This source file includes following definitions.
- fl_mask_range
- fl_mask_update_range
- fl_key_get_start
- fl_set_masked_key
- fl_mask_fits_tmplt
- fl_clear_masked_range
- fl_range_port_dst_cmp
- fl_range_port_src_cmp
- __fl_lookup
- fl_lookup_range
- fl_lookup
- fl_classify
- fl_init
- fl_mask_free
- fl_mask_free_work
- fl_uninit_mask_free_work
- fl_mask_put
- fl_head_dereference
- __fl_destroy_filter
- fl_destroy_filter_work
- fl_hw_destroy_filter
- fl_hw_replace_filter
- fl_hw_update_stats
- __fl_put
- __fl_get
- __fl_delete
- fl_destroy_sleepable
- fl_destroy
- fl_put
- fl_get
- fl_set_key_val
- fl_set_key_port_range
- fl_set_key_mpls
- fl_set_key_vlan
- fl_set_key_flag
- fl_set_key_flags
- fl_set_key_ip
- fl_set_geneve_opt
- fl_set_enc_opt
- fl_set_key_ct
- fl_set_key
- fl_mask_copy
- fl_init_mask_hashtable
- fl_init_dissector
- fl_create_new_mask
- fl_check_assign_mask
- fl_set_parms
- fl_ht_insert_unique
- fl_change
- fl_delete
- fl_walk
- fl_get_next_hw_filter
- fl_reoffload
- fl_hw_add
- fl_hw_del
- fl_hw_create_tmplt
- fl_hw_destroy_tmplt
- fl_tmplt_create
- fl_tmplt_destroy
- fl_dump_key_val
- fl_dump_key_port_range
- fl_dump_key_mpls
- fl_dump_key_ip
- fl_dump_key_vlan
- fl_get_key_flag
- fl_dump_key_flags
- fl_dump_key_geneve_opt
- fl_dump_key_ct
- fl_dump_key_options
- fl_dump_key_enc_opt
- fl_dump_key
- fl_dump
- fl_tmplt_dump
- fl_bind_class
- fl_delete_empty
- cls_fl_init
- cls_fl_exit
1
2
3
4
5
6
7
8 #include <linux/kernel.h>
9 #include <linux/init.h>
10 #include <linux/module.h>
11 #include <linux/rhashtable.h>
12 #include <linux/workqueue.h>
13 #include <linux/refcount.h>
14
15 #include <linux/if_ether.h>
16 #include <linux/in6.h>
17 #include <linux/ip.h>
18 #include <linux/mpls.h>
19
20 #include <net/sch_generic.h>
21 #include <net/pkt_cls.h>
22 #include <net/ip.h>
23 #include <net/flow_dissector.h>
24 #include <net/geneve.h>
25
26 #include <net/dst.h>
27 #include <net/dst_metadata.h>
28
29 #include <uapi/linux/netfilter/nf_conntrack_common.h>
30
31 struct fl_flow_key {
32 struct flow_dissector_key_meta meta;
33 struct flow_dissector_key_control control;
34 struct flow_dissector_key_control enc_control;
35 struct flow_dissector_key_basic basic;
36 struct flow_dissector_key_eth_addrs eth;
37 struct flow_dissector_key_vlan vlan;
38 struct flow_dissector_key_vlan cvlan;
39 union {
40 struct flow_dissector_key_ipv4_addrs ipv4;
41 struct flow_dissector_key_ipv6_addrs ipv6;
42 };
43 struct flow_dissector_key_ports tp;
44 struct flow_dissector_key_icmp icmp;
45 struct flow_dissector_key_arp arp;
46 struct flow_dissector_key_keyid enc_key_id;
47 union {
48 struct flow_dissector_key_ipv4_addrs enc_ipv4;
49 struct flow_dissector_key_ipv6_addrs enc_ipv6;
50 };
51 struct flow_dissector_key_ports enc_tp;
52 struct flow_dissector_key_mpls mpls;
53 struct flow_dissector_key_tcp tcp;
54 struct flow_dissector_key_ip ip;
55 struct flow_dissector_key_ip enc_ip;
56 struct flow_dissector_key_enc_opts enc_opts;
57 union {
58 struct flow_dissector_key_ports tp;
59 struct {
60 struct flow_dissector_key_ports tp_min;
61 struct flow_dissector_key_ports tp_max;
62 };
63 } tp_range;
64 struct flow_dissector_key_ct ct;
65 } __aligned(BITS_PER_LONG / 8);
66
67 struct fl_flow_mask_range {
68 unsigned short int start;
69 unsigned short int end;
70 };
71
72 struct fl_flow_mask {
73 struct fl_flow_key key;
74 struct fl_flow_mask_range range;
75 u32 flags;
76 struct rhash_head ht_node;
77 struct rhashtable ht;
78 struct rhashtable_params filter_ht_params;
79 struct flow_dissector dissector;
80 struct list_head filters;
81 struct rcu_work rwork;
82 struct list_head list;
83 refcount_t refcnt;
84 };
85
86 struct fl_flow_tmplt {
87 struct fl_flow_key dummy_key;
88 struct fl_flow_key mask;
89 struct flow_dissector dissector;
90 struct tcf_chain *chain;
91 };
92
93 struct cls_fl_head {
94 struct rhashtable ht;
95 spinlock_t masks_lock;
96 struct list_head masks;
97 struct list_head hw_filters;
98 struct rcu_work rwork;
99 struct idr handle_idr;
100 };
101
102 struct cls_fl_filter {
103 struct fl_flow_mask *mask;
104 struct rhash_head ht_node;
105 struct fl_flow_key mkey;
106 struct tcf_exts exts;
107 struct tcf_result res;
108 struct fl_flow_key key;
109 struct list_head list;
110 struct list_head hw_list;
111 u32 handle;
112 u32 flags;
113 u32 in_hw_count;
114 struct rcu_work rwork;
115 struct net_device *hw_dev;
116
117
118
119
120 refcount_t refcnt;
121 bool deleted;
122 };
123
124 static const struct rhashtable_params mask_ht_params = {
125 .key_offset = offsetof(struct fl_flow_mask, key),
126 .key_len = sizeof(struct fl_flow_key),
127 .head_offset = offsetof(struct fl_flow_mask, ht_node),
128 .automatic_shrinking = true,
129 };
130
131 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
132 {
133 return mask->range.end - mask->range.start;
134 }
135
136 static void fl_mask_update_range(struct fl_flow_mask *mask)
137 {
138 const u8 *bytes = (const u8 *) &mask->key;
139 size_t size = sizeof(mask->key);
140 size_t i, first = 0, last;
141
142 for (i = 0; i < size; i++) {
143 if (bytes[i]) {
144 first = i;
145 break;
146 }
147 }
148 last = first;
149 for (i = size - 1; i != first; i--) {
150 if (bytes[i]) {
151 last = i;
152 break;
153 }
154 }
155 mask->range.start = rounddown(first, sizeof(long));
156 mask->range.end = roundup(last + 1, sizeof(long));
157 }
158
159 static void *fl_key_get_start(struct fl_flow_key *key,
160 const struct fl_flow_mask *mask)
161 {
162 return (u8 *) key + mask->range.start;
163 }
164
165 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
166 struct fl_flow_mask *mask)
167 {
168 const long *lkey = fl_key_get_start(key, mask);
169 const long *lmask = fl_key_get_start(&mask->key, mask);
170 long *lmkey = fl_key_get_start(mkey, mask);
171 int i;
172
173 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
174 *lmkey++ = *lkey++ & *lmask++;
175 }
176
177 static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
178 struct fl_flow_mask *mask)
179 {
180 const long *lmask = fl_key_get_start(&mask->key, mask);
181 const long *ltmplt;
182 int i;
183
184 if (!tmplt)
185 return true;
186 ltmplt = fl_key_get_start(&tmplt->mask, mask);
187 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
188 if (~*ltmplt++ & *lmask++)
189 return false;
190 }
191 return true;
192 }
193
194 static void fl_clear_masked_range(struct fl_flow_key *key,
195 struct fl_flow_mask *mask)
196 {
197 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
198 }
199
200 static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
201 struct fl_flow_key *key,
202 struct fl_flow_key *mkey)
203 {
204 __be16 min_mask, max_mask, min_val, max_val;
205
206 min_mask = htons(filter->mask->key.tp_range.tp_min.dst);
207 max_mask = htons(filter->mask->key.tp_range.tp_max.dst);
208 min_val = htons(filter->key.tp_range.tp_min.dst);
209 max_val = htons(filter->key.tp_range.tp_max.dst);
210
211 if (min_mask && max_mask) {
212 if (htons(key->tp_range.tp.dst) < min_val ||
213 htons(key->tp_range.tp.dst) > max_val)
214 return false;
215
216
217 mkey->tp_range.tp_min.dst = filter->mkey.tp_range.tp_min.dst;
218 mkey->tp_range.tp_max.dst = filter->mkey.tp_range.tp_max.dst;
219 }
220 return true;
221 }
222
223 static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
224 struct fl_flow_key *key,
225 struct fl_flow_key *mkey)
226 {
227 __be16 min_mask, max_mask, min_val, max_val;
228
229 min_mask = htons(filter->mask->key.tp_range.tp_min.src);
230 max_mask = htons(filter->mask->key.tp_range.tp_max.src);
231 min_val = htons(filter->key.tp_range.tp_min.src);
232 max_val = htons(filter->key.tp_range.tp_max.src);
233
234 if (min_mask && max_mask) {
235 if (htons(key->tp_range.tp.src) < min_val ||
236 htons(key->tp_range.tp.src) > max_val)
237 return false;
238
239
240 mkey->tp_range.tp_min.src = filter->mkey.tp_range.tp_min.src;
241 mkey->tp_range.tp_max.src = filter->mkey.tp_range.tp_max.src;
242 }
243 return true;
244 }
245
246 static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
247 struct fl_flow_key *mkey)
248 {
249 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
250 mask->filter_ht_params);
251 }
252
253 static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
254 struct fl_flow_key *mkey,
255 struct fl_flow_key *key)
256 {
257 struct cls_fl_filter *filter, *f;
258
259 list_for_each_entry_rcu(filter, &mask->filters, list) {
260 if (!fl_range_port_dst_cmp(filter, key, mkey))
261 continue;
262
263 if (!fl_range_port_src_cmp(filter, key, mkey))
264 continue;
265
266 f = __fl_lookup(mask, mkey);
267 if (f)
268 return f;
269 }
270 return NULL;
271 }
272
273 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
274 struct fl_flow_key *mkey,
275 struct fl_flow_key *key)
276 {
277 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
278 return fl_lookup_range(mask, mkey, key);
279
280 return __fl_lookup(mask, mkey);
281 }
282
283 static u16 fl_ct_info_to_flower_map[] = {
284 [IP_CT_ESTABLISHED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
285 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED,
286 [IP_CT_RELATED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
287 TCA_FLOWER_KEY_CT_FLAGS_RELATED,
288 [IP_CT_ESTABLISHED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
289 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED,
290 [IP_CT_RELATED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
291 TCA_FLOWER_KEY_CT_FLAGS_RELATED,
292 [IP_CT_NEW] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
293 TCA_FLOWER_KEY_CT_FLAGS_NEW,
294 };
295
296 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
297 struct tcf_result *res)
298 {
299 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
300 struct fl_flow_key skb_mkey;
301 struct fl_flow_key skb_key;
302 struct fl_flow_mask *mask;
303 struct cls_fl_filter *f;
304
305 list_for_each_entry_rcu(mask, &head->masks, list) {
306 flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
307 fl_clear_masked_range(&skb_key, mask);
308
309 skb_flow_dissect_meta(skb, &mask->dissector, &skb_key);
310
311
312
313 skb_key.basic.n_proto = skb->protocol;
314 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
