1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * net/sched/cls_flower.c Flower classifier
5 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
8 #include <linux/kernel.h>
9 #include <linux/init.h>
10 #include <linux/module.h>
11 #include <linux/rhashtable.h>
12 #include <linux/workqueue.h>
13 #include <linux/refcount.h>
14 #include <linux/bitfield.h>
16 #include <linux/if_ether.h>
17 #include <linux/in6.h>
19 #include <linux/mpls.h>
20 #include <linux/ppp_defs.h>
22 #include <net/sch_generic.h>
23 #include <net/pkt_cls.h>
24 #include <net/pkt_sched.h>
26 #include <net/flow_dissector.h>
27 #include <net/geneve.h>
28 #include <net/vxlan.h>
29 #include <net/erspan.h>
31 #include <net/tc_wrapper.h>
34 #include <net/dst_metadata.h>
36 #include <uapi/linux/netfilter/nf_conntrack_common.h>
38 #define TCA_FLOWER_KEY_CT_FLAGS_MAX \
39 ((__TCA_FLOWER_KEY_CT_FLAGS_MAX - 1) << 1)
40 #define TCA_FLOWER_KEY_CT_FLAGS_MASK \
41 (TCA_FLOWER_KEY_CT_FLAGS_MAX - 1)
44 struct flow_dissector_key_meta meta;
45 struct flow_dissector_key_control control;
46 struct flow_dissector_key_control enc_control;
47 struct flow_dissector_key_basic basic;
48 struct flow_dissector_key_eth_addrs eth;
49 struct flow_dissector_key_vlan vlan;
50 struct flow_dissector_key_vlan cvlan;
52 struct flow_dissector_key_ipv4_addrs ipv4;
53 struct flow_dissector_key_ipv6_addrs ipv6;
55 struct flow_dissector_key_ports tp;
56 struct flow_dissector_key_icmp icmp;
57 struct flow_dissector_key_arp arp;
58 struct flow_dissector_key_keyid enc_key_id;
60 struct flow_dissector_key_ipv4_addrs enc_ipv4;
61 struct flow_dissector_key_ipv6_addrs enc_ipv6;
63 struct flow_dissector_key_ports enc_tp;
64 struct flow_dissector_key_mpls mpls;
65 struct flow_dissector_key_tcp tcp;
66 struct flow_dissector_key_ip ip;
67 struct flow_dissector_key_ip enc_ip;
68 struct flow_dissector_key_enc_opts enc_opts;
69 struct flow_dissector_key_ports_range tp_range;
70 struct flow_dissector_key_ct ct;
71 struct flow_dissector_key_hash hash;
72 struct flow_dissector_key_num_of_vlans num_of_vlans;
73 struct flow_dissector_key_pppoe pppoe;
74 struct flow_dissector_key_l2tpv3 l2tpv3;
75 struct flow_dissector_key_cfm cfm;
76 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
78 struct fl_flow_mask_range {
79 unsigned short int start;
80 unsigned short int end;
84 struct fl_flow_key key;
85 struct fl_flow_mask_range range;
87 struct rhash_head ht_node;
89 struct rhashtable_params filter_ht_params;
90 struct flow_dissector dissector;
91 struct list_head filters;
92 struct rcu_work rwork;
93 struct list_head list;
97 struct fl_flow_tmplt {
98 struct fl_flow_key dummy_key;
99 struct fl_flow_key mask;
100 struct flow_dissector dissector;
101 struct tcf_chain *chain;
105 struct rhashtable ht;
106 spinlock_t masks_lock; /* Protect masks list */
107 struct list_head masks;
108 struct list_head hw_filters;
109 struct rcu_work rwork;
110 struct idr handle_idr;
113 struct cls_fl_filter {
114 struct fl_flow_mask *mask;
115 struct rhash_head ht_node;
116 struct fl_flow_key mkey;
117 struct tcf_exts exts;
118 struct tcf_result res;
119 struct fl_flow_key key;
120 struct list_head list;
121 struct list_head hw_list;
125 u8 needs_tc_skb_ext:1;
126 struct rcu_work rwork;
127 struct net_device *hw_dev;
128 /* Flower classifier is unlocked, which means that its reference counter
129 * can be changed concurrently without any kind of external
130 * synchronization. Use atomic reference counter to be concurrency-safe.
136 static const struct rhashtable_params mask_ht_params = {
137 .key_offset = offsetof(struct fl_flow_mask, key),
138 .key_len = sizeof(struct fl_flow_key),
139 .head_offset = offsetof(struct fl_flow_mask, ht_node),
140 .automatic_shrinking = true,
143 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
145 return mask->range.end - mask->range.start;
148 static void fl_mask_update_range(struct fl_flow_mask *mask)
150 const u8 *bytes = (const u8 *) &mask->key;
151 size_t size = sizeof(mask->key);
152 size_t i, first = 0, last;
154 for (i = 0; i < size; i++) {
161 for (i = size - 1; i != first; i--) {
167 mask->range.start = rounddown(first, sizeof(long));
168 mask->range.end = roundup(last + 1, sizeof(long));
171 static void *fl_key_get_start(struct fl_flow_key *key,
172 const struct fl_flow_mask *mask)
174 return (u8 *) key + mask->range.start;
177 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
178 struct fl_flow_mask *mask)
180 const long *lkey = fl_key_get_start(key, mask);
181 const long *lmask = fl_key_get_start(&mask->key, mask);
182 long *lmkey = fl_key_get_start(mkey, mask);
185 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
186 *lmkey++ = *lkey++ & *lmask++;
189 static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
190 struct fl_flow_mask *mask)
192 const long *lmask = fl_key_get_start(&mask->key, mask);
198 ltmplt = fl_key_get_start(&tmplt->mask, mask);
199 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
200 if (~*ltmplt++ & *lmask++)
206 static void fl_clear_masked_range(struct fl_flow_key *key,
207 struct fl_flow_mask *mask)
209 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
212 static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
213 struct fl_flow_key *key,
214 struct fl_flow_key *mkey)
216 u16 min_mask, max_mask, min_val, max_val;
218 min_mask = ntohs(filter->mask->key.tp_range.tp_min.dst);
219 max_mask = ntohs(filter->mask->key.tp_range.tp_max.dst);
220 min_val = ntohs(filter->key.tp_range.tp_min.dst);
221 max_val = ntohs(filter->key.tp_range.tp_max.dst);
223 if (min_mask && max_mask) {
224 if (ntohs(key->tp_range.tp.dst) < min_val ||
225 ntohs(key->tp_range.tp.dst) > max_val)
228 /* skb does not have min and max values */
229 mkey->tp_range.tp_min.dst = filter->mkey.tp_range.tp_min.dst;
230 mkey->tp_range.tp_max.dst = filter->mkey.tp_range.tp_max.dst;
235 static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
236 struct fl_flow_key *key,
237 struct fl_flow_key *mkey)
239 u16 min_mask, max_mask, min_val, max_val;
241 min_mask = ntohs(filter->mask->key.tp_range.tp_min.src);
242 max_mask = ntohs(filter->mask->key.tp_range.tp_max.src);
243 min_val = ntohs(filter->key.tp_range.tp_min.src);
244 max_val = ntohs(filter->key.tp_range.tp_max.src);
246 if (min_mask && max_mask) {
247 if (ntohs(key->tp_range.tp.src) < min_val ||
248 ntohs(key->tp_range.tp.src) > max_val)
251 /* skb does not have min and max values */
252 mkey->tp_range.tp_min.src = filter->mkey.tp_range.tp_min.src;
253 mkey->tp_range.tp_max.src = filter->mkey.tp_range.tp_max.src;
258 static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
259 struct fl_flow_key *mkey)
261 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
262 mask->filter_ht_params);
265 static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
266 struct fl_flow_key *mkey,
267 struct fl_flow_key *key)
269 struct cls_fl_filter *filter, *f;
271 list_for_each_entry_rcu(filter, &mask->filters, list) {
272 if (!fl_range_port_dst_cmp(filter, key, mkey))
275 if (!fl_range_port_src_cmp(filter, key, mkey))
278 f = __fl_lookup(mask, mkey);
285 static noinline_for_stack
286 struct cls_fl_filter *fl_mask_lookup(struct fl_flow_mask *mask, struct fl_flow_key *key)
288 struct fl_flow_key mkey;
290 fl_set_masked_key(&mkey, key, mask);
291 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
292 return fl_lookup_range(mask, &mkey, key);
294 return __fl_lookup(mask, &mkey);
297 static u16 fl_ct_info_to_flower_map[] = {
298 [IP_CT_ESTABLISHED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
299 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED,
300 [IP_CT_RELATED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
301 TCA_FLOWER_KEY_CT_FLAGS_RELATED,
302 [IP_CT_ESTABLISHED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
303 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED |
304 TCA_FLOWER_KEY_CT_FLAGS_REPLY,
305 [IP_CT_RELATED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
306 TCA_FLOWER_KEY_CT_FLAGS_RELATED |
307 TCA_FLOWER_KEY_CT_FLAGS_REPLY,
308 [IP_CT_NEW] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
309 TCA_FLOWER_KEY_CT_FLAGS_NEW,
312 TC_INDIRECT_SCOPE int fl_classify(struct sk_buff *skb,
313 const struct tcf_proto *tp,
314 struct tcf_result *res)
316 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
317 bool post_ct = tc_skb_cb(skb)->post_ct;
318 u16 zone = tc_skb_cb(skb)->zone;
319 struct fl_flow_key skb_key;
320 struct fl_flow_mask *mask;
321 struct cls_fl_filter *f;
323 list_for_each_entry_rcu(mask, &head->masks, list) {
324 flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
325 fl_clear_masked_range(&skb_key, mask);
327 skb_flow_dissect_meta(skb, &mask->dissector, &skb_key);
328 /* skb_flow_dissect() does not set n_proto in case an unknown
329 * protocol, so do it rather here.
