 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
739 option_len = 0;
740 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
741 option_len = fl_set_geneve_opt(nla_opt_key, key,
742 key_depth, option_len,
743 extack);
744 if (option_len < 0)
745 return option_len;
746
747 key->enc_opts.len += option_len;
748 /* At the same time we need to parse through the mask
749 * in order to verify exact and mask attribute lengths.
750 */
751 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
752 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
753 msk_depth, option_len,
754 extack);
755 if (option_len < 0)
756 return option_len;
757
758 mask->enc_opts.len += option_len;
759 if (key->enc_opts.len != mask->enc_opts.len) {
760 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
761 return -EINVAL;
762 }
763
764 if (msk_depth)
765 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
766 break;
767 default:
768 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
769 return -EINVAL;
770 }
771 }
772
773 return 0;
774 }
775
776 static int fl_set_key(struct net *net, struct nlattr **tb,
777 struct fl_flow_key *key, struct fl_flow_key *mask,
778 struct netlink_ext_ack *extack)
779 {
780 __be16 ethertype;
781 int ret = 0;
782 #ifdef CONFIG_NET_CLS_IND
783 if (tb[TCA_FLOWER_INDEV]) {
784 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
785 if (err < 0)
786 return err;
787 key->indev_ifindex = err;
788 mask->indev_ifindex = 0xffffffff;
789 }
790 #endif
791
792 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
793 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
794 sizeof(key->eth.dst));
795 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
796 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
797 sizeof(key->eth.src));
798
799 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
800 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
801
802 if (eth_type_vlan(ethertype)) {
803 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
804 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
805 &mask->vlan);
806
807 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
808 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
809 if (eth_type_vlan(ethertype)) {
810 fl_set_key_vlan(tb, ethertype,
811 TCA_FLOWER_KEY_CVLAN_ID,
812 TCA_FLOWER_KEY_CVLAN_PRIO,
813 &key->cvlan, &mask->cvlan);
814 fl_set_key_val(tb, &key->basic.n_proto,
815 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
816 &mask->basic.n_proto,
817 TCA_FLOWER_UNSPEC,
818 sizeof(key->basic.n_proto));
819 } else {
820 key->basic.n_proto = ethertype;
821 mask->basic.n_proto = cpu_to_be16(~0);
822 }
823 }
824 } else {
825 key->basic.n_proto = ethertype;
826 mask->basic.n_proto = cpu_to_be16(~0);
827 }
828 }
829
830 if (key->basic.n_proto == htons(ETH_P_IP) ||
831 key->basic.n_proto == htons(ETH_P_IPV6)) {
832 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
833 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
834 sizeof(key->basic.ip_proto));
835 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
836 }
837
838 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
839 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
840 mask->control.addr_type = ~0;
841 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
842 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
843 sizeof(key->ipv4.src));
844 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
845 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
846 sizeof(key->ipv4.dst));
847 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
848 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
849 mask->control.addr_type = ~0;
850 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
851 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
852 sizeof(key->ipv6.src));
853 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
854 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
855 sizeof(key->ipv6.dst));
856 }
857
858 if (key->basic.ip_proto == IPPROTO_TCP) {
859 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
860 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
861 sizeof(key->tp.src));
862 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
863 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
864 sizeof(key->tp.dst));
865 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
866 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
867 sizeof(key->tcp.flags));
868 } else if (key->basic.ip_proto == IPPROTO_UDP) {
869 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
870 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
871 sizeof(key->tp.src));
872 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
873 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
874 sizeof(key->tp.dst));
875 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
876 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
877 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
878 sizeof(key->tp.src));
879 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