315 skb_flow_dissect_ct(skb, &mask->dissector, &skb_key,
316 fl_ct_info_to_flower_map,
317 ARRAY_SIZE(fl_ct_info_to_flower_map));
318 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
319
320 fl_set_masked_key(&skb_mkey, &skb_key, mask);
321
322 f = fl_lookup(mask, &skb_mkey, &skb_key);
323 if (f && !tc_skip_sw(f->flags)) {
324 *res = f->res;
325 return tcf_exts_exec(skb, &f->exts, res);
326 }
327 }
328 return -1;
329 }
330
331 static int fl_init(struct tcf_proto *tp)
332 {
333 struct cls_fl_head *head;
334
335 head = kzalloc(sizeof(*head), GFP_KERNEL);
336 if (!head)
337 return -ENOBUFS;
338
339 spin_lock_init(&head->masks_lock);
340 INIT_LIST_HEAD_RCU(&head->masks);
341 INIT_LIST_HEAD(&head->hw_filters);
342 rcu_assign_pointer(tp->root, head);
343 idr_init(&head->handle_idr);
344
345 return rhashtable_init(&head->ht, &mask_ht_params);
346 }
347
348 static void fl_mask_free(struct fl_flow_mask *mask, bool mask_init_done)
349 {
350
351 if (mask_init_done) {
352 WARN_ON(!list_empty(&mask->filters));
353 rhashtable_destroy(&mask->ht);
354 }
355 kfree(mask);
356 }
357
358 static void fl_mask_free_work(struct work_struct *work)
359 {
360 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
361 struct fl_flow_mask, rwork);
362
363 fl_mask_free(mask, true);
364 }
365
366 static void fl_uninit_mask_free_work(struct work_struct *work)
367 {
368 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
369 struct fl_flow_mask, rwork);
370
371 fl_mask_free(mask, false);
372 }
373
374 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask)
375 {
376 if (!refcount_dec_and_test(&mask->refcnt))
377 return false;
378
379 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
380
381 spin_lock(&head->masks_lock);
382 list_del_rcu(&mask->list);
383 spin_unlock(&head->masks_lock);
384
385 tcf_queue_work(&mask->rwork, fl_mask_free_work);
386
387 return true;
388 }
389
390 static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp)
391 {
392
393
394
395
396
397 return rcu_dereference_raw(tp->root);
398 }
399
400 static void __fl_destroy_filter(struct cls_fl_filter *f)
401 {
402 tcf_exts_destroy(&f->exts);
403 tcf_exts_put_net(&f->exts);
404 kfree(f);
405 }
406
407 static void fl_destroy_filter_work(struct work_struct *work)
408 {
409 struct cls_fl_filter *f = container_of(to_rcu_work(work),
410 struct cls_fl_filter, rwork);
411
412 __fl_destroy_filter(f);
413 }
414
415 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
416 bool rtnl_held, struct netlink_ext_ack *extack)
417 {
418 struct tcf_block *block = tp->chain->block;
419 struct flow_cls_offload cls_flower = {};
420
421 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
422 cls_flower.command = FLOW_CLS_DESTROY;
423 cls_flower.cookie = (unsigned long) f;
424
425 tc_setup_cb_destroy(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, false,
426 &f->flags, &f->in_hw_count, rtnl_held);
427
428 }
429
430 static int fl_hw_replace_filter(struct tcf_proto *tp,
431 struct cls_fl_filter *f, bool rtnl_held,
432 struct netlink_ext_ack *extack)
433 {
434 struct tcf_block *block = tp->chain->block;
435 struct flow_cls_offload cls_flower = {};
436 bool skip_sw = tc_skip_sw(f->flags);
437 int err = 0;
438
439 cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts));
440 if (!cls_flower.rule)
441 return -ENOMEM;
442
443 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
444 cls_flower.command = FLOW_CLS_REPLACE;
445 cls_flower.cookie = (unsigned long) f;
446 cls_flower.rule->match.dissector = &f->mask->dissector;
447 cls_flower.rule->match.mask = &f->mask->key;
448 cls_flower.rule->match.key = &f->mkey;
449 cls_flower.classid = f->res.classid;
450
451 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts,
452 rtnl_held);
453 if (err) {
454 kfree(cls_flower.rule);
455 if (skip_sw) {
456 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
457 return err;
458 }
459 return 0;
460 }
461
462 err = tc_setup_cb_add(block, tp, TC_SETUP_CLSFLOWER, &cls_flower,
463 skip_sw, &f->flags, &f->in_hw_count, rtnl_held);
464 tc_cleanup_flow_action(&cls_flower.rule->action);
465 kfree(cls_flower.rule);
466
467 if (err) {
468 fl_hw_destroy_filter(tp, f, rtnl_held, NULL);
469 return err;
470 }
471
472 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
473 return -EINVAL;
474
475 return 0;
476 }
477
478 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f,
479 bool rtnl_held)
480 {
481 struct tcf_block *block = tp->chain->block;
482 struct flow_cls_offload cls_flower = {};
483
484 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
485 cls_flower.command = FLOW_CLS_STATS;
486 cls_flower.cookie = (unsigned long) f;
487 cls_flower.classid = f->res.classid;
488
489 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false,
490 rtnl_held);
491
492 tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes,
493 cls_flower.stats.pkts,
494 cls_flower.stats.lastused);
495 }
496
497 static void __fl_put(struct cls_fl_filter *f)
498 {
499 if (!refcount_dec_and_test(&f->refcnt))
500 return;
501
502 if (tcf_exts_get_net(&f->exts))
503 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
504 else
505 __fl_destroy_filter(f);
506 }
507
508 static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle)
509 {
510 struct cls_fl_filter *f;
511
512 rcu_read_lock();
513 f = idr_find(&head->handle_idr, handle);
514 if (f && !refcount_inc_not_zero(&f->refcnt))
515 f = NULL;
516 rcu_read_unlock();
517
518 return f;
519 }
520
521 static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
522 bool *last, bool rtnl_held,
523 struct netlink_ext_ack *extack)
524 {
525 struct cls_fl_head *head = fl_head_dereference(tp);
526
527 *last = false;
528
529 spin_lock(&tp->lock);
530 if (f->deleted) {
531 spin_unlock(&tp->lock);
532 return -ENOENT;
533 }
534
535 f->deleted = true;
536 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
537 f->mask->filter_ht_params);
538 idr_remove(&head->handle_idr, f->handle);
539 list_del_rcu(&f->list);
540 spin_unlock(&tp->lock);
541
542 *last = fl_mask_put(head, f->mask);
543 if (!tc_skip_hw(f->flags))
544 fl_hw_destroy_filter(tp, f, rtnl_held, extack);
545 tcf_unbind_filter(tp, &f->res);
546 __fl_put(f);
547
548 return 0;
549 }
550
551 static void fl_destroy_sleepable(struct work_struct *work)
552 {
553 struct cls_fl_head *head = container_of(to_rcu_work(work),
554 struct cls_fl_head,
555 rwork);
556
557 rhashtable_destroy(&head->ht);
558 kfree(head);
559 module_put(THIS_MODULE);
560 }
561
562 static void fl_destroy(struct tcf_proto *tp, bool rtnl_held,
563 struct netlink_ext_ack *extack)
564 {
565 struct cls_fl_head *head = fl_head_dereference(tp);
566 struct fl_flow_mask *mask, *next_mask;
567 struct cls_fl_filter *f, *next;
568 bool last;
569
570 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
571 list_for_each_entry_safe(f, next, &mask->filters, list) {
572 __fl_delete(tp, f, &last, rtnl_held, extack);
573 if (last)
574 break;
575 }
576 }
577 idr_destroy(&head->handle_idr);
578
579 __module_get(THIS_MODULE);
580 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
581 }
582
583 static void fl_put(struct tcf_proto *tp, void *arg)
584 {
585 struct cls_fl_filter *f = arg;
586
587 __fl_put(f);
588 }
589
590 static void *fl_get(struct tcf_proto *tp, u32 handle)
591 {
592 struct cls_fl_head *head = fl_head_dereference(tp);
593
594 return __fl_get(head, handle);
595 }
596
597 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
598 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
599 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
600 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
601 .len = IFNAMSIZ },
602 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
603 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
604 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
605 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
606 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
607 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
608 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
609 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
610 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
611 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
612 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
613 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
614 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
615 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
616 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
617 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
618 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
619 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
620 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
621 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
622 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
623 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
624 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
625 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
626 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
627 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
628 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
629 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
630 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
631 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
632 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
633 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
634 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
635 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
636 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
637 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
638 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
639 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
640 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
641 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
642 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
643 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
644 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
645 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