331 skb_key.basic.n_proto = skb_protocol(skb, false);
332 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
333 skb_flow_dissect_ct(skb, &mask->dissector, &skb_key,
334 fl_ct_info_to_flower_map,
335 ARRAY_SIZE(fl_ct_info_to_flower_map),
337 skb_flow_dissect_hash(skb, &mask->dissector, &skb_key);
338 skb_flow_dissect(skb, &mask->dissector, &skb_key,
339 FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP);
341 f = fl_mask_lookup(mask, &skb_key);
342 if (f && !tc_skip_sw(f->flags)) {
344 return tcf_exts_exec(skb, &f->exts, res);
350 static int fl_init(struct tcf_proto *tp)
352 struct cls_fl_head *head;
354 head = kzalloc(sizeof(*head), GFP_KERNEL);
358 spin_lock_init(&head->masks_lock);
359 INIT_LIST_HEAD_RCU(&head->masks);
360 INIT_LIST_HEAD(&head->hw_filters);
361 rcu_assign_pointer(tp->root, head);
362 idr_init(&head->handle_idr);
364 return rhashtable_init(&head->ht, &mask_ht_params);
367 static void fl_mask_free(struct fl_flow_mask *mask, bool mask_init_done)
369 /* temporary masks don't have their filters list and ht initialized */
370 if (mask_init_done) {
371 WARN_ON(!list_empty(&mask->filters));
372 rhashtable_destroy(&mask->ht);
377 static void fl_mask_free_work(struct work_struct *work)
379 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
380 struct fl_flow_mask, rwork);
382 fl_mask_free(mask, true);
385 static void fl_uninit_mask_free_work(struct work_struct *work)
387 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
388 struct fl_flow_mask, rwork);
390 fl_mask_free(mask, false);
393 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask)
395 if (!refcount_dec_and_test(&mask->refcnt))
398 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
400 spin_lock(&head->masks_lock);
401 list_del_rcu(&mask->list);
402 spin_unlock(&head->masks_lock);
404 tcf_queue_work(&mask->rwork, fl_mask_free_work);
409 static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp)
411 /* Flower classifier only changes root pointer during init and destroy.
412 * Users must obtain reference to tcf_proto instance before calling its
413 * API, so tp->root pointer is protected from concurrent call to
414 * fl_destroy() by reference counting.
416 return rcu_dereference_raw(tp->root);
419 static void __fl_destroy_filter(struct cls_fl_filter *f)
421 if (f->needs_tc_skb_ext)
422 tc_skb_ext_tc_disable();
423 tcf_exts_destroy(&f->exts);
424 tcf_exts_put_net(&f->exts);
428 static void fl_destroy_filter_work(struct work_struct *work)
430 struct cls_fl_filter *f = container_of(to_rcu_work(work),
431 struct cls_fl_filter, rwork);
433 __fl_destroy_filter(f);
436 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
437 bool rtnl_held, struct netlink_ext_ack *extack)
439 struct tcf_block *block = tp->chain->block;
440 struct flow_cls_offload cls_flower = {};
442 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
443 cls_flower.command = FLOW_CLS_DESTROY;
444 cls_flower.cookie = (unsigned long) f;
446 tc_setup_cb_destroy(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, false,
447 &f->flags, &f->in_hw_count, rtnl_held);
451 static int fl_hw_replace_filter(struct tcf_proto *tp,
452 struct cls_fl_filter *f, bool rtnl_held,
453 struct netlink_ext_ack *extack)
455 struct tcf_block *block = tp->chain->block;
456 struct flow_cls_offload cls_flower = {};
457 bool skip_sw = tc_skip_sw(f->flags);
460 cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts));
461 if (!cls_flower.rule)
464 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
465 cls_flower.command = FLOW_CLS_REPLACE;
466 cls_flower.cookie = (unsigned long) f;
467 cls_flower.rule->match.dissector = &f->mask->dissector;
468 cls_flower.rule->match.mask = &f->mask->key;
469 cls_flower.rule->match.key = &f->mkey;
470 cls_flower.classid = f->res.classid;
472 err = tc_setup_offload_action(&cls_flower.rule->action, &f->exts,
473 cls_flower.common.extack);
475 kfree(cls_flower.rule);
477 return skip_sw ? err : 0;
480 err = tc_setup_cb_add(block, tp, TC_SETUP_CLSFLOWER, &cls_flower,
481 skip_sw, &f->flags, &f->in_hw_count, rtnl_held);
482 tc_cleanup_offload_action(&cls_flower.rule->action);
483 kfree(cls_flower.rule);
486 fl_hw_destroy_filter(tp, f, rtnl_held, NULL);
490 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
496 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f,
499 struct tcf_block *block = tp->chain->block;
500 struct flow_cls_offload cls_flower = {};
502 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
503 cls_flower.command = FLOW_CLS_STATS;
504 cls_flower.cookie = (unsigned long) f;
505 cls_flower.classid = f->res.classid;
507 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false,
510 tcf_exts_hw_stats_update(&f->exts, &cls_flower.stats, cls_flower.use_act_stats);
513 static void __fl_put(struct cls_fl_filter *f)
515 if (!refcount_dec_and_test(&f->refcnt))
518 if (tcf_exts_get_net(&f->exts))
519 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
521 __fl_destroy_filter(f);
524 static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle)
526 struct cls_fl_filter *f;
529 f = idr_find(&head->handle_idr, handle);
530 if (f && !refcount_inc_not_zero(&f->refcnt))
537 static struct tcf_exts *fl_get_exts(const struct tcf_proto *tp, u32 handle)
539 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
540 struct cls_fl_filter *f;
542 f = idr_find(&head->handle_idr, handle);
543 return f ? &f->exts : NULL;
546 static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
547 bool *last, bool rtnl_held,
548 struct netlink_ext_ack *extack)
550 struct cls_fl_head *head = fl_head_dereference(tp);
554 spin_lock(&tp->lock);
556 spin_unlock(&tp->lock);
561 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
562 f->mask->filter_ht_params);
563 idr_remove(&head->handle_idr, f->handle);
564 list_del_rcu(&f->list);
565 spin_unlock(&tp->lock);
567 *last = fl_mask_put(head, f->mask);
568 if (!tc_skip_hw(f->flags))
569 fl_hw_destroy_filter(tp, f, rtnl_held, extack);
570 tcf_unbind_filter(tp, &f->res);
576 static void fl_destroy_sleepable(struct work_struct *work)
578 struct cls_fl_head *head = container_of(to_rcu_work(work),
582 rhashtable_destroy(&head->ht);
584 module_put(THIS_MODULE);
587 static void fl_destroy(struct tcf_proto *tp, bool rtnl_held,
588 struct netlink_ext_ack *extack)
590 struct cls_fl_head *head = fl_head_dereference(tp);
591 struct fl_flow_mask *mask, *next_mask;
592 struct cls_fl_filter *f, *next;
595 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
596 list_for_each_entry_safe(f, next, &mask->filters, list) {
597 __fl_delete(tp, f, &last, rtnl_held, extack);
602 idr_destroy(&head->handle_idr);
604 __module_get(THIS_MODULE);
605 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
608 static void fl_put(struct tcf_proto *tp, void *arg)
610 struct cls_fl_filter *f = arg;
615 static void *fl_get(struct tcf_proto *tp, u32 handle)
617 struct cls_fl_head *head = fl_head_dereference(tp);
619 return __fl_get(head, handle);
622 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
623 [TCA_FLOWER_UNSPEC] = { .strict_start_type =
624 TCA_FLOWER_L2_MISS },
625 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
626 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
628 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
629 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
630 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
631 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
632 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
633 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
634 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
635 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
636 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
637 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
638 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
639 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
640 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
641 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
642 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
643 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
644 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
645 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
646 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
647 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
648 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
649 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
650 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
651 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
652 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
653 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
654 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
655 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
656 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
657 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
658 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
659 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
660 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