880 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
881 sizeof(key->tp.dst));
882 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
883 key->basic.ip_proto == IPPROTO_ICMP) {
884 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
885 &mask->icmp.type,
886 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
887 sizeof(key->icmp.type));
888 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
889 &mask->icmp.code,
890 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
891 sizeof(key->icmp.code));
892 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
893 key->basic.ip_proto == IPPROTO_ICMPV6) {
894 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
895 &mask->icmp.type,
896 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
897 sizeof(key->icmp.type));
898 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
899 &mask->icmp.code,
900 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
901 sizeof(key->icmp.code));
902 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
903 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
904 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
905 if (ret)
906 return ret;
907 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
908 key->basic.n_proto == htons(ETH_P_RARP)) {
909 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
910 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
911 sizeof(key->arp.sip));
912 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
913 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
914 sizeof(key->arp.tip));
915 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
916 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
917 sizeof(key->arp.op));
918 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
919 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
920 sizeof(key->arp.sha));
921 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
922 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
923 sizeof(key->arp.tha));
924 }
925
926 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
927 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
928 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
929 mask->enc_control.addr_type = ~0;
930 fl_set_key_val(tb, &key->enc_ipv4.src,
931 TCA_FLOWER_KEY_ENC_IPV4_SRC,
932 &mask->enc_ipv4.src,
933 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
934 sizeof(key->enc_ipv4.src));
935 fl_set_key_val(tb, &key->enc_ipv4.dst,
936 TCA_FLOWER_KEY_ENC_IPV4_DST,
937 &mask->enc_ipv4.dst,
938 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
939 sizeof(key->enc_ipv4.dst));
940 }
941
942 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
943 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
944 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
945 mask->enc_control.addr_type = ~0;
946 fl_set_key_val(tb, &key->enc_ipv6.src,
947 TCA_FLOWER_KEY_ENC_IPV6_SRC,
948 &mask->enc_ipv6.src,
949 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
950 sizeof(key->enc_ipv6.src));
951 fl_set_key_val(tb, &key->enc_ipv6.dst,
952 TCA_FLOWER_KEY_ENC_IPV6_DST,
953 &mask->enc_ipv6.dst,
954 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
955 sizeof(key->enc_ipv6.dst));
956 }
957
958 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
959 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
960 sizeof(key->enc_key_id.keyid));
961
962 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
963 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
964 sizeof(key->enc_tp.src));
965
966 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
967 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
968 sizeof(key->enc_tp.dst));
969
970 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
971
972 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
973 ret = fl_set_enc_opt(tb, key, mask, extack);
974 if (ret)
975 return ret;
976 }
977
978 if (tb[TCA_FLOWER_KEY_FLAGS])
979 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
980
981 return ret;
982 }
983
984 static void fl_mask_copy(struct fl_flow_mask *dst,
985 struct fl_flow_mask *src)
986 {
987 const void *psrc = fl_key_get_start(&src->key, src);
988 void *pdst = fl_key_get_start(&dst->key, src);
989
990 memcpy(pdst, psrc, fl_mask_range(src));
991 dst->range = src->range;
992 }
993
994 static const struct rhashtable_params fl_ht_params = {
995 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
996 .head_offset = offsetof(struct cls_fl_filter, ht_node),
997 .automatic_shrinking = true,
998 };
999
1000 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1001 {
1002 mask->filter_ht_params = fl_ht_params;
1003 mask->filter_ht_params.key_len = fl_mask_range(mask);
1004 mask->filter_ht_params.key_offset += mask->range.start;
1005
1006 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1007 }
1008
1009 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1010 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
1011
1012 #define FL_KEY_IS_MASKED(mask, member) \
1013 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1014 0, FL_KEY_MEMBER_SIZE(member)) \