646 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
647 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
648 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
649 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
650 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
651 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
652 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
653 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
654 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
655 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
656 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
657 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
658 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
659 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
660 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
661 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
662 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
663 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
664 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
665 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
666 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
667 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
668 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
669 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
670 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
671 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
672 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
673 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
674 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
675 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
676 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
677 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
678 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
679 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
680 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
681 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
682 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
683 [TCA_FLOWER_KEY_CT_STATE] = { .type = NLA_U16 },
684 [TCA_FLOWER_KEY_CT_STATE_MASK] = { .type = NLA_U16 },
685 [TCA_FLOWER_KEY_CT_ZONE] = { .type = NLA_U16 },
686 [TCA_FLOWER_KEY_CT_ZONE_MASK] = { .type = NLA_U16 },
687 [TCA_FLOWER_KEY_CT_MARK] = { .type = NLA_U32 },
688 [TCA_FLOWER_KEY_CT_MARK_MASK] = { .type = NLA_U32 },
689 [TCA_FLOWER_KEY_CT_LABELS] = { .type = NLA_BINARY,
690 .len = 128 / BITS_PER_BYTE },
691 [TCA_FLOWER_KEY_CT_LABELS_MASK] = { .type = NLA_BINARY,
692 .len = 128 / BITS_PER_BYTE },
693 [TCA_FLOWER_FLAGS] = { .type = NLA_U32 },
694 };
695
696 static const struct nla_policy
697 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
698 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
699 };
700
701 static const struct nla_policy
702 geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
703 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
704 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
705 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
706 .len = 128 },
707 };
708
709 static void fl_set_key_val(struct nlattr **tb,
710 void *val, int val_type,
711 void *mask, int mask_type, int len)
712 {
713 if (!tb[val_type])
714 return;
715 nla_memcpy(val, tb[val_type], len);
716 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
717 memset(mask, 0xff, len);
718 else
719 nla_memcpy(mask, tb[mask_type], len);
720 }
721
722 static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
723 struct fl_flow_key *mask)
724 {
725 fl_set_key_val(tb, &key->tp_range.tp_min.dst,
726 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_range.tp_min.dst,
727 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.dst));
728 fl_set_key_val(tb, &key->tp_range.tp_max.dst,
729 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_range.tp_max.dst,
730 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.dst));
731 fl_set_key_val(tb, &key->tp_range.tp_min.src,
732 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_range.tp_min.src,
733 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.src));
734 fl_set_key_val(tb, &key->tp_range.tp_max.src,
735 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_range.tp_max.src,
736 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.src));
737
738 if ((mask->tp_range.tp_min.dst && mask->tp_range.tp_max.dst &&
739 htons(key->tp_range.tp_max.dst) <=
740 htons(key->tp_range.tp_min.dst)) ||
741 (mask->tp_range.tp_min.src && mask->tp_range.tp_max.src &&
742 htons(key->tp_range.tp_max.src) <=
743 htons(key->tp_range.tp_min.src)))
744 return -EINVAL;
745
746 return 0;
747 }
748
749 static int fl_set_key_mpls(struct nlattr **tb,
750 struct flow_dissector_key_mpls *key_val,
751 struct flow_dissector_key_mpls *key_mask)
752 {
753 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
754 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
755 key_mask->mpls_ttl = MPLS_TTL_MASK;
756 }
757 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
758 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
759
760 if (bos & ~MPLS_BOS_MASK)
761 return -EINVAL;
762 key_val->mpls_bos = bos;
763 key_mask->mpls_bos = MPLS_BOS_MASK;
764 }
765 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
766 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
767
768 if (tc & ~MPLS_TC_MASK)
769 return -EINVAL;
770 key_val->mpls_tc = tc;
771 key_mask->mpls_tc = MPLS_TC_MASK;
772 }
773 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
774 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
775
776 if (label & ~MPLS_LABEL_MASK)
777 return -EINVAL;
778 key_val->mpls_label = label;
779 key_mask->mpls_label = MPLS_LABEL_MASK;
780 }
781 return 0;
782 }
783
784 static void fl_set_key_vlan(struct nlattr **tb,
785 __be16 ethertype,
786 int vlan_id_key, int vlan_prio_key,
787 struct flow_dissector_key_vlan *key_val,
788 struct flow_dissector_key_vlan *key_mask)
789 {
790 #define VLAN_PRIORITY_MASK 0x7
791
792 if (tb[vlan_id_key]) {
793 key_val->vlan_id =
794 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
795 key_mask->vlan_id = VLAN_VID_MASK;
796 }
797 if (tb[vlan_prio_key]) {
798 key_val->vlan_priority =
799 nla_get_u8(tb[vlan_prio_key]) &
800 VLAN_PRIORITY_MASK;
801 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
802 }
803 key_val->vlan_tpid = ethertype;
804 key_mask->vlan_tpid = cpu_to_be16(~0);
805 }
806
807 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
808 u32 *dissector_key, u32 *dissector_mask,
809 u32 flower_flag_bit, u32 dissector_flag_bit)
810 {
811 if (flower_mask & flower_flag_bit) {
812 *dissector_mask |= dissector_flag_bit;
813 if (flower_key & flower_flag_bit)
814 *dissector_key |= dissector_flag_bit;
815 }
816 }
817
818 static int fl_set_key_flags(struct nlattr **tb,
819 u32 *flags_key, u32 *flags_mask)
820 {
821 u32 key, mask;
822
823
824 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
825 return -EINVAL;
826
827 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
828 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
829
830 *flags_key = 0;
831 *flags_mask = 0;
832
833 fl_set_key_flag(key, mask, flags_key, flags_mask,
834 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
835 fl_set_key_flag(key, mask, flags_key, flags_mask,
836 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
837 FLOW_DIS_FIRST_FRAG);
838
839 return 0;
840 }
841
842 static void fl_set_key_ip(struct nlattr **tb, bool encap,
843 struct flow_dissector_key_ip *key,
844 struct flow_dissector_key_ip *mask)
845 {
846 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
847 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
848 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
849 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
850
851 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
852 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
853 }
854
855 static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
856 int depth, int option_len,
857 struct netlink_ext_ack *extack)
858 {
859 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
860 struct nlattr *class = NULL, *type = NULL, *data = NULL;
861 struct geneve_opt *opt;
862 int err, data_len = 0;
863
864 if (option_len > sizeof(struct geneve_opt))
865 data_len = option_len - sizeof(struct geneve_opt);
866
867 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
868 memset(opt, 0xff, option_len);
869 opt->length = data_len / 4;
870 opt->r1 = 0;
871 opt->r2 = 0;
872 opt->r3 = 0;
873
874
875 if (!depth)
876 return sizeof(struct geneve_opt) + data_len;
877
878 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
879 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
880 return -EINVAL;
881 }
882
883 err = nla_parse_nested_deprecated(tb,
884 TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
885 nla, geneve_opt_policy, extack);
886 if (err < 0)
887 return err;
888
889
890
891
892 if (!option_len &&
893 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
894 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
895 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
896 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
897 return -EINVAL;
898 }
899
900
901
902
903 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
904 int new_len = key->enc_opts.len;
905
906 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
907 data_len = nla_len(data);
908 if (data_len < 4) {
909 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
910 return -ERANGE;
911 }
912 if (data_len % 4) {
913 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
914 return -ERANGE;
915 }
916
917 new_len += sizeof(struct geneve_opt) + data_len;
918 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
919 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
920 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
921 return -ERANGE;
922 }
923 opt->length = data_len / 4;
924 memcpy(opt->opt_data, nla_data(data), data_len);
925 }
926
927 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