661 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
662 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
663 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
664 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
665 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
666 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
667 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
668 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
669 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
670 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
671 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
672 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
673 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
674 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
675 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
676 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
677 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
678 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
679 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
680 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
681 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
682 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
683 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
684 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
685 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
686 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
687 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
688 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
689 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
690 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
691 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
692 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
693 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
694 [TCA_FLOWER_KEY_MPLS_OPTS] = { .type = NLA_NESTED },
695 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
696 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
697 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
698 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
699 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
700 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
701 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
702 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
703 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
704 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
705 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
706 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
707 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
708 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
709 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
710 [TCA_FLOWER_KEY_CT_STATE] =
711 NLA_POLICY_MASK(NLA_U16, TCA_FLOWER_KEY_CT_FLAGS_MASK),
712 [TCA_FLOWER_KEY_CT_STATE_MASK] =
713 NLA_POLICY_MASK(NLA_U16, TCA_FLOWER_KEY_CT_FLAGS_MASK),
714 [TCA_FLOWER_KEY_CT_ZONE] = { .type = NLA_U16 },
715 [TCA_FLOWER_KEY_CT_ZONE_MASK] = { .type = NLA_U16 },
716 [TCA_FLOWER_KEY_CT_MARK] = { .type = NLA_U32 },
717 [TCA_FLOWER_KEY_CT_MARK_MASK] = { .type = NLA_U32 },
718 [TCA_FLOWER_KEY_CT_LABELS] = { .type = NLA_BINARY,
719 .len = 128 / BITS_PER_BYTE },
720 [TCA_FLOWER_KEY_CT_LABELS_MASK] = { .type = NLA_BINARY,
721 .len = 128 / BITS_PER_BYTE },
722 [TCA_FLOWER_FLAGS] = { .type = NLA_U32 },
723 [TCA_FLOWER_KEY_HASH] = { .type = NLA_U32 },
724 [TCA_FLOWER_KEY_HASH_MASK] = { .type = NLA_U32 },
725 [TCA_FLOWER_KEY_NUM_OF_VLANS] = { .type = NLA_U8 },
726 [TCA_FLOWER_KEY_PPPOE_SID] = { .type = NLA_U16 },
727 [TCA_FLOWER_KEY_PPP_PROTO] = { .type = NLA_U16 },
728 [TCA_FLOWER_KEY_L2TPV3_SID] = { .type = NLA_U32 },
729 [TCA_FLOWER_L2_MISS] = NLA_POLICY_MAX(NLA_U8, 1),
730 [TCA_FLOWER_KEY_CFM] = { .type = NLA_NESTED },
733 static const struct nla_policy
734 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
735 [TCA_FLOWER_KEY_ENC_OPTS_UNSPEC] = {
736 .strict_start_type = TCA_FLOWER_KEY_ENC_OPTS_VXLAN },
737 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
738 [TCA_FLOWER_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED },
739 [TCA_FLOWER_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED },
740 [TCA_FLOWER_KEY_ENC_OPTS_GTP] = { .type = NLA_NESTED },
743 static const struct nla_policy
744 geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
745 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
746 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
747 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
751 static const struct nla_policy
752 vxlan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1] = {
753 [TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 },
756 static const struct nla_policy
757 erspan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1] = {
758 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 },
759 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 },
760 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 },
761 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 },
764 static const struct nla_policy
765 gtp_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GTP_MAX + 1] = {
766 [TCA_FLOWER_KEY_ENC_OPT_GTP_PDU_TYPE] = { .type = NLA_U8 },
767 [TCA_FLOWER_KEY_ENC_OPT_GTP_QFI] = { .type = NLA_U8 },
770 static const struct nla_policy
771 mpls_stack_entry_policy[TCA_FLOWER_KEY_MPLS_OPT_LSE_MAX + 1] = {
772 [TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH] = { .type = NLA_U8 },
773 [TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL] = { .type = NLA_U8 },
774 [TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS] = { .type = NLA_U8 },
775 [TCA_FLOWER_KEY_MPLS_OPT_LSE_TC] = { .type = NLA_U8 },
776 [TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL] = { .type = NLA_U32 },
779 static const struct nla_policy cfm_opt_policy[TCA_FLOWER_KEY_CFM_OPT_MAX] = {
780 [TCA_FLOWER_KEY_CFM_MD_LEVEL] = NLA_POLICY_MAX(NLA_U8,
781 FLOW_DIS_CFM_MDL_MAX),
782 [TCA_FLOWER_KEY_CFM_OPCODE] = { .type = NLA_U8 },
785 static void fl_set_key_val(struct nlattr **tb,
786 void *val, int val_type,
787 void *mask, int mask_type, int len)
791 nla_memcpy(val, tb[val_type], len);
792 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
793 memset(mask, 0xff, len);
795 nla_memcpy(mask, tb[mask_type], len);
798 static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
799 struct fl_flow_key *mask,
800 struct netlink_ext_ack *extack)
802 fl_set_key_val(tb, &key->tp_range.tp_min.dst,
803 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_range.tp_min.dst,
804 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.dst));
805 fl_set_key_val(tb, &key->tp_range.tp_max.dst,
806 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_range.tp_max.dst,
807 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.dst));
808 fl_set_key_val(tb, &key->tp_range.tp_min.src,
809 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_range.tp_min.src,
810 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.src));
811 fl_set_key_val(tb, &key->tp_range.tp_max.src,
812 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_range.tp_max.src,
813 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.src));
815 if (mask->tp_range.tp_min.dst && mask->tp_range.tp_max.dst &&
816 ntohs(key->tp_range.tp_max.dst) <=
817 ntohs(key->tp_range.tp_min.dst)) {
818 NL_SET_ERR_MSG_ATTR(extack,
819 tb[TCA_FLOWER_KEY_PORT_DST_MIN],
820 "Invalid destination port range (min must be strictly smaller than max)");
823 if (mask->tp_range.tp_min.src && mask->tp_range.tp_max.src &&
824 ntohs(key->tp_range.tp_max.src) <=
825 ntohs(key->tp_range.tp_min.src)) {
826 NL_SET_ERR_MSG_ATTR(extack,
827 tb[TCA_FLOWER_KEY_PORT_SRC_MIN],
828 "Invalid source port range (min must be strictly smaller than max)");
835 static int fl_set_key_mpls_lse(const struct nlattr *nla_lse,
836 struct flow_dissector_key_mpls *key_val,
837 struct flow_dissector_key_mpls *key_mask,
838 struct netlink_ext_ack *extack)
840 struct nlattr *tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_MAX + 1];
841 struct flow_dissector_mpls_lse *lse_mask;
842 struct flow_dissector_mpls_lse *lse_val;
847 err = nla_parse_nested(tb, TCA_FLOWER_KEY_MPLS_OPT_LSE_MAX, nla_lse,
848 mpls_stack_entry_policy, extack);
852 if (!tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH]) {
853 NL_SET_ERR_MSG(extack, "Missing MPLS option \"depth\"");
857 depth = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH]);
859 /* LSE depth starts at 1, for consistency with terminology used by
860 * RFC 3031 (section 3.9), where depth 0 refers to unlabeled packets.
862 if (depth < 1 || depth > FLOW_DIS_MPLS_MAX) {
863 NL_SET_ERR_MSG_ATTR(extack,
864 tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH],
865 "Invalid MPLS depth");
868 lse_index = depth - 1;
870 dissector_set_mpls_lse(key_val, lse_index);
871 dissector_set_mpls_lse(key_mask, lse_index);
873 lse_val = &key_val->ls[lse_index];
874 lse_mask = &key_mask->ls[lse_index];
876 if (tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL]) {