1015
1016 #define FL_KEY_SET(keys, cnt, id, member) \
1017 do { \
1018 keys[cnt].key_id = id; \
1019 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1020 cnt++; \
1021 } while(0);
1022
1023 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1024 do { \
1025 if (FL_KEY_IS_MASKED(mask, member)) \
1026 FL_KEY_SET(keys, cnt, id, member); \
1027 } while(0);
1028
1029 static void fl_init_dissector(struct flow_dissector *dissector,
1030 struct fl_flow_key *mask)
1031 {
1032 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1033 size_t cnt = 0;
1034
1035 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1036 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1037 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1038 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1039 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1040 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1041 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1042 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1043 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1044 FLOW_DISSECTOR_KEY_PORTS, tp);
1045 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1046 FLOW_DISSECTOR_KEY_IP, ip);
1047 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1048 FLOW_DISSECTOR_KEY_TCP, tcp);
1049 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1050 FLOW_DISSECTOR_KEY_ICMP, icmp);
1051 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1052 FLOW_DISSECTOR_KEY_ARP, arp);
1053 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1054 FLOW_DISSECTOR_KEY_MPLS, mpls);
1055 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1056 FLOW_DISSECTOR_KEY_VLAN, vlan);
1057 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1058 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1059 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1060 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1061 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1062 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1063 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1064 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1065 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1066 FL_KEY_IS_MASKED(mask, enc_ipv6))
1067 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1068 enc_control);
1069 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1070 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1071 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1072 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1073 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1074 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1075
1076 skb_flow_dissector_init(dissector, keys, cnt);
1077 }
1078
1079 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1080 struct fl_flow_mask *mask)
1081 {
1082 struct fl_flow_mask *newmask;
1083 int err;
1084
1085 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1086 if (!newmask)
1087 return ERR_PTR(-ENOMEM);
1088
1089 fl_mask_copy(newmask, mask);
1090
1091 err = fl_init_mask_hashtable(newmask);
1092 if (err)
1093 goto errout_free;
1094
1095 fl_init_dissector(&newmask->dissector, &newmask->key);
1096
1097 INIT_LIST_HEAD_RCU(&newmask->filters);
1098
1099 err = rhashtable_insert_fast(&head->ht, &newmask->ht_node,
1100 mask_ht_params);
1101 if (err)
1102 goto errout_destroy;
1103
1104 list_add_tail_rcu(&newmask->list, &head->masks);
1105
1106 return newmask;
1107
1108 errout_destroy:
1109 rhashtable_destroy(&newmask->ht);
1110 errout_free:
1111 kfree(newmask);
1112
1113 return ERR_PTR(err);
1114 }
1115
1116 static int fl_check_assign_mask(struct cls_fl_head *head,
1117 struct cls_fl_filter *fnew,
1118 struct cls_fl_filter *fold,
1119 struct fl_flow_mask *mask)
1120 {
1121 struct fl_flow_mask *newmask;
1122
1123 fnew->mask = rhashtable_lookup_fast(&head->ht, mask, mask_ht_params);
1124 if (!fnew->mask) {
1125 if (fold)
1126 return -EINVAL;
1127
1128 newmask = fl_create_new_mask(head, mask);
1129 if (IS_ERR(newmask))
1130 return PTR_ERR(newmask);
1131
1132 fnew->mask = newmask;
1133 } else if (fold && fold->mask != fnew->mask) {
1134 return -EINVAL;
1135 }
1136
1137 return 0;
1138 }
1139
1140 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1141 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1142 unsigned long base, struct nlattr **tb,
1143 struct nlattr *est, bool ovr,
1144 struct fl_flow_tmplt *tmplt,
1145 struct netlink_ext_ack *extack)
1146 {
1147 int err;
1148
1149 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, extack);
1150 if (err < 0)
1151 return err;
1152
1153 if (tb[TCA_FLOWER_CLASSID]) {
1154 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1155 tcf_bind_filter(tp, &f->res, base);
1156 }
1157
1158 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1159 if (err)
1160 return err;
1161
1162 fl_mask_update_range(mask);
1163 fl_set_masked_key(&f->mkey, &f->key, mask);
1164
1165 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1166 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1167 return -EINVAL;