928 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
929 opt->opt_class = nla_get_be16(class);
930 }
931
932 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
933 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
934 opt->type = nla_get_u8(type);
935 }
936
937 return sizeof(struct geneve_opt) + data_len;
938 }
939
940 static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
941 struct fl_flow_key *mask,
942 struct netlink_ext_ack *extack)
943 {
944 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
945 int err, option_len, key_depth, msk_depth = 0;
946
947 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS],
948 TCA_FLOWER_KEY_ENC_OPTS_MAX,
949 enc_opts_policy, extack);
950 if (err)
951 return err;
952
953 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
954
955 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
956 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
957 TCA_FLOWER_KEY_ENC_OPTS_MAX,
958 enc_opts_policy, extack);
959 if (err)
960 return err;
961
962 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
963 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
964 }
965
966 nla_for_each_attr(nla_opt_key, nla_enc_key,
967 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
968 switch (nla_type(nla_opt_key)) {
969 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
970 option_len = 0;
971 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
972 option_len = fl_set_geneve_opt(nla_opt_key, key,
973 key_depth, option_len,
974 extack);
975 if (option_len < 0)
976 return option_len;
977
978 key->enc_opts.len += option_len;
979
980
981
982 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
983 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
984 msk_depth, option_len,
985 extack);
986 if (option_len < 0)
987 return option_len;
988
989 mask->enc_opts.len += option_len;
990 if (key->enc_opts.len != mask->enc_opts.len) {
991 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
992 return -EINVAL;
993 }
994
995 if (msk_depth)
996 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
997 break;
998 default:
999 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
1000 return -EINVAL;
1001 }
1002 }
1003
1004 return 0;
1005 }
1006
1007 static int fl_set_key_ct(struct nlattr **tb,
1008 struct flow_dissector_key_ct *key,
1009 struct flow_dissector_key_ct *mask,
1010 struct netlink_ext_ack *extack)
1011 {
1012 if (tb[TCA_FLOWER_KEY_CT_STATE]) {
1013 if (!IS_ENABLED(CONFIG_NF_CONNTRACK)) {
1014 NL_SET_ERR_MSG(extack, "Conntrack isn't enabled");
1015 return -EOPNOTSUPP;
1016 }
1017 fl_set_key_val(tb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
1018 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
1019 sizeof(key->ct_state));
1020 }
1021 if (tb[TCA_FLOWER_KEY_CT_ZONE]) {
1022 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)) {
1023 NL_SET_ERR_MSG(extack, "Conntrack zones isn't enabled");
1024 return -EOPNOTSUPP;
1025 }
1026 fl_set_key_val(tb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
1027 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
1028 sizeof(key->ct_zone));
1029 }
1030 if (tb[TCA_FLOWER_KEY_CT_MARK]) {
1031 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)) {
1032 NL_SET_ERR_MSG(extack, "Conntrack mark isn't enabled");
1033 return -EOPNOTSUPP;
1034 }
1035 fl_set_key_val(tb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
1036 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
1037 sizeof(key->ct_mark));
1038 }
1039 if (tb[TCA_FLOWER_KEY_CT_LABELS]) {
1040 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS)) {
1041 NL_SET_ERR_MSG(extack, "Conntrack labels aren't enabled");
1042 return -EOPNOTSUPP;
1043 }
1044 fl_set_key_val(tb, key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
1045 mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
1046 sizeof(key->ct_labels));
1047 }
1048
1049 return 0;
1050 }
1051
1052 static int fl_set_key(struct net *net, struct nlattr **tb,
1053 struct fl_flow_key *key, struct fl_flow_key *mask,
1054 struct netlink_ext_ack *extack)
1055 {
1056 __be16 ethertype;
1057 int ret = 0;
1058
1059 if (tb[TCA_FLOWER_INDEV]) {
1060 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
1061 if (err < 0)
1062 return err;
1063 key->meta.ingress_ifindex = err;
1064 mask->meta.ingress_ifindex = 0xffffffff;
1065 }
1066
1067 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1068 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1069 sizeof(key->eth.dst));
1070 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1071 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1072 sizeof(key->eth.src));
1073
1074 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
1075 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
1076
1077 if (eth_type_vlan(ethertype)) {
1078 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
1079 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
1080 &mask->vlan);
1081
1082 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
1083 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
1084 if (eth_type_vlan(ethertype)) {
1085 fl_set_key_vlan(tb, ethertype,
1086 TCA_FLOWER_KEY_CVLAN_ID,
1087 TCA_FLOWER_KEY_CVLAN_PRIO,
1088 &key->cvlan, &mask->cvlan);
1089 fl_set_key_val(tb, &key->basic.n_proto,
1090 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1091 &mask->basic.n_proto,
1092 TCA_FLOWER_UNSPEC,
1093 sizeof(key->basic.n_proto));
1094 } else {
1095 key->basic.n_proto = ethertype;
1096 mask->basic.n_proto = cpu_to_be16(~0);
1097 }
1098 }
1099 } else {
1100 key->basic.n_proto = ethertype;
1101 mask->basic.n_proto = cpu_to_be16(~0);
1102 }
1103 }
1104
1105 if (key->basic.n_proto == htons(ETH_P_IP) ||
1106 key->basic.n_proto == htons(ETH_P_IPV6)) {
1107 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1108 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1109 sizeof(key->basic.ip_proto));
1110 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
1111 }
1112
1113 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
1114 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1115 mask->control.addr_type = ~0;
1116 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1117 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1118 sizeof(key->ipv4.src));
1119 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1120 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1121 sizeof(key->ipv4.dst));
1122 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
1123 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1124 mask->control.addr_type = ~0;
1125 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1126 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1127 sizeof(key->ipv6.src));
1128 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1129 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1130 sizeof(key->ipv6.dst));
1131 }
1132
1133 if (key->basic.ip_proto == IPPROTO_TCP) {
1134 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1135 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1136 sizeof(key->tp.src));
1137 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1138 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1139 sizeof(key->tp.dst));
1140 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1141 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1142 sizeof(key->tcp.flags));
1143 } else if (key->basic.ip_proto == IPPROTO_UDP) {
1144 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1145 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1146 sizeof(key->tp.src));
1147 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1148 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1149 sizeof(key->tp.dst));
1150 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
1151 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1152 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1153 sizeof(key->tp.src));
1154 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1155 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1156 sizeof(key->tp.dst));
1157 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
1158 key->basic.ip_proto == IPPROTO_ICMP) {
1159 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
1160 &mask->icmp.type,
1161 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1162 sizeof(key->icmp.type));
1163 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
1164 &mask->icmp.code,
1165 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1166 sizeof(key->icmp.code));
1167 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1168 key->basic.ip_proto == IPPROTO_ICMPV6) {
1169 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
1170 &mask->icmp.type,
1171 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1172 sizeof(key->icmp.type));
1173 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
1174 &mask->icmp.code,
1175 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1176 sizeof(key->icmp.code));
1177 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1178 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1179 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
1180 if (ret)
1181 return ret;
1182 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1183 key->basic.n_proto == htons(ETH_P_RARP)) {
1184 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1185 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1186 sizeof(key->arp.sip));
1187 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1188 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1189 sizeof(key->arp.tip));
1190 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1191 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1192 sizeof(key->arp.op));
1193 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1194 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1195 sizeof(key->arp.sha));
1196 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1197 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1198 sizeof(key->arp.tha));
1199 }
1200
1201 if (key->basic.ip_proto == IPPROTO_TCP ||
1202 key->basic.ip_proto == IPPROTO_UDP ||
1203 key->basic.ip_proto == IPPROTO_SCTP) {
1204 ret = fl_set_key_port_range(tb, key, mask);
1205 if (ret)
1206 return ret;
1207 }
1208