877 lse_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL]);
878 lse_mask->mpls_ttl = MPLS_TTL_MASK;
880 if (tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS]) {
881 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS]);
883 if (bos & ~MPLS_BOS_MASK) {
884 NL_SET_ERR_MSG_ATTR(extack,
885 tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS],
886 "Bottom Of Stack (BOS) must be 0 or 1");
889 lse_val->mpls_bos = bos;
890 lse_mask->mpls_bos = MPLS_BOS_MASK;
892 if (tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_TC]) {
893 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_TC]);
895 if (tc & ~MPLS_TC_MASK) {
896 NL_SET_ERR_MSG_ATTR(extack,
897 tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_TC],
898 "Traffic Class (TC) must be between 0 and 7");
901 lse_val->mpls_tc = tc;
902 lse_mask->mpls_tc = MPLS_TC_MASK;
904 if (tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL]) {
905 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL]);
907 if (label & ~MPLS_LABEL_MASK) {
908 NL_SET_ERR_MSG_ATTR(extack,
909 tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL],
910 "Label must be between 0 and 1048575");
913 lse_val->mpls_label = label;
914 lse_mask->mpls_label = MPLS_LABEL_MASK;
920 static int fl_set_key_mpls_opts(const struct nlattr *nla_mpls_opts,
921 struct flow_dissector_key_mpls *key_val,
922 struct flow_dissector_key_mpls *key_mask,
923 struct netlink_ext_ack *extack)
925 struct nlattr *nla_lse;
929 if (!(nla_mpls_opts->nla_type & NLA_F_NESTED)) {
930 NL_SET_ERR_MSG_ATTR(extack, nla_mpls_opts,
931 "NLA_F_NESTED is missing");
935 nla_for_each_nested(nla_lse, nla_mpls_opts, rem) {
936 if (nla_type(nla_lse) != TCA_FLOWER_KEY_MPLS_OPTS_LSE) {
937 NL_SET_ERR_MSG_ATTR(extack, nla_lse,
938 "Invalid MPLS option type");
942 err = fl_set_key_mpls_lse(nla_lse, key_val, key_mask, extack);
947 NL_SET_ERR_MSG(extack,
948 "Bytes leftover after parsing MPLS options");
955 static int fl_set_key_mpls(struct nlattr **tb,
956 struct flow_dissector_key_mpls *key_val,
957 struct flow_dissector_key_mpls *key_mask,
958 struct netlink_ext_ack *extack)
960 struct flow_dissector_mpls_lse *lse_mask;
961 struct flow_dissector_mpls_lse *lse_val;
963 if (tb[TCA_FLOWER_KEY_MPLS_OPTS]) {
964 if (tb[TCA_FLOWER_KEY_MPLS_TTL] ||
965 tb[TCA_FLOWER_KEY_MPLS_BOS] ||
966 tb[TCA_FLOWER_KEY_MPLS_TC] ||
967 tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
968 NL_SET_ERR_MSG_ATTR(extack,
969 tb[TCA_FLOWER_KEY_MPLS_OPTS],
970 "MPLS label, Traffic Class, Bottom Of Stack and Time To Live must be encapsulated in the MPLS options attribute");
974 return fl_set_key_mpls_opts(tb[TCA_FLOWER_KEY_MPLS_OPTS],
975 key_val, key_mask, extack);
978 lse_val = &key_val->ls[0];
979 lse_mask = &key_mask->ls[0];
981 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
982 lse_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
983 lse_mask->mpls_ttl = MPLS_TTL_MASK;
984 dissector_set_mpls_lse(key_val, 0);
985 dissector_set_mpls_lse(key_mask, 0);
987 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
988 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
990 if (bos & ~MPLS_BOS_MASK) {
991 NL_SET_ERR_MSG_ATTR(extack,
992 tb[TCA_FLOWER_KEY_MPLS_BOS],
993 "Bottom Of Stack (BOS) must be 0 or 1");
996 lse_val->mpls_bos = bos;
997 lse_mask->mpls_bos = MPLS_BOS_MASK;
998 dissector_set_mpls_lse(key_val, 0);
999 dissector_set_mpls_lse(key_mask, 0);
1001 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
1002 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
1004 if (tc & ~MPLS_TC_MASK) {
1005 NL_SET_ERR_MSG_ATTR(extack,
1006 tb[TCA_FLOWER_KEY_MPLS_TC],
1007 "Traffic Class (TC) must be between 0 and 7");
1010 lse_val->mpls_tc = tc;
1011 lse_mask->mpls_tc = MPLS_TC_MASK;
1012 dissector_set_mpls_lse(key_val, 0);
1013 dissector_set_mpls_lse(key_mask, 0);
1015 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
1016 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
1018 if (label & ~MPLS_LABEL_MASK) {
1019 NL_SET_ERR_MSG_ATTR(extack,
1020 tb[TCA_FLOWER_KEY_MPLS_LABEL],
1021 "Label must be between 0 and 1048575");
1024 lse_val->mpls_label = label;
1025 lse_mask->mpls_label = MPLS_LABEL_MASK;
1026 dissector_set_mpls_lse(key_val, 0);
1027 dissector_set_mpls_lse(key_mask, 0);
1032 static void fl_set_key_vlan(struct nlattr **tb,
1034 int vlan_id_key, int vlan_prio_key,
1035 int vlan_next_eth_type_key,
1036 struct flow_dissector_key_vlan *key_val,
1037 struct flow_dissector_key_vlan *key_mask)
1039 #define VLAN_PRIORITY_MASK 0x7
1041 if (tb[vlan_id_key]) {
1043 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
1044 key_mask->vlan_id = VLAN_VID_MASK;
1046 if (tb[vlan_prio_key]) {
1047 key_val->vlan_priority =
1048 nla_get_u8(tb[vlan_prio_key]) &
1050 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
1053 key_val->vlan_tpid = ethertype;
1054 key_mask->vlan_tpid = cpu_to_be16(~0);
1056 if (tb[vlan_next_eth_type_key]) {
1057 key_val->vlan_eth_type =
1058 nla_get_be16(tb[vlan_next_eth_type_key]);
1059 key_mask->vlan_eth_type = cpu_to_be16(~0);
1063 static void fl_set_key_pppoe(struct nlattr **tb,
1064 struct flow_dissector_key_pppoe *key_val,
1065 struct flow_dissector_key_pppoe *key_mask,
1066 struct fl_flow_key *key,
1067 struct fl_flow_key *mask)
1069 /* key_val::type must be set to ETH_P_PPP_SES
1070 * because ETH_P_PPP_SES was stored in basic.n_proto
1071 * which might get overwritten by ppp_proto
1072 * or might be set to 0, the role of key_val::type
1073 * is similar to vlan_key::tpid
1075 key_val->type = htons(ETH_P_PPP_SES);
1076 key_mask->type = cpu_to_be16(~0);
1078 if (tb[TCA_FLOWER_KEY_PPPOE_SID]) {
1079 key_val->session_id =
1080 nla_get_be16(tb[TCA_FLOWER_KEY_PPPOE_SID]);
1081 key_mask->session_id = cpu_to_be16(~0);
1083 if (tb[TCA_FLOWER_KEY_PPP_PROTO]) {
1084 key_val->ppp_proto =
1085 nla_get_be16(tb[TCA_FLOWER_KEY_PPP_PROTO]);
1086 key_mask->ppp_proto = cpu_to_be16(~0);
1088 if (key_val->ppp_proto == htons(PPP_IP)) {
1089 key->basic.n_proto = htons(ETH_P_IP);
1090 mask->basic.n_proto = cpu_to_be16(~0);
1091 } else if (key_val->ppp_proto == htons(PPP_IPV6)) {
1092 key->basic.n_proto = htons(ETH_P_IPV6);
1093 mask->basic.n_proto = cpu_to_be16(~0);
1094 } else if (key_val->ppp_proto == htons(PPP_MPLS_UC)) {
1095 key->basic.n_proto = htons(ETH_P_MPLS_UC);
1096 mask->basic.n_proto = cpu_to_be16(~0);
1097 } else if (key_val->ppp_proto == htons(PPP_MPLS_MC)) {
1098 key->basic.n_proto = htons(ETH_P_MPLS_MC);
1099 mask->basic.n_proto = cpu_to_be16(~0);
1102 key->basic.n_proto = 0;
1103 mask->basic.n_proto = cpu_to_be16(0);
1107 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
1108 u32 *dissector_key, u32 *dissector_mask,
1109 u32 flower_flag_bit, u32 dissector_flag_bit)
1111 if (flower_mask & flower_flag_bit) {
1112 *dissector_mask |= dissector_flag_bit;
1113 if (flower_key & flower_flag_bit)
1114 *dissector_key |= dissector_flag_bit;
1118 static int fl_set_key_flags(struct nlattr **tb, u32 *flags_key,
1119 u32 *flags_mask, struct netlink_ext_ack *extack)
1123 /* mask is mandatory for flags */
1124 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) {
1125 NL_SET_ERR_MSG(extack, "Missing flags mask");
1129 key = be32_to_cpu(nla_get_be32(tb[TCA_FLOWER_KEY_FLAGS]));
1130 mask = be32_to_cpu(nla_get_be32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
1135 fl_set_key_flag(key, mask, flags_key, flags_mask,
1136 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
1137 fl_set_key_flag(key, mask, flags_key, flags_mask,
1138 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
1139 FLOW_DIS_FIRST_FRAG);
1144 static void fl_set_key_ip(struct nlattr **tb, bool encap,
1145 struct flow_dissector_key_ip *key,
1146 struct flow_dissector_key_ip *mask)
1148 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
1149 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
1150 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
1151 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
1153 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
1154 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
1157 static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
1158 int depth, int option_len,
1159 struct netlink_ext_ack *extack)
1161 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
1162 struct nlattr *class = NULL, *type = NULL, *data = NULL;
1163 struct geneve_opt *opt;
1164 int err, data_len = 0;
1166 if (option_len > sizeof(struct geneve_opt))
1167 data_len = option_len - sizeof(struct geneve_opt);
1169 if (key->enc_opts.len > FLOW_DIS_TUN_OPTS_MAX - 4)
1172 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
1173 memset(opt, 0xff, option_len);
1174 opt->length = data_len / 4;
1179 /* If no mask has been prodived we assume an exact match. */
1181 return sizeof(struct geneve_opt) + data_len;
1183 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
1184 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
1188 err = nla_parse_nested_deprecated(tb,
1189 TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
1190 nla, geneve_opt_policy, extack);
1194 /* We are not allowed to omit any of CLASS, TYPE or DATA
1195 * fields from the key.