1168 }
1169
1170 return 0;
1171 }
1172
1173 static int fl_change(struct net *net, struct sk_buff *in_skb,
1174 struct tcf_proto *tp, unsigned long base,
1175 u32 handle, struct nlattr **tca,
1176 void **arg, bool ovr, struct netlink_ext_ack *extack)
1177 {
1178 struct cls_fl_head *head = rtnl_dereference(tp->root);
1179 struct cls_fl_filter *fold = *arg;
1180 struct cls_fl_filter *fnew;
1181 struct fl_flow_mask *mask;
1182 struct nlattr **tb;
1183 int err;
1184
1185 if (!tca[TCA_OPTIONS])
1186 return -EINVAL;
1187
1188 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
1189 if (!mask)
1190 return -ENOBUFS;
1191
1192 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1193 if (!tb) {
1194 err = -ENOBUFS;
1195 goto errout_mask_alloc;
1196 }
1197
1198 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1199 fl_policy, NULL);
1200 if (err < 0)
1201 goto errout_tb;
1202
1203 if (fold && handle && fold->handle != handle) {
1204 err = -EINVAL;
1205 goto errout_tb;
1206 }
1207
1208 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1209 if (!fnew) {
1210 err = -ENOBUFS;
1211 goto errout_tb;
1212 }
1213
1214 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
1215 if (err < 0)
1216 goto errout;
1217
1218 if (tb[TCA_FLOWER_FLAGS]) {
1219 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1220
1221 if (!tc_flags_valid(fnew->flags)) {
1222 err = -EINVAL;
1223 goto errout;
1224 }
1225 }
1226
1227 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
1228 tp->chain->tmplt_priv, extack);
1229 if (err)
1230 goto errout;
1231
1232 err = fl_check_assign_mask(head, fnew, fold, mask);
1233 if (err)
1234 goto errout;
1235
1236 if (!handle) {
1237 handle = 1;
1238 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1239 INT_MAX, GFP_KERNEL);
1240 } else if (!fold) {
1241 /* user specifies a handle and it doesn't exist */
1242 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1243 handle, GFP_KERNEL);
1244 }
1245 if (err)
1246 goto errout_mask;
1247 fnew->handle = handle;
1248
1249 if (!tc_skip_sw(fnew->flags)) {
1250 if (!fold && fl_lookup(fnew->mask, &fnew->mkey)) {
1251 err = -EEXIST;
1252 goto errout_idr;
1253 }
1254
1255 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
1256 fnew->mask->filter_ht_params);
1257 if (err)
1258 goto errout_idr;
1259 }
1260
1261 if (!tc_skip_hw(fnew->flags)) {
1262 err = fl_hw_replace_filter(tp, fnew, extack);
1263 if (err)
1264 goto errout_mask;
1265 }
1266
1267 if (!tc_in_hw(fnew->flags))
1268 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1269
1270 if (fold) {
1271 if (!tc_skip_sw(fold->flags))
1272 rhashtable_remove_fast(&fold->mask->ht,
1273 &fold->ht_node,
1274 fold->mask->filter_ht_params);
1275 if (!tc_skip_hw(fold->flags))
1276 fl_hw_destroy_filter(tp, fold, NULL);
1277 }
1278
1279 *arg = fnew;
1280
1281 if (fold) {
1282 idr_replace(&head->handle_idr, fnew, fnew->handle);
1283 list_replace_rcu(&fold->list, &fnew->list);
1284 tcf_unbind_filter(tp, &fold->res);
1285 tcf_exts_get_net(&fold->exts);
1286 tcf_queue_work(&fold->rwork, fl_destroy_filter_work);
1287 } else {
1288 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1289 }
1290
1291 kfree(tb);
1292 kfree(mask);
1293 return 0;
1294
1295 errout_idr:
1296 if (!fold)
1297 idr_remove(&head->handle_idr, fnew->handle);
1298
1299 errout_mask:
1300 fl_mask_put(head, fnew->mask, false);
1301
1302 errout:
1303 tcf_exts_destroy(&fnew->exts);
1304 kfree(fnew);
1305 errout_tb:
1306 kfree(tb);
1307 errout_mask_alloc:
1308 kfree(mask);
1309 return err;
1310 }
1311
1312 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1313 struct netlink_ext_ack *extack)
1314 {
1315 struct cls_fl_head *head = rtnl_dereference(tp->root);
1316 struct cls_fl_filter *f = arg;
1317
1318 if (!tc_skip_sw(f->flags))
1319 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
1320 f->mask->filter_ht_params);
1321 __fl_delete(tp, f, extack);
1322 *last = list_empty(&head->masks);
1323 return 0;
1324 }
1325
1326 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
1327 {
1328 struct cls_fl_head *head = rtnl_dereference(tp->root);
1329 struct cls_fl_filter *f;
1330
1331 arg->count = arg->skip;
1332
1333 while ((f = idr_get_next_ul(&head->handle_idr,
1334 &arg->cookie)) != NULL) {
1335 if (arg->fn(tp, f, arg) < 0) {
1336 arg->stop = 1;
1337 break;
1338 }
1339 arg->cookie = f->handle + 1;
1340 arg->count++;
1341 }
1342 }
1343
1344 static int fl_reoffload(struct tcf_proto *tp, bool add, tc_setup_cb_t *cb,
1345 void *cb_priv, struct netlink_ext_ack *extack)
1346 {
1347 struct cls_fl_head *head = rtnl_dereference(tp->root);
1348 struct tc_cls_flower_offload cls_flower = {};
1349 struct tcf_block *block = tp->chain->block;
1350 struct fl_flow_mask *mask;
1351 struct cls_fl_filter *f;
1352 int err;
1353
1354 list_for_each_entry(mask, &head->masks, list) {
1355 list_for_each_entry(f, &mask->filters, list) {
1356 if (tc_skip_hw(f->flags))
1357 continue;
1358
1359 tc_cls_common_offload_init(&cls_flower.common, tp,
1360 f->flags, extack);
1361 cls_flower.command = add ?