1209 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1210 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1211 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1212 mask->enc_control.addr_type = ~0;
1213 fl_set_key_val(tb, &key->enc_ipv4.src,
1214 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1215 &mask->enc_ipv4.src,
1216 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1217 sizeof(key->enc_ipv4.src));
1218 fl_set_key_val(tb, &key->enc_ipv4.dst,
1219 TCA_FLOWER_KEY_ENC_IPV4_DST,
1220 &mask->enc_ipv4.dst,
1221 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1222 sizeof(key->enc_ipv4.dst));
1223 }
1224
1225 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1226 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1227 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1228 mask->enc_control.addr_type = ~0;
1229 fl_set_key_val(tb, &key->enc_ipv6.src,
1230 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1231 &mask->enc_ipv6.src,
1232 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1233 sizeof(key->enc_ipv6.src));
1234 fl_set_key_val(tb, &key->enc_ipv6.dst,
1235 TCA_FLOWER_KEY_ENC_IPV6_DST,
1236 &mask->enc_ipv6.dst,
1237 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1238 sizeof(key->enc_ipv6.dst));
1239 }
1240
1241 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
1242 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
1243 sizeof(key->enc_key_id.keyid));
1244
1245 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1246 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1247 sizeof(key->enc_tp.src));
1248
1249 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1250 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1251 sizeof(key->enc_tp.dst));
1252
1253 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1254
1255 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1256 ret = fl_set_enc_opt(tb, key, mask, extack);
1257 if (ret)
1258 return ret;
1259 }
1260
1261 ret = fl_set_key_ct(tb, &key->ct, &mask->ct, extack);
1262 if (ret)
1263 return ret;
1264
1265 if (tb[TCA_FLOWER_KEY_FLAGS])
1266 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
1267
1268 return ret;
1269 }
1270
1271 static void fl_mask_copy(struct fl_flow_mask *dst,
1272 struct fl_flow_mask *src)
1273 {
1274 const void *psrc = fl_key_get_start(&src->key, src);
1275 void *pdst = fl_key_get_start(&dst->key, src);
1276
1277 memcpy(pdst, psrc, fl_mask_range(src));
1278 dst->range = src->range;
1279 }
1280
1281 static const struct rhashtable_params fl_ht_params = {
1282 .key_offset = offsetof(struct cls_fl_filter, mkey),
1283 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1284 .automatic_shrinking = true,
1285 };
1286
1287 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1288 {
1289 mask->filter_ht_params = fl_ht_params;
1290 mask->filter_ht_params.key_len = fl_mask_range(mask);
1291 mask->filter_ht_params.key_offset += mask->range.start;
1292
1293 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1294 }
1295
1296 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1297 #define FL_KEY_MEMBER_SIZE(member) FIELD_SIZEOF(struct fl_flow_key, member)
1298
1299 #define FL_KEY_IS_MASKED(mask, member) \
1300 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1301 0, FL_KEY_MEMBER_SIZE(member)) \
1302
1303 #define FL_KEY_SET(keys, cnt, id, member) \
1304 do { \
1305 keys[cnt].key_id = id; \
1306 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1307 cnt++; \
1308 } while(0);
1309
1310 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1311 do { \
1312 if (FL_KEY_IS_MASKED(mask, member)) \
1313 FL_KEY_SET(keys, cnt, id, member); \
1314 } while(0);
1315
1316 static void fl_init_dissector(struct flow_dissector *dissector,
1317 struct fl_flow_key *mask)
1318 {
1319 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1320 size_t cnt = 0;
1321
1322 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1323 FLOW_DISSECTOR_KEY_META, meta);
1324 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1325 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1326 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1327 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1328 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1329 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1330 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1331 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1332 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1333 FLOW_DISSECTOR_KEY_PORTS, tp);
1334 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1335 FLOW_DISSECTOR_KEY_PORTS_RANGE, tp_range);
1336 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1337 FLOW_DISSECTOR_KEY_IP, ip);
1338 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1339 FLOW_DISSECTOR_KEY_TCP, tcp);
1340 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1341 FLOW_DISSECTOR_KEY_ICMP, icmp);
1342 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1343 FLOW_DISSECTOR_KEY_ARP, arp);
1344 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1345 FLOW_DISSECTOR_KEY_MPLS, mpls);
1346 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1347 FLOW_DISSECTOR_KEY_VLAN, vlan);
1348 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1349 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1350 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1351 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1352 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1353 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1354 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1355 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1356 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1357 FL_KEY_IS_MASKED(mask, enc_ipv6))
1358 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1359 enc_control);
1360 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1361 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1362 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1363 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1364 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1365 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1366 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1367 FLOW_DISSECTOR_KEY_CT, ct);
1368
1369 skb_flow_dissector_init(dissector, keys, cnt);
1370 }
1371
1372 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1373 struct fl_flow_mask *mask)
1374 {
1375 struct fl_flow_mask *newmask;
1376 int err;
1377
1378 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1379 if (!newmask)
1380 return ERR_PTR(-ENOMEM);
1381
1382 fl_mask_copy(newmask, mask);
1383
1384 if ((newmask->key.tp_range.tp_min.dst &&
1385 newmask->key.tp_range.tp_max.dst) ||
1386 (newmask->key.tp_range.tp_min.src &&
1387 newmask->key.tp_range.tp_max.src))
1388 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
1389
1390 err = fl_init_mask_hashtable(newmask);
1391 if (err)
1392 goto errout_free;
1393
1394 fl_init_dissector(&newmask->dissector, &newmask->key);
1395
1396 INIT_LIST_HEAD_RCU(&newmask->filters);
1397
1398 refcount_set(&newmask->refcnt, 1);
1399 err = rhashtable_replace_fast(&head->ht, &mask->ht_node,
1400 &newmask->ht_node, mask_ht_params);
1401 if (err)
1402 goto errout_destroy;
1403
1404 spin_lock(&head->masks_lock);
1405 list_add_tail_rcu(&newmask->list, &head->masks);
1406 spin_unlock(&head->masks_lock);
1407
1408 return newmask;
1409
1410 errout_destroy:
1411 rhashtable_destroy(&newmask->ht);
1412 errout_free:
1413 kfree(newmask);
1414
1415 return ERR_PTR(err);
1416 }
1417
1418 static int fl_check_assign_mask(struct cls_fl_head *head,
1419 struct cls_fl_filter *fnew,
1420 struct cls_fl_filter *fold,
1421 struct fl_flow_mask *mask)
1422 {
1423 struct fl_flow_mask *newmask;
1424 int ret = 0;
1425
1426 rcu_read_lock();
1427
1428
1429
1430
1431
1432 fnew->mask = rhashtable_lookup_get_insert_fast(&head->ht,
1433 &mask->ht_node,
1434 mask_ht_params);
1435 if (!fnew->mask) {
1436 rcu_read_unlock();
1437
1438 if (fold) {
1439 ret = -EINVAL;
1440 goto errout_cleanup;
1441 }
1442
1443 newmask = fl_create_new_mask(head, mask);
1444 if (IS_ERR(newmask)) {
1445 ret = PTR_ERR(newmask);
1446 goto errout_cleanup;
1447 }
1448
1449 fnew->mask = newmask;
1450 return 0;
1451 } else if (IS_ERR(fnew->mask)) {
1452 ret = PTR_ERR(fnew->mask);
1453 } else if (fold && fold->mask != fnew->mask) {
1454 ret = -EINVAL;
1455 } else if (!refcount_inc_not_zero(&fnew->mask->refcnt)) {
1456
1457 ret = -EAGAIN;
1458 }
1459 rcu_read_unlock();
1460 return ret;
1461
1462 errout_cleanup:
1463 rhashtable_remove_fast(&head->ht, &mask->ht_node,
1464 mask_ht_params);
1465 return ret;
1466 }
1467
1468 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1469 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1470 unsigned long base, struct nlattr **tb,
1471 struct nlattr *est, bool ovr,
1472 struct fl_flow_tmplt *tmplt, bool rtnl_held,
1473 struct netlink_ext_ack *extack)
1474 {
1475 int err;
1476
1477 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, rtnl_held,
1478 extack);
1479 if (err < 0)
1480 return err;
1481
1482 if (tb[TCA_FLOWER_CLASSID]) {
1483 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1484 if (!rtnl_held)
1485 rtnl_lock();
1486 tcf_bind_filter(tp, &f->res, base);
1487 if (!rtnl_held)
1488 rtnl_unlock();
1489 }
1490
1491 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1492 if (err)
1493 return err;
1494
1495 fl_mask_update_range(mask);
1496 fl_set_masked_key(&f->mkey, &f->key, mask);
1497
1498 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1499 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1500 return -EINVAL;
1501 }
1502
1503 return 0;
1504 }
1505
1506 static int fl_ht_insert_unique(struct cls_fl_filter *fnew,
1507 struct cls_fl_filter *fold,
1508 bool *in_ht)
1509 {
1510 struct fl_flow_mask *mask = fnew->mask;
1511 int err;
1512
1513 err = rhashtable_lookup_insert_fast(&mask->ht,
1514 &fnew->ht_node,
1515 mask->filter_ht_params);
1516 if (err) {
1517 *in_ht = false;
1518
1519
1520
1521 return fold && err == -EEXIST ? 0 : err;
1522 }
1523
1524 *in_ht = true;
1525 return 0;
1526 }
1527