1198 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
1199 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
1200 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
1201 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
1205 /* Omitting any of CLASS, TYPE or DATA fields is allowed
1208 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
1209 int new_len = key->enc_opts.len;
1211 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
1212 data_len = nla_len(data);
1214 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
1218 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
1222 new_len += sizeof(struct geneve_opt) + data_len;
1223 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
1224 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
1225 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
1228 opt->length = data_len / 4;
1229 memcpy(opt->opt_data, nla_data(data), data_len);
1232 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
1233 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
1234 opt->opt_class = nla_get_be16(class);
1237 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
1238 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
1239 opt->type = nla_get_u8(type);
1242 return sizeof(struct geneve_opt) + data_len;
1245 static int fl_set_vxlan_opt(const struct nlattr *nla, struct fl_flow_key *key,
1246 int depth, int option_len,
1247 struct netlink_ext_ack *extack)
1249 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1];
1250 struct vxlan_metadata *md;
1253 md = (struct vxlan_metadata *)&key->enc_opts.data[key->enc_opts.len];
1254 memset(md, 0xff, sizeof(*md));
1259 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_VXLAN) {
1260 NL_SET_ERR_MSG(extack, "Non-vxlan option type for mask");
1264 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX, nla,
1265 vxlan_opt_policy, extack);
1269 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]) {
1270 NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp");
1274 if (tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]) {
1275 md->gbp = nla_get_u32(tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]);
1276 md->gbp &= VXLAN_GBP_MASK;
1282 static int fl_set_erspan_opt(const struct nlattr *nla, struct fl_flow_key *key,
1283 int depth, int option_len,
1284 struct netlink_ext_ack *extack)
1286 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1];
1287 struct erspan_metadata *md;
1290 md = (struct erspan_metadata *)&key->enc_opts.data[key->enc_opts.len];
1291 memset(md, 0xff, sizeof(*md));
1297 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_ERSPAN) {
1298 NL_SET_ERR_MSG(extack, "Non-erspan option type for mask");
1302 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX, nla,
1303 erspan_opt_policy, extack);
1307 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]) {
1308 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver");
1312 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER])
1313 md->version = nla_get_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]);
1315 if (md->version == 1) {
1316 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) {
1317 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index");
1320 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) {
1321 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX];
1322 memset(&md->u, 0x00, sizeof(md->u));
1323 md->u.index = nla_get_be32(nla);
1325 } else if (md->version == 2) {
1326 if (!option_len && (!tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] ||
1327 !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID])) {
1328 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid");
1331 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR]) {
1332 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR];
1333 md->u.md2.dir = nla_get_u8(nla);
1335 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID]) {
1336 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID];
1337 set_hwid(&md->u.md2, nla_get_u8(nla));
1340 NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect");
1347 static int fl_set_gtp_opt(const struct nlattr *nla, struct fl_flow_key *key,
1348 int depth, int option_len,
1349 struct netlink_ext_ack *extack)
1351 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GTP_MAX + 1];
1352 struct gtp_pdu_session_info *sinfo;
1353 u8 len = key->enc_opts.len;
1356 sinfo = (struct gtp_pdu_session_info *)&key->enc_opts.data[len];
1357 memset(sinfo, 0xff, option_len);
1360 return sizeof(*sinfo);
1362 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GTP) {
1363 NL_SET_ERR_MSG_MOD(extack, "Non-gtp option type for mask");
1367 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_GTP_MAX, nla,
1368 gtp_opt_policy, extack);
1373 (!tb[TCA_FLOWER_KEY_ENC_OPT_GTP_PDU_TYPE] ||
1374 !tb[TCA_FLOWER_KEY_ENC_OPT_GTP_QFI])) {
1375 NL_SET_ERR_MSG_MOD(extack,
1376 "Missing tunnel key gtp option pdu type or qfi");
1380 if (tb[TCA_FLOWER_KEY_ENC_OPT_GTP_PDU_TYPE])
1382 nla_get_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GTP_PDU_TYPE]);
1384 if (tb[TCA_FLOWER_KEY_ENC_OPT_GTP_QFI])
1385 sinfo->qfi = nla_get_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GTP_QFI]);
1387 return sizeof(*sinfo);
1390 static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
1391 struct fl_flow_key *mask,
1392 struct netlink_ext_ack *extack)
1394 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
1395 int err, option_len, key_depth, msk_depth = 0;
1397 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS],
1398 TCA_FLOWER_KEY_ENC_OPTS_MAX,
1399 enc_opts_policy, extack);
1403 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
1405 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
1406 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
1407 TCA_FLOWER_KEY_ENC_OPTS_MAX,
1408 enc_opts_policy, extack);
1412 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
1413 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
1414 if (!nla_ok(nla_opt_msk, msk_depth)) {
1415 NL_SET_ERR_MSG(extack, "Invalid nested attribute for masks");
1420 nla_for_each_attr(nla_opt_key, nla_enc_key,
1421 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
1422 switch (nla_type(nla_opt_key)) {
1423 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
1424 if (key->enc_opts.dst_opt_type &&
1425 key->enc_opts.dst_opt_type != TUNNEL_GENEVE_OPT) {
1426 NL_SET_ERR_MSG(extack, "Duplicate type for geneve options");
1430 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
1431 option_len = fl_set_geneve_opt(nla_opt_key, key,
1432 key_depth, option_len,
1437 key->enc_opts.len += option_len;
1438 /* At the same time we need to parse through the mask
1439 * in order to verify exact and mask attribute lengths.
1441 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
1442 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
1443 msk_depth, option_len,
1448 mask->enc_opts.len += option_len;
1449 if (key->enc_opts.len != mask->enc_opts.len) {
1450 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1454 case TCA_FLOWER_KEY_ENC_OPTS_VXLAN:
1455 if (key->enc_opts.dst_opt_type) {
1456 NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options");
1460 key->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT;
1461 option_len = fl_set_vxlan_opt(nla_opt_key, key,
1462 key_depth, option_len,
1467 key->enc_opts.len += option_len;
1468 /* At the same time we need to parse through the mask
1469 * in order to verify exact and mask attribute lengths.
1471 mask->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT;
1472 option_len = fl_set_vxlan_opt(nla_opt_msk, mask,
1473 msk_depth, option_len,
1478 mask->enc_opts.len += option_len;
1479 if (key->enc_opts.len != mask->enc_opts.len) {
1480 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1484 case TCA_FLOWER_KEY_ENC_OPTS_ERSPAN:
1485 if (key->enc_opts.dst_opt_type) {
1486 NL_SET_ERR_MSG(extack, "Duplicate type for erspan options");
1490 key->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT;
1491 option_len = fl_set_erspan_opt(nla_opt_key, key,
1492 key_depth, option_len,
1497 key->enc_opts.len += option_len;
1498 /* At the same time we need to parse through the mask
1499 * in order to verify exact and mask attribute lengths.
1501 mask->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT;
1502 option_len = fl_set_erspan_opt(nla_opt_msk, mask,
1503 msk_depth, option_len,
1508 mask->enc_opts.len += option_len;
1509 if (key->enc_opts.len != mask->enc_opts.len) {
1510 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1514 case TCA_FLOWER_KEY_ENC_OPTS_GTP:
1515 if (key->enc_opts.dst_opt_type) {
1516 NL_SET_ERR_MSG_MOD(extack,
1517 "Duplicate type for gtp options");
1521 key->enc_opts.dst_opt_type = TUNNEL_GTP_OPT;
1522 option_len = fl_set_gtp_opt(nla_opt_key, key,
1523 key_depth, option_len,
1528 key->enc_opts.len += option_len;
1529 /* At the same time we need to parse through the mask
1530 * in order to verify exact and mask attribute lengths.