1362 TC_CLSFLOWER_REPLACE : TC_CLSFLOWER_DESTROY;
1363 cls_flower.cookie = (unsigned long)f;
1364 cls_flower.dissector = &mask->dissector;
1365 cls_flower.mask = &mask->key;
1366 cls_flower.key = &f->mkey;
1367 cls_flower.exts = &f->exts;
1368 cls_flower.classid = f->res.classid;
1369
1370 err = cb(TC_SETUP_CLSFLOWER, &cls_flower, cb_priv);
1371 if (err) {
1372 if (add && tc_skip_sw(f->flags))
1373 return err;
1374 continue;
1375 }
1376
1377 tc_cls_offload_cnt_update(block, &f->in_hw_count,
1378 &f->flags, add);
1379 }
1380 }
1381
1382 return 0;
1383 }
1384
1385 static void fl_hw_create_tmplt(struct tcf_chain *chain,
1386 struct fl_flow_tmplt *tmplt)
1387 {
1388 struct tc_cls_flower_offload cls_flower = {};
1389 struct tcf_block *block = chain->block;
1390 struct tcf_exts dummy_exts = { 0, };
1391
1392 cls_flower.common.chain_index = chain->index;
1393 cls_flower.command = TC_CLSFLOWER_TMPLT_CREATE;
1394 cls_flower.cookie = (unsigned long) tmplt;
1395 cls_flower.dissector = &tmplt->dissector;
1396 cls_flower.mask = &tmplt->mask;
1397 cls_flower.key = &tmplt->dummy_key;
1398 cls_flower.exts = &dummy_exts;
1399
1400 /* We don't care if driver (any of them) fails to handle this
1401 * call. It serves just as a hint for it.
1402 */
1403 tc_setup_cb_call(block, NULL, TC_SETUP_CLSFLOWER,
1404 &cls_flower, false);
1405 }
1406
1407 static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
1408 struct fl_flow_tmplt *tmplt)
1409 {
1410 struct tc_cls_flower_offload cls_flower = {};
1411 struct tcf_block *block = chain->block;
1412
1413 cls_flower.common.chain_index = chain->index;
1414 cls_flower.command = TC_CLSFLOWER_TMPLT_DESTROY;
1415 cls_flower.cookie = (unsigned long) tmplt;
1416
1417 tc_setup_cb_call(block, NULL, TC_SETUP_CLSFLOWER,
1418 &cls_flower, false);
1419 }
1420
1421 static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
1422 struct nlattr **tca,
1423 struct netlink_ext_ack *extack)
1424 {
1425 struct fl_flow_tmplt *tmplt;
1426 struct nlattr **tb;
1427 int err;
1428
1429 if (!tca[TCA_OPTIONS])
1430 return ERR_PTR(-EINVAL);
1431
1432 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1433 if (!tb)
1434 return ERR_PTR(-ENOBUFS);
1435 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1436 fl_policy, NULL);
1437 if (err)
1438 goto errout_tb;
1439
1440 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
1441 if (!tmplt) {
1442 err = -ENOMEM;
1443 goto errout_tb;
1444 }
1445 tmplt->chain = chain;
1446 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
1447 if (err)
1448 goto errout_tmplt;
1449 kfree(tb);
1450
1451 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
1452
1453 fl_hw_create_tmplt(chain, tmplt);
1454
1455 return tmplt;
1456
1457 errout_tmplt:
1458 kfree(tmplt);
1459 errout_tb:
1460 kfree(tb);
1461 return ERR_PTR(err);
1462 }
1463
1464 static void fl_tmplt_destroy(void *tmplt_priv)
1465 {
1466 struct fl_flow_tmplt *tmplt = tmplt_priv;
1467
1468 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
1469 kfree(tmplt);
1470 }
1471
1472 static int fl_dump_key_val(struct sk_buff *skb,
1473 void *val, int val_type,
1474 void *mask, int mask_type, int len)
1475 {
1476 int err;
1477
1478 if (!memchr_inv(mask, 0, len))
1479 return 0;
1480 err = nla_put(skb, val_type, len, val);
1481 if (err)
1482 return err;
1483 if (mask_type != TCA_FLOWER_UNSPEC) {
1484 err = nla_put(skb, mask_type, len, mask);
1485 if (err)
1486 return err;
1487 }
1488 return 0;
1489 }
1490
1491 static int fl_dump_key_mpls(struct sk_buff *skb,
1492 struct flow_dissector_key_mpls *mpls_key,
1493 struct flow_dissector_key_mpls *mpls_mask)
1494 {
1495 int err;
1496
1497 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1498 return 0;
1499 if (mpls_mask->mpls_ttl) {
1500 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1501 mpls_key->mpls_ttl);
1502 if (err)
1503 return err;
1504 }
1505 if (mpls_mask->mpls_tc) {
1506 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1507 mpls_key->mpls_tc);
1508 if (err)
1509 return err;
1510 }
1511 if (mpls_mask->mpls_label) {
1512 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1513 mpls_key->mpls_label);
1514 if (err)
1515 return err;
1516 }
1517 if (mpls_mask->mpls_bos) {
1518 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1519 mpls_key->mpls_bos);
1520 if (err)
1521 return err;
1522 }
1523 return 0;
1524 }
1525
1526 static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
1527 struct flow_dissector_key_ip *key,
1528 struct flow_dissector_key_ip *mask)
1529 {
1530 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
1531 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
1532 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
1533 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
1534
1535 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
1536 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