1528 static int fl_change(struct net *net, struct sk_buff *in_skb,
1529 struct tcf_proto *tp, unsigned long base,
1530 u32 handle, struct nlattr **tca,
1531 void **arg, bool ovr, bool rtnl_held,
1532 struct netlink_ext_ack *extack)
1533 {
1534 struct cls_fl_head *head = fl_head_dereference(tp);
1535 struct cls_fl_filter *fold = *arg;
1536 struct cls_fl_filter *fnew;
1537 struct fl_flow_mask *mask;
1538 struct nlattr **tb;
1539 bool in_ht;
1540 int err;
1541
1542 if (!tca[TCA_OPTIONS]) {
1543 err = -EINVAL;
1544 goto errout_fold;
1545 }
1546
1547 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
1548 if (!mask) {
1549 err = -ENOBUFS;
1550 goto errout_fold;
1551 }
1552
1553 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1554 if (!tb) {
1555 err = -ENOBUFS;
1556 goto errout_mask_alloc;
1557 }
1558
1559 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
1560 tca[TCA_OPTIONS], fl_policy, NULL);
1561 if (err < 0)
1562 goto errout_tb;
1563
1564 if (fold && handle && fold->handle != handle) {
1565 err = -EINVAL;
1566 goto errout_tb;
1567 }
1568
1569 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1570 if (!fnew) {
1571 err = -ENOBUFS;
1572 goto errout_tb;
1573 }
1574 INIT_LIST_HEAD(&fnew->hw_list);
1575 refcount_set(&fnew->refcnt, 1);
1576
1577 err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0);
1578 if (err < 0)
1579 goto errout;
1580
1581 if (tb[TCA_FLOWER_FLAGS]) {
1582 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1583
1584 if (!tc_flags_valid(fnew->flags)) {
1585 err = -EINVAL;
1586 goto errout;
1587 }
1588 }
1589
1590 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
1591 tp->chain->tmplt_priv, rtnl_held, extack);
1592 if (err)
1593 goto errout;
1594
1595 err = fl_check_assign_mask(head, fnew, fold, mask);
1596 if (err)
1597 goto errout;
1598
1599 err = fl_ht_insert_unique(fnew, fold, &in_ht);
1600 if (err)
1601 goto errout_mask;
1602
1603 if (!tc_skip_hw(fnew->flags)) {
1604 err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack);
1605 if (err)
1606 goto errout_ht;
1607 }
1608
1609 if (!tc_in_hw(fnew->flags))
1610 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1611
1612 spin_lock(&tp->lock);
1613
1614
1615
1616
1617 if (tp->deleting) {
1618 err = -EAGAIN;
1619 goto errout_hw;
1620 }
1621
1622 if (fold) {
1623
1624 if (fold->deleted) {
1625 err = -EAGAIN;
1626 goto errout_hw;
1627 }
1628
1629 fnew->handle = handle;
1630
1631 if (!in_ht) {
1632 struct rhashtable_params params =
1633 fnew->mask->filter_ht_params;
1634
1635 err = rhashtable_insert_fast(&fnew->mask->ht,
1636 &fnew->ht_node,
1637 params);
1638 if (err)
1639 goto errout_hw;
1640 in_ht = true;
1641 }
1642
1643 refcount_inc(&fnew->refcnt);
1644 rhashtable_remove_fast(&fold->mask->ht,
1645 &fold->ht_node,
1646 fold->mask->filter_ht_params);
1647 idr_replace(&head->handle_idr, fnew, fnew->handle);
1648 list_replace_rcu(&fold->list, &fnew->list);
1649 fold->deleted = true;
1650
1651 spin_unlock(&tp->lock);
1652
1653 fl_mask_put(head, fold->mask);
1654 if (!tc_skip_hw(fold->flags))
1655 fl_hw_destroy_filter(tp, fold, rtnl_held, NULL);
1656 tcf_unbind_filter(tp, &fold->res);
1657
1658
1659
1660 refcount_dec(&fold->refcnt);
1661 __fl_put(fold);
1662 } else {
1663 if (handle) {
1664
1665 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1666 handle, GFP_ATOMIC);
1667
1668
1669
1670
1671
1672
1673
1674 if (err == -ENOSPC)
1675 err = -EAGAIN;
1676 } else {
1677 handle = 1;
1678 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1679 INT_MAX, GFP_ATOMIC);
1680 }
1681 if (err)
1682 goto errout_hw;
1683
1684 refcount_inc(&fnew->refcnt);
1685 fnew->handle = handle;
1686 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1687 spin_unlock(&tp->lock);
1688 }
1689
1690 *arg = fnew;
1691
1692 kfree(tb);
1693 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1694 return 0;
1695
1696 errout_ht:
1697 spin_lock(&tp->lock);
1698 errout_hw:
1699 fnew->deleted = true;
1700 spin_unlock(&tp->lock);
1701 if (!tc_skip_hw(fnew->flags))
1702 fl_hw_destroy_filter(tp, fnew, rtnl_held, NULL);
1703 if (in_ht)
1704 rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node,
1705 fnew->mask->filter_ht_params);
1706 errout_mask:
1707 fl_mask_put(head, fnew->mask);
1708 errout:
1709 __fl_put(fnew);
1710 errout_tb:
1711 kfree(tb);
1712 errout_mask_alloc:
1713 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1714 errout_fold:
1715 if (fold)
1716 __fl_put(fold);
1717 return err;
1718 }
1719
1720 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1721 bool rtnl_held, struct netlink_ext_ack *extack)
1722 {
1723 struct cls_fl_head *head = fl_head_dereference(tp);
1724 struct cls_fl_filter *f = arg;
1725 bool last_on_mask;
1726 int err = 0;
1727
1728 err = __fl_delete(tp, f, &last_on_mask, rtnl_held, extack);
1729 *last = list_empty(&head->masks);
1730 __fl_put(f);
1731
1732 return err;
1733 }
1734
1735 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg,
1736 bool rtnl_held)
1737 {
1738 struct cls_fl_head *head = fl_head_dereference(tp);
1739 unsigned long id = arg->cookie, tmp;
1740 struct cls_fl_filter *f;
1741
1742 arg->count = arg->skip;
1743
1744 idr_for_each_entry_continue_ul(&head->handle_idr, f, tmp, id) {
1745
1746 if (!refcount_inc_not_zero(&f->refcnt))
1747 continue;
1748 if (arg->fn(tp, f, arg) < 0) {
1749 __fl_put(f);
1750 arg->stop = 1;
1751 break;
1752 }
1753 __fl_put(f);
1754 arg->count++;
1755 }
1756 arg->cookie = id;
1757 }
1758
1759 static struct cls_fl_filter *
1760 fl_get_next_hw_filter(struct tcf_proto *tp, struct cls_fl_filter *f, bool add)
1761 {
1762 struct cls_fl_head *head = fl_head_dereference(tp);
1763
1764 spin_lock(&tp->lock);
1765 if (list_empty(&head->hw_filters)) {
1766 spin_unlock(&tp->lock);
1767 return NULL;
1768 }
1769
1770 if (!f)
1771 f = list_entry(&head->hw_filters, struct cls_fl_filter,
1772 hw_list);
1773 list_for_each_entry_continue(f, &head->hw_filters, hw_list) {
1774 if (!(add && f->deleted) && refcount_inc_not_zero(&f->refcnt)) {
1775 spin_unlock(&tp->lock);
1776 return f;
1777 }
1778 }
1779
1780 spin_unlock(&tp->lock);
1781 return NULL;
1782 }
1783
1784 static int fl_reoffload(struct tcf_proto *tp, bool add, flow_setup_cb_t *cb,
1785 void *cb_priv, struct netlink_ext_ack *extack)
1786 {
1787 struct tcf_block *block = tp->chain->block;
1788 struct flow_cls_offload cls_flower = {};
1789 struct cls_fl_filter *f = NULL;
1790 int err;
1791
1792
1793
1794
1795
1796 ASSERT_RTNL();
1797
1798 while ((f = fl_get_next_hw_filter(tp, f, add))) {
1799 cls_flower.rule =
1800 flow_rule_alloc(tcf_exts_num_actions(&f->exts));
1801 if (!cls_flower.rule) {
1802 __fl_put(f);
1803 return -ENOMEM;
1804 }
1805
1806 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags,
1807 extack);
1808 cls_flower.command = add ?
1809 FLOW_CLS_REPLACE : FLOW_CLS_DESTROY;
1810 cls_flower.cookie = (unsigned long)f;
1811 cls_flower.rule->match.dissector = &f->mask->dissector;
1812 cls_flower.rule->match.mask = &f->mask->key;
1813 cls_flower.rule->match.key = &f->mkey;
1814
1815 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts,
1816 true);
1817 if (err) {
1818 kfree(cls_flower.rule);
1819 if (tc_skip_sw(f->flags)) {
1820 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
1821 __fl_put(f);
1822 return err;
1823 }
1824 goto next_flow;
1825 }
1826
1827 cls_flower.classid = f->res.classid;
1828
1829 err = tc_setup_cb_reoffload(block, tp, add, cb,
1830 TC_SETUP_CLSFLOWER, &cls_flower,
1831 cb_priv, &f->flags,
1832 &f->in_hw_count);
1833 tc_cleanup_flow_action(&cls_flower.rule->action);
1834 kfree(cls_flower.rule);
1835
1836 if (err) {
1837 __fl_put(f);
1838 return err;
1839 }
1840 next_flow:
1841 __fl_put(f);
1842 }
1843
1844 return 0;
1845 }
1846
1847 static void fl_hw_add(struct tcf_proto *tp, void *type_data)
1848 {
1849 struct flow_cls_offload *cls_flower = type_data;
1850 struct cls_fl_filter *f =
1851 (struct cls_fl_filter *) cls_flower->cookie;
1852 struct cls_fl_head *head = fl_head_dereference(tp);
1853
1854 spin_lock(&tp->lock);
1855 list_add(&f->hw_list, &head->hw_filters);
1856 spin_unlock(&tp->lock);
1857 }
1858
1859 static void fl_hw_del(struct tcf_proto *tp, void *type_data)
1860 {
1861 struct flow_cls_offload *cls_flower = type_data;
1862 struct cls_fl_filter *f =
1863 (struct cls_fl_filter *) cls_flower->cookie;
1864
1865 spin_lock(&tp->lock);
1866 if (!list_empty(&f->hw_list))
1867 list_del_init(&f->hw_list);
1868 spin_unlock(&tp->lock);
1869 }
1870
1871 static int fl_hw_create_tmplt(struct tcf_chain *chain,
1872 struct fl_flow_tmplt *tmplt)
1873 {
1874 struct flow_cls_offload cls_flower = {};
1875 struct tcf_block *block = chain->block;
1876
1877 cls_flower.rule = flow_rule_alloc(0);
1878 if (!cls_flower.rule)
1879 return -ENOMEM;
1880
1881 cls_flower.common.chain_index = chain->index;
1882 cls_flower.command = FLOW_CLS_TMPLT_CREATE;
1883 cls_flower.cookie = (unsigned long) tmplt;
1884 cls_flower.rule->match.dissector = &tmplt->dissector;
1885 cls_flower.rule->match.mask = &tmplt->mask;
1886 cls_flower.rule->match.key = &tmplt->dummy_key;
1887
1888
1889
1890
1891 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
1892 kfree(cls_flower.rule);
1893
1894 return 0;
1895 }
1896
1897 static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
1898 struct fl_flow_tmplt *tmplt)
1899 {
1900 struct flow_cls_offload cls_flower = {};
1901 struct tcf_block *block = chain->block;
1902
1903 cls_flower.common.chain_index = chain->index;
1904 cls_flower.command = FLOW_CLS_TMPLT_DESTROY;
1905 cls_flower.cookie = (unsigned long) tmplt;
1906
1907 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
1908 }
1909
1910 static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
1911 struct nlattr **tca,
1912 struct netlink_ext_ack *extack)
1913 {
1914 struct fl_flow_tmplt *tmplt;
1915 struct nlattr **tb;
1916 int err;
1917
1918 if (!tca[TCA_OPTIONS])
1919 return ERR_PTR(-EINVAL);
1920
1921 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1922 if (!tb)
1923 return ERR_PTR(-ENOBUFS);
1924 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
1925 tca[TCA_OPTIONS], fl_policy, NULL);
1926 if (err)
1927 goto errout_tb;
1928
1929 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