1532 mask->enc_opts.dst_opt_type = TUNNEL_GTP_OPT;
1533 option_len = fl_set_gtp_opt(nla_opt_msk, mask,
1534 msk_depth, option_len,
1539 mask->enc_opts.len += option_len;
1540 if (key->enc_opts.len != mask->enc_opts.len) {
1541 NL_SET_ERR_MSG_MOD(extack,
1542 "Key and mask miss aligned");
1547 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
1554 if (!nla_ok(nla_opt_msk, msk_depth)) {
1555 NL_SET_ERR_MSG(extack, "A mask attribute is invalid");
1558 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1564 static int fl_validate_ct_state(u16 state, struct nlattr *tb,
1565 struct netlink_ext_ack *extack)
1567 if (state && !(state & TCA_FLOWER_KEY_CT_FLAGS_TRACKED)) {
1568 NL_SET_ERR_MSG_ATTR(extack, tb,
1569 "no trk, so no other flag can be set");
1573 if (state & TCA_FLOWER_KEY_CT_FLAGS_NEW &&
1574 state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED) {
1575 NL_SET_ERR_MSG_ATTR(extack, tb,
1576 "new and est are mutually exclusive");
1580 if (state & TCA_FLOWER_KEY_CT_FLAGS_INVALID &&
1581 state & ~(TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
1582 TCA_FLOWER_KEY_CT_FLAGS_INVALID)) {
1583 NL_SET_ERR_MSG_ATTR(extack, tb,
1584 "when inv is set, only trk may be set");
1588 if (state & TCA_FLOWER_KEY_CT_FLAGS_NEW &&
1589 state & TCA_FLOWER_KEY_CT_FLAGS_REPLY) {
1590 NL_SET_ERR_MSG_ATTR(extack, tb,
1591 "new and rpl are mutually exclusive");
1598 static int fl_set_key_ct(struct nlattr **tb,
1599 struct flow_dissector_key_ct *key,
1600 struct flow_dissector_key_ct *mask,
1601 struct netlink_ext_ack *extack)
1603 if (tb[TCA_FLOWER_KEY_CT_STATE]) {
1606 if (!IS_ENABLED(CONFIG_NF_CONNTRACK)) {
1607 NL_SET_ERR_MSG(extack, "Conntrack isn't enabled");
1610 fl_set_key_val(tb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
1611 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
1612 sizeof(key->ct_state));
1614 err = fl_validate_ct_state(key->ct_state & mask->ct_state,
1615 tb[TCA_FLOWER_KEY_CT_STATE_MASK],
1621 if (tb[TCA_FLOWER_KEY_CT_ZONE]) {
1622 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)) {
1623 NL_SET_ERR_MSG(extack, "Conntrack zones isn't enabled");
1626 fl_set_key_val(tb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
1627 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
1628 sizeof(key->ct_zone));
1630 if (tb[TCA_FLOWER_KEY_CT_MARK]) {
1631 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)) {
1632 NL_SET_ERR_MSG(extack, "Conntrack mark isn't enabled");
1635 fl_set_key_val(tb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
1636 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
1637 sizeof(key->ct_mark));
1639 if (tb[TCA_FLOWER_KEY_CT_LABELS]) {
1640 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS)) {
1641 NL_SET_ERR_MSG(extack, "Conntrack labels aren't enabled");
1644 fl_set_key_val(tb, key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
1645 mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
1646 sizeof(key->ct_labels));
1652 static bool is_vlan_key(struct nlattr *tb, __be16 *ethertype,
1653 struct fl_flow_key *key, struct fl_flow_key *mask,
1656 const bool good_num_of_vlans = key->num_of_vlans.num_of_vlans > vthresh;
1660 return good_num_of_vlans;
1663 *ethertype = nla_get_be16(tb);
1664 if (good_num_of_vlans || eth_type_vlan(*ethertype))
1667 key->basic.n_proto = *ethertype;
1668 mask->basic.n_proto = cpu_to_be16(~0);
1672 static void fl_set_key_cfm_md_level(struct nlattr **tb,
1673 struct fl_flow_key *key,
1674 struct fl_flow_key *mask,
1675 struct netlink_ext_ack *extack)
1679 if (!tb[TCA_FLOWER_KEY_CFM_MD_LEVEL])
1682 level = nla_get_u8(tb[TCA_FLOWER_KEY_CFM_MD_LEVEL]);
1683 key->cfm.mdl_ver = FIELD_PREP(FLOW_DIS_CFM_MDL_MASK, level);
1684 mask->cfm.mdl_ver = FLOW_DIS_CFM_MDL_MASK;
1687 static void fl_set_key_cfm_opcode(struct nlattr **tb,
1688 struct fl_flow_key *key,
1689 struct fl_flow_key *mask,
1690 struct netlink_ext_ack *extack)
1692 fl_set_key_val(tb, &key->cfm.opcode, TCA_FLOWER_KEY_CFM_OPCODE,
1693 &mask->cfm.opcode, TCA_FLOWER_UNSPEC,
1694 sizeof(key->cfm.opcode));
1697 static int fl_set_key_cfm(struct nlattr **tb,
1698 struct fl_flow_key *key,
1699 struct fl_flow_key *mask,
1700 struct netlink_ext_ack *extack)
1702 struct nlattr *nla_cfm_opt[TCA_FLOWER_KEY_CFM_OPT_MAX];
1705 if (!tb[TCA_FLOWER_KEY_CFM])
1708 err = nla_parse_nested(nla_cfm_opt, TCA_FLOWER_KEY_CFM_OPT_MAX,
1709 tb[TCA_FLOWER_KEY_CFM], cfm_opt_policy, extack);
1713 fl_set_key_cfm_opcode(nla_cfm_opt, key, mask, extack);
1714 fl_set_key_cfm_md_level(nla_cfm_opt, key, mask, extack);
1719 static int fl_set_key(struct net *net, struct nlattr **tb,
1720 struct fl_flow_key *key, struct fl_flow_key *mask,
1721 struct netlink_ext_ack *extack)
1726 if (tb[TCA_FLOWER_INDEV]) {
1727 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
1730 key->meta.ingress_ifindex = err;
1731 mask->meta.ingress_ifindex = 0xffffffff;
1734 fl_set_key_val(tb, &key->meta.l2_miss, TCA_FLOWER_L2_MISS,
1735 &mask->meta.l2_miss, TCA_FLOWER_UNSPEC,
1736 sizeof(key->meta.l2_miss));
1738 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1739 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1740 sizeof(key->eth.dst));
1741 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1742 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1743 sizeof(key->eth.src));
1744 fl_set_key_val(tb, &key->num_of_vlans,
1745 TCA_FLOWER_KEY_NUM_OF_VLANS,
1746 &mask->num_of_vlans,
1748 sizeof(key->num_of_vlans));
1750 if (is_vlan_key(tb[TCA_FLOWER_KEY_ETH_TYPE], ðertype, key, mask, 0)) {
1751 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
1752 TCA_FLOWER_KEY_VLAN_PRIO,
1753 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1754 &key->vlan, &mask->vlan);
1756 if (is_vlan_key(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE],
1757 ðertype, key, mask, 1)) {
1758 fl_set_key_vlan(tb, ethertype,
1759 TCA_FLOWER_KEY_CVLAN_ID,
1760 TCA_FLOWER_KEY_CVLAN_PRIO,
1761 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1762 &key->cvlan, &mask->cvlan);
1763 fl_set_key_val(tb, &key->basic.n_proto,
1764 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1765 &mask->basic.n_proto,
1767 sizeof(key->basic.n_proto));
1771 if (key->basic.n_proto == htons(ETH_P_PPP_SES))
1772 fl_set_key_pppoe(tb, &key->pppoe, &mask->pppoe, key, mask);
1774 if (key->basic.n_proto == htons(ETH_P_IP) ||
1775 key->basic.n_proto == htons(ETH_P_IPV6)) {
1776 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1777 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1778 sizeof(key->basic.ip_proto));
1779 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
1782 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
1783 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1784 mask->control.addr_type = ~0;
1785 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1786 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1787 sizeof(key->ipv4.src));
1788 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1789 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1790 sizeof(key->ipv4.dst));
1791 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
1792 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1793 mask->control.addr_type = ~0;
1794 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1795 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1796 sizeof(key->ipv6.src));
1797 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1798 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1799 sizeof(key->ipv6.dst));
1802 if (key->basic.ip_proto == IPPROTO_TCP) {
1803 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1804 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1805 sizeof(key->tp.src));
1806 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1807 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1808 sizeof(key->tp.dst));
1809 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1810 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1811 sizeof(key->tcp.flags));
1812 } else if (key->basic.ip_proto == IPPROTO_UDP) {
1813 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1814 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1815 sizeof(key->tp.src));
1816 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1817 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1818 sizeof(key->tp.dst));
1819 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
1820 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1821 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1822 sizeof(key->tp.src));
1823 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1824 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1825 sizeof(key->tp.dst));
1826 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
1827 key->basic.ip_proto == IPPROTO_ICMP) {
1828 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
1830 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1831 sizeof(key->icmp.type));
1832 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
1834 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1835 sizeof(key->icmp.code));
1836 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1837 key->basic.ip_proto == IPPROTO_ICMPV6) {
1838 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
1840 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1841 sizeof(key->icmp.type));
1842 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
1844 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1845 sizeof(key->icmp.code));
1846 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1847 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1848 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls, extack);
1851 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1852 key->basic.n_proto == htons(ETH_P_RARP)) {
1853 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1854 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1855 sizeof(key->arp.sip));
1856 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1857 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1858 sizeof(key->arp.tip));
1859 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1860 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1861 sizeof(key->arp.op));
1862 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1863 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1864 sizeof(key->arp.sha));
1865 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1866 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1867 sizeof(key->arp.tha));
1868 } else if (key->basic.ip_proto == IPPROTO_L2TP) {
1869 fl_set_key_val(tb, &key->l2tpv3.session_id,
1870 TCA_FLOWER_KEY_L2TPV3_SID,
1871 &mask->l2tpv3.session_id, TCA_FLOWER_UNSPEC,
1872 sizeof(key->l2tpv3.session_id));
1873 } else if (key->basic.n_proto == htons(ETH_P_CFM)) {
1874 ret = fl_set_key_cfm(tb, key, mask, extack);
1879 if (key->basic.ip_proto == IPPROTO_TCP ||
1880 key->basic.ip_proto == IPPROTO_UDP ||
1881 key->basic.ip_proto == IPPROTO_SCTP) {
1882 ret = fl_set_key_port_range(tb, key, mask, extack);
1887 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1888 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1889 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1890 mask->enc_control.addr_type = ~0;
1891 fl_set_key_val(tb, &key->enc_ipv4.src,