1537 return -1;
1538
1539 return 0;
1540 }
1541
1542 static int fl_dump_key_vlan(struct sk_buff *skb,
1543 int vlan_id_key, int vlan_prio_key,
1544 struct flow_dissector_key_vlan *vlan_key,
1545 struct flow_dissector_key_vlan *vlan_mask)
1546 {
1547 int err;
1548
1549 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1550 return 0;
1551 if (vlan_mask->vlan_id) {
1552 err = nla_put_u16(skb, vlan_id_key,
1553 vlan_key->vlan_id);
1554 if (err)
1555 return err;
1556 }
1557 if (vlan_mask->vlan_priority) {
1558 err = nla_put_u8(skb, vlan_prio_key,
1559 vlan_key->vlan_priority);
1560 if (err)
1561 return err;
1562 }
1563 return 0;
1564 }
1565
1566 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
1567 u32 *flower_key, u32 *flower_mask,
1568 u32 flower_flag_bit, u32 dissector_flag_bit)
1569 {
1570 if (dissector_mask & dissector_flag_bit) {
1571 *flower_mask |= flower_flag_bit;
1572 if (dissector_key & dissector_flag_bit)
1573 *flower_key |= flower_flag_bit;
1574 }
1575 }
1576
1577 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
1578 {
1579 u32 key, mask;
1580 __be32 _key, _mask;
1581 int err;
1582
1583 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
1584 return 0;
1585
1586 key = 0;
1587 mask = 0;
1588
1589 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1590 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
1591 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1592 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
1593 FLOW_DIS_FIRST_FRAG);
1594
1595 _key = cpu_to_be32(key);
1596 _mask = cpu_to_be32(mask);
1597
1598 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
1599 if (err)
1600 return err;
1601
1602 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
1603 }
1604
1605 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
1606 struct flow_dissector_key_enc_opts *enc_opts)
1607 {
1608 struct geneve_opt *opt;
1609 struct nlattr *nest;
1610 int opt_off = 0;
1611
1612 nest = nla_nest_start(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
1613 if (!nest)
1614 goto nla_put_failure;
1615
1616 while (enc_opts->len > opt_off) {
1617 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
1618
1619 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
1620 opt->opt_class))
1621 goto nla_put_failure;
1622 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
1623 opt->type))
1624 goto nla_put_failure;
1625 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
1626 opt->length * 4, opt->opt_data))
1627 goto nla_put_failure;
1628
1629 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
1630 }
1631 nla_nest_end(skb, nest);
1632 return 0;
1633
1634 nla_put_failure:
1635 nla_nest_cancel(skb, nest);
1636 return -EMSGSIZE;
1637 }
1638
1639 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
1640 struct flow_dissector_key_enc_opts *enc_opts)
1641 {
1642 struct nlattr *nest;
1643 int err;
1644
1645 if (!enc_opts->len)
1646 return 0;
1647
1648 nest = nla_nest_start(skb, enc_opt_type);
1649 if (!nest)
1650 goto nla_put_failure;
1651
1652 switch (enc_opts->dst_opt_type) {
1653 case TUNNEL_GENEVE_OPT:
1654 err = fl_dump_key_geneve_opt(skb, enc_opts);
1655 if (err)
1656 goto nla_put_failure;
1657 break;
1658 default:
1659 goto nla_put_failure;
1660 }
1661 nla_nest_end(skb, nest);
1662 return 0;
1663
1664 nla_put_failure:
1665 nla_nest_cancel(skb, nest);
1666 return -EMSGSIZE;
1667 }
1668
1669 static int fl_dump_key_enc_opt(struct sk_buff *skb,
1670 struct flow_dissector_key_enc_opts *key_opts,
1671 struct flow_dissector_key_enc_opts *msk_opts)
1672 {
1673 int err;
1674
1675 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
1676 if (err)
1677 return err;
1678
1679 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
1680 }
1681
1682 static int fl_dump_key(struct sk_buff *skb, struct net *net,
1683 struct fl_flow_key *key, struct fl_flow_key *mask)
1684 {
1685 if (mask->indev_ifindex) {
1686 struct net_device *dev;
1687
1688 dev = __dev_get_by_index(net, key->indev_ifindex);
1689 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1690 goto nla_put_failure;
1691 }
1692
1693 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1694 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1695 sizeof(key->eth.dst)) ||
1696 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1697 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1698 sizeof(key->eth.src)) ||
1699 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1700 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1701 sizeof(key->basic.n_proto)))
1702 goto nla_put_failure;
1703
1704 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
1705 goto nla_put_failure;
1706
1707 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
1708 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
1709 goto nla_put_failure;
1710
1711 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