1930 if (!tmplt) {
1931 err = -ENOMEM;
1932 goto errout_tb;
1933 }
1934 tmplt->chain = chain;
1935 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
1936 if (err)
1937 goto errout_tmplt;
1938
1939 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
1940
1941 err = fl_hw_create_tmplt(chain, tmplt);
1942 if (err)
1943 goto errout_tmplt;
1944
1945 kfree(tb);
1946 return tmplt;
1947
1948 errout_tmplt:
1949 kfree(tmplt);
1950 errout_tb:
1951 kfree(tb);
1952 return ERR_PTR(err);
1953 }
1954
1955 static void fl_tmplt_destroy(void *tmplt_priv)
1956 {
1957 struct fl_flow_tmplt *tmplt = tmplt_priv;
1958
1959 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
1960 kfree(tmplt);
1961 }
1962
1963 static int fl_dump_key_val(struct sk_buff *skb,
1964 void *val, int val_type,
1965 void *mask, int mask_type, int len)
1966 {
1967 int err;
1968
1969 if (!memchr_inv(mask, 0, len))
1970 return 0;
1971 err = nla_put(skb, val_type, len, val);
1972 if (err)
1973 return err;
1974 if (mask_type != TCA_FLOWER_UNSPEC) {
1975 err = nla_put(skb, mask_type, len, mask);
1976 if (err)
1977 return err;
1978 }
1979 return 0;
1980 }
1981
1982 static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
1983 struct fl_flow_key *mask)
1984 {
1985 if (fl_dump_key_val(skb, &key->tp_range.tp_min.dst,
1986 TCA_FLOWER_KEY_PORT_DST_MIN,
1987 &mask->tp_range.tp_min.dst, TCA_FLOWER_UNSPEC,
1988 sizeof(key->tp_range.tp_min.dst)) ||
1989 fl_dump_key_val(skb, &key->tp_range.tp_max.dst,
1990 TCA_FLOWER_KEY_PORT_DST_MAX,
1991 &mask->tp_range.tp_max.dst, TCA_FLOWER_UNSPEC,
1992 sizeof(key->tp_range.tp_max.dst)) ||
1993 fl_dump_key_val(skb, &key->tp_range.tp_min.src,
1994 TCA_FLOWER_KEY_PORT_SRC_MIN,
1995 &mask->tp_range.tp_min.src, TCA_FLOWER_UNSPEC,
1996 sizeof(key->tp_range.tp_min.src)) ||
1997 fl_dump_key_val(skb, &key->tp_range.tp_max.src,
1998 TCA_FLOWER_KEY_PORT_SRC_MAX,
1999 &mask->tp_range.tp_max.src, TCA_FLOWER_UNSPEC,
2000 sizeof(key->tp_range.tp_max.src)))
2001 return -1;
2002
2003 return 0;
2004 }
2005
2006 static int fl_dump_key_mpls(struct sk_buff *skb,
2007 struct flow_dissector_key_mpls *mpls_key,
2008 struct flow_dissector_key_mpls *mpls_mask)
2009 {
2010 int err;
2011
2012 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
2013 return 0;
2014 if (mpls_mask->mpls_ttl) {
2015 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
2016 mpls_key->mpls_ttl);
2017 if (err)
2018 return err;
2019 }
2020 if (mpls_mask->mpls_tc) {
2021 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
2022 mpls_key->mpls_tc);
2023 if (err)
2024 return err;
2025 }
2026 if (mpls_mask->mpls_label) {
2027 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
2028 mpls_key->mpls_label);
2029 if (err)
2030 return err;
2031 }
2032 if (mpls_mask->mpls_bos) {
2033 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
2034 mpls_key->mpls_bos);
2035 if (err)
2036 return err;
2037 }
2038 return 0;
2039 }
2040
2041 static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
2042 struct flow_dissector_key_ip *key,
2043 struct flow_dissector_key_ip *mask)
2044 {
2045 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
2046 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
2047 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
2048 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
2049
2050 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
2051 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
2052 return -1;
2053
2054 return 0;
2055 }
2056
2057 static int fl_dump_key_vlan(struct sk_buff *skb,
2058 int vlan_id_key, int vlan_prio_key,
2059 struct flow_dissector_key_vlan *vlan_key,
2060 struct flow_dissector_key_vlan *vlan_mask)
2061 {
2062 int err;
2063
2064 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
2065 return 0;
2066 if (vlan_mask->vlan_id) {
2067 err = nla_put_u16(skb, vlan_id_key,
2068 vlan_key->vlan_id);
2069 if (err)
2070 return err;
2071 }
2072 if (vlan_mask->vlan_priority) {
2073 err = nla_put_u8(skb, vlan_prio_key,
2074 vlan_key->vlan_priority);
2075 if (err)
2076 return err;
2077 }
2078 return 0;
2079 }
2080
2081 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
2082 u32 *flower_key, u32 *flower_mask,
2083 u32 flower_flag_bit, u32 dissector_flag_bit)
2084 {
2085 if (dissector_mask & dissector_flag_bit) {
2086 *flower_mask |= flower_flag_bit;
2087 if (dissector_key & dissector_flag_bit)
2088 *flower_key |= flower_flag_bit;
2089 }
2090 }
2091
2092 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
2093 {
2094 u32 key, mask;
2095 __be32 _key, _mask;
2096 int err;
2097
2098 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
2099 return 0;
2100
2101 key = 0;
2102 mask = 0;
2103
2104 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2105 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
2106 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2107 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
2108 FLOW_DIS_FIRST_FRAG);
2109
2110 _key = cpu_to_be32(key);
2111 _mask = cpu_to_be32(mask);
2112
2113 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
2114 if (err)
2115 return err;
2116
2117 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
2118 }
2119
2120 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
2121 struct flow_dissector_key_enc_opts *enc_opts)
2122 {
2123 struct geneve_opt *opt;
2124 struct nlattr *nest;
2125 int opt_off = 0;
2126
2127 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
2128 if (!nest)
2129 goto nla_put_failure;
2130
2131 while (enc_opts->len > opt_off) {
2132 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
2133
2134 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
2135 opt->opt_class))
2136 goto nla_put_failure;
2137 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
2138 opt->type))
2139 goto nla_put_failure;
2140 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
2141 opt->length * 4, opt->opt_data))
2142 goto nla_put_failure;
2143
2144 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
2145 }
2146 nla_nest_end(skb, nest);
2147 return 0;
2148
2149 nla_put_failure:
2150 nla_nest_cancel(skb, nest);
2151 return -EMSGSIZE;
2152 }
2153
2154 static int fl_dump_key_ct(struct sk_buff *skb,
2155 struct flow_dissector_key_ct *key,
2156 struct flow_dissector_key_ct *mask)
2157 {
2158 if (IS_ENABLED(CONFIG_NF_CONNTRACK) &&
2159 fl_dump_key_val(skb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
2160 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
2161 sizeof(key->ct_state)))
2162 goto nla_put_failure;
2163
2164 if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) &&
2165 fl_dump_key_val(skb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
2166 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
2167 sizeof(key->ct_zone)))
2168 goto nla_put_failure;
2169
2170 if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) &&
2171 fl_dump_key_val(skb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
2172 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
2173 sizeof(key->ct_mark)))
2174 goto nla_put_failure;
2175
2176 if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) &&
2177 fl_dump_key_val(skb, &key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
2178 &mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
2179 sizeof(key->ct_labels)))
2180 goto nla_put_failure;
2181
2182 return 0;
2183
2184 nla_put_failure:
2185 return -EMSGSIZE;
2186 }
2187
2188 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
2189 struct flow_dissector_key_enc_opts *enc_opts)
2190 {
2191 struct nlattr *nest;
2192 int err;
2193
2194 if (!enc_opts->len)
2195 return 0;
2196
2197 nest = nla_nest_start_noflag(skb, enc_opt_type);
2198 if (!nest)
2199 goto nla_put_failure;
2200
2201 switch (enc_opts->dst_opt_type) {
2202 case TUNNEL_GENEVE_OPT:
2203 err = fl_dump_key_geneve_opt(skb, enc_opts);
2204 if (err)
2205 goto nla_put_failure;
2206 break;
2207 default:
2208 goto nla_put_failure;
2209 }
2210 nla_nest_end(skb, nest);
2211 return 0;
2212
2213 nla_put_failure:
2214 nla_nest_cancel(skb, nest);
2215 return -EMSGSIZE;
2216 }
2217
2218 static int fl_dump_key_enc_opt(struct sk_buff *skb,
2219 struct flow_dissector_key_enc_opts *key_opts,
2220 struct flow_dissector_key_enc_opts *msk_opts)
2221 {
2222 int err;
2223
2224 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
2225 if (err)
2226 return err;
2227
2228 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
2229 }
2230
2231 static int fl_dump_key(struct sk_buff *skb, struct net *net,
2232 struct fl_flow_key *key, struct fl_flow_key *mask)
2233 {
2234 if (mask->meta.ingress_ifindex) {
2235 struct net_device *dev;
2236
2237 dev = __dev_get_by_index(net, key->meta.ingress_ifindex);
2238 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
2239 goto nla_put_failure;
2240 }
2241
2242 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
2243 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
2244 sizeof(key->eth.dst)) ||
2245 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
2246 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
2247 sizeof(key->eth.src)) ||
2248 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
2249 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
2250 sizeof(key->basic.n_proto)))
2251 goto nla_put_failure;
2252
2253 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
2254 goto nla_put_failure;
2255
2256 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
2257 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
2258 goto nla_put_failure;
2259
2260 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
2261 TCA_FLOWER_KEY_CVLAN_PRIO,
2262 &key->cvlan, &mask->cvlan) ||
2263 (mask->cvlan.vlan_tpid &&
2264 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2265 key->cvlan.vlan_tpid)))
2266 goto nla_put_failure;
2267
2268 if (mask->basic.n_proto) {
2269 if (mask->cvlan.vlan_tpid) {
2270 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
2271 key->basic.n_proto))
2272 goto nla_put_failure;
2273 } else if (mask->vlan.vlan_tpid) {
2274 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2275 key->basic.n_proto))
2276 goto nla_put_failure;
2277 }
2278 }
2279
2280 if ((key->basic.n_proto == htons(ETH_P_IP) ||