1892 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1893 &mask->enc_ipv4.src,
1894 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1895 sizeof(key->enc_ipv4.src));
1896 fl_set_key_val(tb, &key->enc_ipv4.dst,
1897 TCA_FLOWER_KEY_ENC_IPV4_DST,
1898 &mask->enc_ipv4.dst,
1899 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1900 sizeof(key->enc_ipv4.dst));
1903 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1904 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1905 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1906 mask->enc_control.addr_type = ~0;
1907 fl_set_key_val(tb, &key->enc_ipv6.src,
1908 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1909 &mask->enc_ipv6.src,
1910 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1911 sizeof(key->enc_ipv6.src));
1912 fl_set_key_val(tb, &key->enc_ipv6.dst,
1913 TCA_FLOWER_KEY_ENC_IPV6_DST,
1914 &mask->enc_ipv6.dst,
1915 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1916 sizeof(key->enc_ipv6.dst));
1919 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
1920 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
1921 sizeof(key->enc_key_id.keyid));
1923 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1924 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1925 sizeof(key->enc_tp.src));
1927 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1928 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1929 sizeof(key->enc_tp.dst));
1931 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1933 fl_set_key_val(tb, &key->hash.hash, TCA_FLOWER_KEY_HASH,
1934 &mask->hash.hash, TCA_FLOWER_KEY_HASH_MASK,
1935 sizeof(key->hash.hash));
1937 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1938 ret = fl_set_enc_opt(tb, key, mask, extack);
1943 ret = fl_set_key_ct(tb, &key->ct, &mask->ct, extack);
1947 if (tb[TCA_FLOWER_KEY_FLAGS])
1948 ret = fl_set_key_flags(tb, &key->control.flags,
1949 &mask->control.flags, extack);
1954 static void fl_mask_copy(struct fl_flow_mask *dst,
1955 struct fl_flow_mask *src)
1957 const void *psrc = fl_key_get_start(&src->key, src);
1958 void *pdst = fl_key_get_start(&dst->key, src);
1960 memcpy(pdst, psrc, fl_mask_range(src));
1961 dst->range = src->range;
1964 static const struct rhashtable_params fl_ht_params = {
1965 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
1966 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1967 .automatic_shrinking = true,
1970 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1972 mask->filter_ht_params = fl_ht_params;
1973 mask->filter_ht_params.key_len = fl_mask_range(mask);
1974 mask->filter_ht_params.key_offset += mask->range.start;
1976 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1979 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1980 #define FL_KEY_MEMBER_SIZE(member) sizeof_field(struct fl_flow_key, member)
1982 #define FL_KEY_IS_MASKED(mask, member) \
1983 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1984 0, FL_KEY_MEMBER_SIZE(member)) \
1986 #define FL_KEY_SET(keys, cnt, id, member) \
1988 keys[cnt].key_id = id; \
1989 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1993 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1995 if (FL_KEY_IS_MASKED(mask, member)) \
1996 FL_KEY_SET(keys, cnt, id, member); \
1999 static void fl_init_dissector(struct flow_dissector *dissector,
2000 struct fl_flow_key *mask)
2002 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
2005 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2006 FLOW_DISSECTOR_KEY_META, meta);
2007 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
2008 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
2009 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2010 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
2011 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2012 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
2013 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2014 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
2015 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2016 FLOW_DISSECTOR_KEY_PORTS, tp);
2017 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2018 FLOW_DISSECTOR_KEY_PORTS_RANGE, tp_range);
2019 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2020 FLOW_DISSECTOR_KEY_IP, ip);
2021 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2022 FLOW_DISSECTOR_KEY_TCP, tcp);
2023 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2024 FLOW_DISSECTOR_KEY_ICMP, icmp);
2025 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2026 FLOW_DISSECTOR_KEY_ARP, arp);
2027 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2028 FLOW_DISSECTOR_KEY_MPLS, mpls);
2029 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2030 FLOW_DISSECTOR_KEY_VLAN, vlan);
2031 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2032 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
2033 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2034 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
2035 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2036 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
2037 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2038 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
2039 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
2040 FL_KEY_IS_MASKED(mask, enc_ipv6))
2041 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
2043 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2044 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
2045 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2046 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
2047 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2048 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
2049 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2050 FLOW_DISSECTOR_KEY_CT, ct);
2051 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2052 FLOW_DISSECTOR_KEY_HASH, hash);
2053 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2054 FLOW_DISSECTOR_KEY_NUM_OF_VLANS, num_of_vlans);
2055 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2056 FLOW_DISSECTOR_KEY_PPPOE, pppoe);
2057 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2058 FLOW_DISSECTOR_KEY_L2TPV3, l2tpv3);
2059 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
2060 FLOW_DISSECTOR_KEY_CFM, cfm);
2062 skb_flow_dissector_init(dissector, keys, cnt);
2065 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
2066 struct fl_flow_mask *mask)
2068 struct fl_flow_mask *newmask;
2071 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
2073 return ERR_PTR(-ENOMEM);
2075 fl_mask_copy(newmask, mask);
2077 if ((newmask->key.tp_range.tp_min.dst &&
2078 newmask->key.tp_range.tp_max.dst) ||
2079 (newmask->key.tp_range.tp_min.src &&
2080 newmask->key.tp_range.tp_max.src))
2081 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
2083 err = fl_init_mask_hashtable(newmask);
2087 fl_init_dissector(&newmask->dissector, &newmask->key);
2089 INIT_LIST_HEAD_RCU(&newmask->filters);
2091 refcount_set(&newmask->refcnt, 1);
2092 err = rhashtable_replace_fast(&head->ht, &mask->ht_node,
2093 &newmask->ht_node, mask_ht_params);
2095 goto errout_destroy;
2097 spin_lock(&head->masks_lock);
2098 list_add_tail_rcu(&newmask->list, &head->masks);
2099 spin_unlock(&head->masks_lock);
2104 rhashtable_destroy(&newmask->ht);
2108 return ERR_PTR(err);
2111 static int fl_check_assign_mask(struct cls_fl_head *head,
2112 struct cls_fl_filter *fnew,
2113 struct cls_fl_filter *fold,
2114 struct fl_flow_mask *mask)
2116 struct fl_flow_mask *newmask;
2121 /* Insert mask as temporary node to prevent concurrent creation of mask
2122 * with same key. Any concurrent lookups with same key will return
2123 * -EAGAIN because mask's refcnt is zero.
2125 fnew->mask = rhashtable_lookup_get_insert_fast(&head->ht,
2133 goto errout_cleanup;
2136 newmask = fl_create_new_mask(head, mask);
2137 if (IS_ERR(newmask)) {
2138 ret = PTR_ERR(newmask);
2139 goto errout_cleanup;
2142 fnew->mask = newmask;
2144 } else if (IS_ERR(fnew->mask)) {
2145 ret = PTR_ERR(fnew->mask);
2146 } else if (fold && fold->mask != fnew->mask) {
2148 } else if (!refcount_inc_not_zero(&fnew->mask->refcnt)) {
2149 /* Mask was deleted concurrently, try again */
2156 rhashtable_remove_fast(&head->ht, &mask->ht_node,
2161 static bool fl_needs_tc_skb_ext(const struct fl_flow_key *mask)
2163 return mask->meta.l2_miss;
2166 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
2167 struct cls_fl_filter *f, struct fl_flow_mask *mask,
2168 unsigned long base, struct nlattr **tb,
2170 struct fl_flow_tmplt *tmplt,
2171 u32 flags, u32 fl_flags,
2172 struct netlink_ext_ack *extack)
2176 err = tcf_exts_validate_ex(net, tp, tb, est, &f->exts, flags,
2181 if (tb[TCA_FLOWER_CLASSID]) {
2182 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
2183 if (flags & TCA_ACT_FLAGS_NO_RTNL)
2185 tcf_bind_filter(tp, &f->res, base);
2186 if (flags & TCA_ACT_FLAGS_NO_RTNL)
2190 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
2194 fl_mask_update_range(mask);
2195 fl_set_masked_key(&f->mkey, &f->key, mask);
2197 if (!fl_mask_fits_tmplt(tmplt, mask)) {
2198 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
2202 /* Enable tc skb extension if filter matches on data extracted from
2205 if (fl_needs_tc_skb_ext(&mask->key)) {
2206 f->needs_tc_skb_ext = 1;
2207 tc_skb_ext_tc_enable();
2213 static int fl_ht_insert_unique(struct cls_fl_filter *fnew,
2214 struct cls_fl_filter *fold,
2217 struct fl_flow_mask *mask = fnew->mask;
2220 err = rhashtable_lookup_insert_fast(&mask->ht,
2222 mask->filter_ht_params);
2225 /* It is okay if filter with same key exists when
2228 return fold && err == -EEXIST ? 0 : err;
2235 static int fl_change(struct net *net, struct sk_buff *in_skb,
2236 struct tcf_proto *tp, unsigned long base,
2237 u32 handle, struct nlattr **tca,
2238 void **arg, u32 flags,
2239 struct netlink_ext_ack *extack)
2241 struct cls_fl_head *head = fl_head_dereference(tp);
2242 bool rtnl_held = !(flags & TCA_ACT_FLAGS_NO_RTNL);
2243 struct cls_fl_filter *fold = *arg;
2244 struct cls_fl_filter *fnew;
2245 struct fl_flow_mask *mask;
2250 if (!tca[TCA_OPTIONS]) {
2255 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
2261 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
2264 goto errout_mask_alloc;
2267 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
2268 tca[TCA_OPTIONS], fl_policy, NULL);
2272 if (fold && handle && fold->handle != handle) {
2277 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
2282 INIT_LIST_HEAD(&fnew->hw_list);
2283 refcount_set(&fnew->refcnt, 1);
2285 if (tb[TCA_FLOWER_FLAGS]) {
2286 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
2288 if (!tc_flags_valid(fnew->flags)) {
2296 spin_lock(&tp->lock);
2299 err = idr_alloc_u32(&head->handle_idr, NULL, &handle,
2300 INT_MAX, GFP_ATOMIC);
2302 err = idr_alloc_u32(&head->handle_idr, NULL, &handle,
2303 handle, GFP_ATOMIC);
2305 /* Filter with specified handle was concurrently
2306 * inserted after initial check in cls_api. This is not
2307 * necessarily an error if NLM_F_EXCL is not set in
2308 * message flags. Returning EAGAIN will cause cls_api to
2309 * try to update concurrently inserted rule.