1712 TCA_FLOWER_KEY_CVLAN_PRIO,
1713 &key->cvlan, &mask->cvlan) ||
1714 (mask->cvlan.vlan_tpid &&
1715 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1716 key->cvlan.vlan_tpid)))
1717 goto nla_put_failure;
1718
1719 if (mask->basic.n_proto) {
1720 if (mask->cvlan.vlan_tpid) {
1721 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1722 key->basic.n_proto))
1723 goto nla_put_failure;
1724 } else if (mask->vlan.vlan_tpid) {
1725 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1726 key->basic.n_proto))
1727 goto nla_put_failure;
1728 }
1729 }
1730
1731 if ((key->basic.n_proto == htons(ETH_P_IP) ||
1732 key->basic.n_proto == htons(ETH_P_IPV6)) &&
1733 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1734 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1735 sizeof(key->basic.ip_proto)) ||
1736 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
1737 goto nla_put_failure;
1738
1739 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1740 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1741 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1742 sizeof(key->ipv4.src)) ||
1743 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1744 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1745 sizeof(key->ipv4.dst))))
1746 goto nla_put_failure;
1747 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1748 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1749 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1750 sizeof(key->ipv6.src)) ||
1751 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1752 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1753 sizeof(key->ipv6.dst))))
1754 goto nla_put_failure;
1755
1756 if (key->basic.ip_proto == IPPROTO_TCP &&
1757 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1758 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1759 sizeof(key->tp.src)) ||
1760 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1761 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1762 sizeof(key->tp.dst)) ||
1763 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1764 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1765 sizeof(key->tcp.flags))))
1766 goto nla_put_failure;
1767 else if (key->basic.ip_proto == IPPROTO_UDP &&
1768 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1769 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1770 sizeof(key->tp.src)) ||
1771 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1772 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1773 sizeof(key->tp.dst))))
1774 goto nla_put_failure;
1775 else if (key->basic.ip_proto == IPPROTO_SCTP &&
1776 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1777 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1778 sizeof(key->tp.src)) ||
1779 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1780 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1781 sizeof(key->tp.dst))))
1782 goto nla_put_failure;
1783 else if (key->basic.n_proto == htons(ETH_P_IP) &&
1784 key->basic.ip_proto == IPPROTO_ICMP &&
1785 (fl_dump_key_val(skb, &key->icmp.type,
1786 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
1787 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1788 sizeof(key->icmp.type)) ||
1789 fl_dump_key_val(skb, &key->icmp.code,
1790 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
1791 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1792 sizeof(key->icmp.code))))
1793 goto nla_put_failure;
1794 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1795 key->basic.ip_proto == IPPROTO_ICMPV6 &&
1796 (fl_dump_key_val(skb, &key->icmp.type,
1797 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
1798 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1799 sizeof(key->icmp.type)) ||
1800 fl_dump_key_val(skb, &key->icmp.code,
1801 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
1802 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1803 sizeof(key->icmp.code))))
1804 goto nla_put_failure;
1805 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
1806 key->basic.n_proto == htons(ETH_P_RARP)) &&
1807 (fl_dump_key_val(skb, &key->arp.sip,
1808 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
1809 TCA_FLOWER_KEY_ARP_SIP_MASK,
1810 sizeof(key->arp.sip)) ||
1811 fl_dump_key_val(skb, &key->arp.tip,
1812 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
1813 TCA_FLOWER_KEY_ARP_TIP_MASK,
1814 sizeof(key->arp.tip)) ||
1815 fl_dump_key_val(skb, &key->arp.op,
1816 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
1817 TCA_FLOWER_KEY_ARP_OP_MASK,
1818 sizeof(key->arp.op)) ||
1819 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1820 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1821 sizeof(key->arp.sha)) ||
1822 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1823 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1824 sizeof(key->arp.tha))))