2281 key->basic.n_proto == htons(ETH_P_IPV6)) &&
2282 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
2283 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
2284 sizeof(key->basic.ip_proto)) ||
2285 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
2286 goto nla_put_failure;
2287
2288 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2289 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
2290 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
2291 sizeof(key->ipv4.src)) ||
2292 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
2293 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
2294 sizeof(key->ipv4.dst))))
2295 goto nla_put_failure;
2296 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2297 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
2298 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
2299 sizeof(key->ipv6.src)) ||
2300 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
2301 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
2302 sizeof(key->ipv6.dst))))
2303 goto nla_put_failure;
2304
2305 if (key->basic.ip_proto == IPPROTO_TCP &&
2306 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
2307 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
2308 sizeof(key->tp.src)) ||
2309 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
2310 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
2311 sizeof(key->tp.dst)) ||
2312 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
2313 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
2314 sizeof(key->tcp.flags))))
2315 goto nla_put_failure;
2316 else if (key->basic.ip_proto == IPPROTO_UDP &&
2317 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
2318 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
2319 sizeof(key->tp.src)) ||
2320 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
2321 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
2322 sizeof(key->tp.dst))))
2323 goto nla_put_failure;
2324 else if (key->basic.ip_proto == IPPROTO_SCTP &&
2325 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
2326 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
2327 sizeof(key->tp.src)) ||
2328 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
2329 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
2330 sizeof(key->tp.dst))))
2331 goto nla_put_failure;
2332 else if (key->basic.n_proto == htons(ETH_P_IP) &&
2333 key->basic.ip_proto == IPPROTO_ICMP &&
2334 (fl_dump_key_val(skb, &key->icmp.type,
2335 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
2336 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
2337 sizeof(key->icmp.type)) ||
2338 fl_dump_key_val(skb, &key->icmp.code,
2339 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
2340 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
2341 sizeof(key->icmp.code))))
2342 goto nla_put_failure;
2343 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
2344 key->basic.ip_proto == IPPROTO_ICMPV6 &&
2345 (fl_dump_key_val(skb, &key->icmp.type,
2346 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
2347 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
2348 sizeof(key->icmp.type)) ||
2349 fl_dump_key_val(skb, &key->icmp.code,
2350 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
2351 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
2352 sizeof(key->icmp.code))))
2353 goto nla_put_failure;
2354 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
2355 key->basic.n_proto == htons(ETH_P_RARP)) &&
2356 (fl_dump_key_val(skb, &key->arp.sip,
2357 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
2358 TCA_FLOWER_KEY_ARP_SIP_MASK,
2359 sizeof(key->arp.sip)) ||
2360 fl_dump_key_val(skb, &key->arp.tip,
2361 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
2362 TCA_FLOWER_KEY_ARP_TIP_MASK,
2363 sizeof(key->arp.tip)) ||
2364 fl_dump_key_val(skb, &key->arp.op,
2365 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
2366 TCA_FLOWER_KEY_ARP_OP_MASK,
2367 sizeof(key->arp.op)) ||
2368 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
2369 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
2370 sizeof(key->arp.sha)) ||
2371 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
2372 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
2373 sizeof(key->arp.tha))))
2374 goto nla_put_failure;
2375
2376 if ((key->basic.ip_proto == IPPROTO_TCP ||
2377 key->basic.ip_proto == IPPROTO_UDP ||
2378 key->basic.ip_proto == IPPROTO_SCTP) &&
2379 fl_dump_key_port_range(skb, key, mask))
2380 goto nla_put_failure;
2381
2382 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2383 (fl_dump_key_val(skb, &key->enc_ipv4.src,
2384 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
2385 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
2386 sizeof(key->enc_ipv4.src)) ||
2387 fl_dump_key_val(skb, &key->enc_ipv4.dst,
2388 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
2389 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
2390 sizeof(key->enc_ipv4.dst))))
2391 goto nla_put_failure;
2392 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2393 (fl_dump_key_val(skb, &key->enc_ipv6.src,
2394 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
2395 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
2396 sizeof(key->enc_ipv6.src)) ||
2397 fl_dump_key_val(skb, &key->enc_ipv6.dst,
2398 TCA_FLOWER_KEY_ENC_IPV6_DST,
2399 &mask->enc_ipv6.dst,
2400 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
2401 sizeof(key->enc_ipv6.dst))))
2402 goto nla_put_failure;
2403
2404 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
2405 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
2406 sizeof(key->enc_key_id)) ||
2407 fl_dump_key_val(skb, &key->enc_tp.src,
2408 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
2409 &mask->enc_tp.src,
2410 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
2411 sizeof(key->enc_tp.src)) ||
2412 fl_dump_key_val(skb, &key->enc_tp.dst,
2413 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
2414 &mask->enc_tp.dst,
2415 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
2416 sizeof(key->enc_tp.dst)) ||
2417 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
2418 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
2419 goto nla_put_failure;
2420
2421 if (fl_dump_key_ct(skb, &key->ct, &mask->ct))
2422 goto nla_put_failure;
2423
2424 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
2425 goto nla_put_failure;
2426
2427 return 0;
2428
2429 nla_put_failure:
2430 return -EMSGSIZE;
2431 }
2432
2433 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
2434 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
2435 {
2436 struct cls_fl_filter *f = fh;
2437 struct nlattr *nest;
2438 struct fl_flow_key *key, *mask;
2439 bool skip_hw;
2440
2441 if (!f)
2442 return skb->len;
2443
2444 t->tcm_handle = f->handle;
2445
2446 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2447 if (!nest)
2448 goto nla_put_failure;
2449
2450 spin_lock(&tp->lock);
2451
2452 if (f->res.classid &&
2453 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
2454 goto nla_put_failure_locked;
2455
2456 key = &f->key;
2457 mask = &f->mask->key;
2458 skip_hw = tc_skip_hw(f->flags);
2459
2460 if (fl_dump_key(skb, net, key, mask))
2461 goto nla_put_failure_locked;
2462
2463 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
2464 goto nla_put_failure_locked;
2465
2466 spin_unlock(&tp->lock);
2467
2468 if (!skip_hw)
2469 fl_hw_update_stats(tp, f, rtnl_held);
2470
2471 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
2472 goto nla_put_failure;
2473
2474 if (tcf_exts_dump(skb, &f->exts))
2475 goto nla_put_failure;
2476
2477 nla_nest_end(skb, nest);
2478
2479 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
2480 goto nla_put_failure;
2481
2482 return skb->len;
2483
2484 nla_put_failure_locked:
2485 spin_unlock(&tp->lock);
2486 nla_put_failure:
2487 nla_nest_cancel(skb, nest);
2488 return -1;
2489 }
2490
2491 static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
2492 {
2493 struct fl_flow_tmplt *tmplt = tmplt_priv;
2494 struct fl_flow_key *key, *mask;
2495 struct nlattr *nest;
2496
2497 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2498 if (!nest)
2499 goto nla_put_failure;
2500
2501 key = &tmplt->dummy_key;
2502 mask = &tmplt->mask;
2503
2504 if (fl_dump_key(skb, net, key, mask))
2505 goto nla_put_failure;
2506
2507 nla_nest_end(skb, nest);
2508
2509 return skb->len;
2510
2511 nla_put_failure:
2512 nla_nest_cancel(skb, nest);
2513 return -EMSGSIZE;
2514 }
2515
2516 static void fl_bind_class(void *fh, u32 classid, unsigned long cl, void *q,
2517 unsigned long base)
2518 {
2519 struct cls_fl_filter *f = fh;
2520
2521 if (f && f->res.classid == classid) {
2522 if (cl)
2523 __tcf_bind_filter(q, &f->res, base);
2524 else
2525 __tcf_unbind_filter(q, &f->res);
2526 }
2527 }
2528
2529 static bool fl_delete_empty(struct tcf_proto *tp)
2530 {
2531 struct cls_fl_head *head = fl_head_dereference(tp);
2532
2533 spin_lock(&tp->lock);
2534 tp->deleting = idr_is_empty(&head->handle_idr);
2535 spin_unlock(&tp->lock);
2536
2537 return tp->deleting;
2538 }
2539
2540 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
2541 .kind = "flower",
2542 .classify = fl_classify,
2543 .init = fl_init,
2544 .destroy = fl_destroy,
2545 .get = fl_get,
2546 .put = fl_put,
2547 .change = fl_change,
2548 .delete = fl_delete,
2549 .delete_empty = fl_delete_empty,
2550 .walk = fl_walk,
2551 .reoffload = fl_reoffload,
2552 .hw_add = fl_hw_add,
2553 .hw_del = fl_hw_del,
2554 .dump = fl_dump,
2555 .bind_class = fl_bind_class,
2556 .tmplt_create = fl_tmplt_create,
2557 .tmplt_destroy = fl_tmplt_destroy,
2558 .tmplt_dump = fl_tmplt_dump,
2559 .owner = THIS_MODULE,
2560 .flags = TCF_PROTO_OPS_DOIT_UNLOCKED,
2561 };
2562
2563 static int __init cls_fl_init(void)
2564 {
2565 return register_tcf_proto_ops(&cls_fl_ops);
2566 }
2567
2568 static void __exit cls_fl_exit(void)
2569 {
2570 unregister_tcf_proto_ops(&cls_fl_ops);
2571 }
2572
2573 module_init(cls_fl_init);
2574 module_exit(cls_fl_exit);
2575
2576 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2577 MODULE_DESCRIPTION("Flower classifier");
2578 MODULE_LICENSE("GPL v2");