1825 goto nla_put_failure;
1826
1827 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1828 (fl_dump_key_val(skb, &key->enc_ipv4.src,
1829 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
1830 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1831 sizeof(key->enc_ipv4.src)) ||
1832 fl_dump_key_val(skb, &key->enc_ipv4.dst,
1833 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
1834 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1835 sizeof(key->enc_ipv4.dst))))
1836 goto nla_put_failure;
1837 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1838 (fl_dump_key_val(skb, &key->enc_ipv6.src,
1839 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
1840 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1841 sizeof(key->enc_ipv6.src)) ||
1842 fl_dump_key_val(skb, &key->enc_ipv6.dst,
1843 TCA_FLOWER_KEY_ENC_IPV6_DST,
1844 &mask->enc_ipv6.dst,
1845 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1846 sizeof(key->enc_ipv6.dst))))
1847 goto nla_put_failure;
1848
1849 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
1850 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
1851 sizeof(key->enc_key_id)) ||
1852 fl_dump_key_val(skb, &key->enc_tp.src,
1853 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1854 &mask->enc_tp.src,
1855 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1856 sizeof(key->enc_tp.src)) ||
1857 fl_dump_key_val(skb, &key->enc_tp.dst,
1858 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1859 &mask->enc_tp.dst,
1860 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1861 sizeof(key->enc_tp.dst)) ||
1862 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
1863 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
1864 goto nla_put_failure;
1865
1866 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
1867 goto nla_put_failure;
1868
1869 return 0;
1870
1871 nla_put_failure:
1872 return -EMSGSIZE;
1873 }
1874
1875 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
1876 struct sk_buff *skb, struct tcmsg *t)
1877 {
1878 struct cls_fl_filter *f = fh;
1879 struct nlattr *nest;
1880 struct fl_flow_key *key, *mask;
1881
1882 if (!f)
1883 return skb->len;
1884
1885 t->tcm_handle = f->handle;
1886
1887 nest = nla_nest_start(skb, TCA_OPTIONS);
1888 if (!nest)
1889 goto nla_put_failure;
1890
1891 if (f->res.classid &&
1892 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
1893 goto nla_put_failure;
1894
1895 key = &f->key;
1896 mask = &f->mask->key;
1897
1898 if (fl_dump_key(skb, net, key, mask))
1899 goto nla_put_failure;
1900
1901 if (!tc_skip_hw(f->flags))
1902 fl_hw_update_stats(tp, f);
1903
1904 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
1905 goto nla_put_failure;
1906
1907 if (tcf_exts_dump(skb, &f->exts))
1908 goto nla_put_failure;
1909
1910 nla_nest_end(skb, nest);
1911
1912 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
1913 goto nla_put_failure;
1914
1915 return skb->len;
1916
1917 nla_put_failure:
1918 nla_nest_cancel(skb, nest);
1919 return -1;
1920 }
1921
1922 static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
1923 {
1924 struct fl_flow_tmplt *tmplt = tmplt_priv;
1925 struct fl_flow_key *key, *mask;
1926 struct nlattr *nest;
1927
1928 nest = nla_nest_start(skb, TCA_OPTIONS);
1929 if (!nest)
1930 goto nla_put_failure;
1931
1932 key = &tmplt->dummy_key;
1933 mask = &tmplt->mask;
1934
1935 if (fl_dump_key(skb, net, key, mask))
1936 goto nla_put_failure;
1937
1938 nla_nest_end(skb, nest);
1939
1940 return skb->len;
1941
1942 nla_put_failure:
1943 nla_nest_cancel(skb, nest);
1944 return -EMSGSIZE;
1945 }
1946
1947 static void fl_bind_class(void *fh, u32 classid, unsigned long cl, void *q,
1948 unsigned long base)
1949 {
1950 struct cls_fl_filter *f = fh;
1951
1952 if (f && f->res.classid == classid) {
1953 if (cl)
1954 __tcf_bind_filter(q, &f->res, base);
1955 else
1956 __tcf_unbind_filter(q, &f->res);
1957 }
1958 }
1959
1960 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
1961 .kind = "flower",
1962 .classify = fl_classify,
1963 .init = fl_init,
1964 .destroy = fl_destroy,
1965 .get = fl_get,
1966 .change = fl_change,
1967 .delete = fl_delete,
1968 .walk = fl_walk,
1969 .reoffload = fl_reoffload,
1970 .dump = fl_dump,
1971 .bind_class = fl_bind_class,
1972 .tmplt_create = fl_tmplt_create,
1973 .tmplt_destroy = fl_tmplt_destroy,
1974 .tmplt_dump = fl_tmplt_dump,
1975 .owner = THIS_MODULE,
1976 };
1977
1978 static int __init cls_fl_init(void)
1979 {
1980 return register_tcf_proto_ops(&cls_fl_ops);
1981 }
1982
1983 static void __exit cls_fl_exit(void)
1984 {
1985 unregister_tcf_proto_ops(&cls_fl_ops);
1986 }
1987
1988 module_init(cls_fl_init);
1989 module_exit(cls_fl_exit);
1990
1991 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
1992 MODULE_DESCRIPTION("Flower classifier");
1993 MODULE_LICENSE("GPL v2");
Linux with added FPC-III support