2314 spin_unlock(&tp->lock);
2321 fnew->handle = handle;
2323 err = tcf_exts_init_ex(&fnew->exts, net, TCA_FLOWER_ACT, 0, tp, handle,
2324 !tc_skip_hw(fnew->flags));
2328 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE],
2329 tp->chain->tmplt_priv, flags, fnew->flags,
2334 err = fl_check_assign_mask(head, fnew, fold, mask);
2338 err = fl_ht_insert_unique(fnew, fold, &in_ht);
2342 if (!tc_skip_hw(fnew->flags)) {
2343 err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack);
2348 if (!tc_in_hw(fnew->flags))
2349 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
2351 spin_lock(&tp->lock);
2353 /* tp was deleted concurrently. -EAGAIN will cause caller to lookup
2354 * proto again or create new one, if necessary.
2362 /* Fold filter was deleted concurrently. Retry lookup. */
2363 if (fold->deleted) {
2368 fnew->handle = handle;
2371 struct rhashtable_params params =
2372 fnew->mask->filter_ht_params;
2374 err = rhashtable_insert_fast(&fnew->mask->ht,
2382 refcount_inc(&fnew->refcnt);
2383 rhashtable_remove_fast(&fold->mask->ht,
2385 fold->mask->filter_ht_params);
2386 idr_replace(&head->handle_idr, fnew, fnew->handle);
2387 list_replace_rcu(&fold->list, &fnew->list);
2388 fold->deleted = true;
2390 spin_unlock(&tp->lock);
2392 fl_mask_put(head, fold->mask);
2393 if (!tc_skip_hw(fold->flags))
2394 fl_hw_destroy_filter(tp, fold, rtnl_held, NULL);
2395 tcf_unbind_filter(tp, &fold->res);
2396 /* Caller holds reference to fold, so refcnt is always > 0
2399 refcount_dec(&fold->refcnt);
2402 idr_replace(&head->handle_idr, fnew, fnew->handle);
2404 refcount_inc(&fnew->refcnt);
2405 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
2406 spin_unlock(&tp->lock);
2412 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
2416 spin_lock(&tp->lock);
2418 fnew->deleted = true;
2419 spin_unlock(&tp->lock);
2420 if (!tc_skip_hw(fnew->flags))
2421 fl_hw_destroy_filter(tp, fnew, rtnl_held, NULL);
2423 rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node,
2424 fnew->mask->filter_ht_params);
2426 fl_mask_put(head, fnew->mask);
2429 idr_remove(&head->handle_idr, fnew->handle);
2434 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
2441 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
2442 bool rtnl_held, struct netlink_ext_ack *extack)
2444 struct cls_fl_head *head = fl_head_dereference(tp);
2445 struct cls_fl_filter *f = arg;
2449 err = __fl_delete(tp, f, &last_on_mask, rtnl_held, extack);
2450 *last = list_empty(&head->masks);
2456 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg,
2459 struct cls_fl_head *head = fl_head_dereference(tp);
2460 unsigned long id = arg->cookie, tmp;
2461 struct cls_fl_filter *f;
2463 arg->count = arg->skip;
2466 idr_for_each_entry_continue_ul(&head->handle_idr, f, tmp, id) {
2467 /* don't return filters that are being deleted */
2468 if (!f || !refcount_inc_not_zero(&f->refcnt))
2472 if (arg->fn(tp, f, arg) < 0) {
2486 static struct cls_fl_filter *
2487 fl_get_next_hw_filter(struct tcf_proto *tp, struct cls_fl_filter *f, bool add)
2489 struct cls_fl_head *head = fl_head_dereference(tp);
2491 spin_lock(&tp->lock);
2492 if (list_empty(&head->hw_filters)) {
2493 spin_unlock(&tp->lock);
2498 f = list_entry(&head->hw_filters, struct cls_fl_filter,
2500 list_for_each_entry_continue(f, &head->hw_filters, hw_list) {
2501 if (!(add && f->deleted) && refcount_inc_not_zero(&f->refcnt)) {
2502 spin_unlock(&tp->lock);
2507 spin_unlock(&tp->lock);
2511 static int fl_reoffload(struct tcf_proto *tp, bool add, flow_setup_cb_t *cb,
2512 void *cb_priv, struct netlink_ext_ack *extack)
2514 struct tcf_block *block = tp->chain->block;
2515 struct flow_cls_offload cls_flower = {};
2516 struct cls_fl_filter *f = NULL;
2519 /* hw_filters list can only be changed by hw offload functions after
2520 * obtaining rtnl lock. Make sure it is not changed while reoffload is
2525 while ((f = fl_get_next_hw_filter(tp, f, add))) {
2527 flow_rule_alloc(tcf_exts_num_actions(&f->exts));
2528 if (!cls_flower.rule) {
2533 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags,
2535 cls_flower.command = add ?
2536 FLOW_CLS_REPLACE : FLOW_CLS_DESTROY;
2537 cls_flower.cookie = (unsigned long)f;
2538 cls_flower.rule->match.dissector = &f->mask->dissector;
2539 cls_flower.rule->match.mask = &f->mask->key;
2540 cls_flower.rule->match.key = &f->mkey;
2542 err = tc_setup_offload_action(&cls_flower.rule->action, &f->exts,
2543 cls_flower.common.extack);
2545 kfree(cls_flower.rule);
2546 if (tc_skip_sw(f->flags)) {
2553 cls_flower.classid = f->res.classid;
2555 err = tc_setup_cb_reoffload(block, tp, add, cb,
2556 TC_SETUP_CLSFLOWER, &cls_flower,
2559 tc_cleanup_offload_action(&cls_flower.rule->action);
2560 kfree(cls_flower.rule);
2573 static void fl_hw_add(struct tcf_proto *tp, void *type_data)
2575 struct flow_cls_offload *cls_flower = type_data;
2576 struct cls_fl_filter *f =
2577 (struct cls_fl_filter *) cls_flower->cookie;
2578 struct cls_fl_head *head = fl_head_dereference(tp);
2580 spin_lock(&tp->lock);
2581 list_add(&f->hw_list, &head->hw_filters);
2582 spin_unlock(&tp->lock);
2585 static void fl_hw_del(struct tcf_proto *tp, void *type_data)
2587 struct flow_cls_offload *cls_flower = type_data;
2588 struct cls_fl_filter *f =
2589 (struct cls_fl_filter *) cls_flower->cookie;
2591 spin_lock(&tp->lock);
2592 if (!list_empty(&f->hw_list))
2593 list_del_init(&f->hw_list);
2594 spin_unlock(&tp->lock);
2597 static int fl_hw_create_tmplt(struct tcf_chain *chain,
2598 struct fl_flow_tmplt *tmplt)
2600 struct flow_cls_offload cls_flower = {};
2601 struct tcf_block *block = chain->block;
2603 cls_flower.rule = flow_rule_alloc(0);
2604 if (!cls_flower.rule)
2607 cls_flower.common.chain_index = chain->index;
2608 cls_flower.command = FLOW_CLS_TMPLT_CREATE;
2609 cls_flower.cookie = (unsigned long) tmplt;
2610 cls_flower.rule->match.dissector = &tmplt->dissector;
2611 cls_flower.rule->match.mask = &tmplt->mask;
2612 cls_flower.rule->match.key = &tmplt->dummy_key;
2614 /* We don't care if driver (any of them) fails to handle this
2615 * call. It serves just as a hint for it.
2617 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
2618 kfree(cls_flower.rule);
2623 static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
2624 struct fl_flow_tmplt *tmplt)
2626 struct flow_cls_offload cls_flower = {};
2627 struct tcf_block *block = chain->block;
2629 cls_flower.common.chain_index = chain->index;
2630 cls_flower.command = FLOW_CLS_TMPLT_DESTROY;
2631 cls_flower.cookie = (unsigned long) tmplt;
2633 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
2636 static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
2637 struct nlattr **tca,
2638 struct netlink_ext_ack *extack)
2640 struct fl_flow_tmplt *tmplt;
2644 if (!tca[TCA_OPTIONS])
2645 return ERR_PTR(-EINVAL);
2647 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
2649 return ERR_PTR(-ENOBUFS);
2650 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
2651 tca[TCA_OPTIONS], fl_policy, NULL);
2655 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
2660 tmplt->chain = chain;
2661 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
2665 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
2667 err = fl_hw_create_tmplt(chain, tmplt);
2678 return ERR_PTR(err);
2681 static void fl_tmplt_destroy(void *tmplt_priv)
2683 struct fl_flow_tmplt *tmplt = tmplt_priv;
2685 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
2689 static int fl_dump_key_val(struct sk_buff *skb,
2690 void *val, int val_type,
2691 void *mask, int mask_type, int len)
2695 if (!memchr_inv(mask, 0, len))
2697 err = nla_put(skb, val_type, len, val);
2700 if (mask_type != TCA_FLOWER_UNSPEC) {
2701 err = nla_put(skb, mask_type, len, mask);
2708 static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
2709 struct fl_flow_key *mask)
2711 if (fl_dump_key_val(skb, &key->tp_range.tp_min.dst,
2712 TCA_FLOWER_KEY_PORT_DST_MIN,
2713 &mask->tp_range.tp_min.dst, TCA_FLOWER_UNSPEC,
2714 sizeof(key->tp_range.tp_min.dst)) ||
2715 fl_dump_key_val(skb, &key->tp_range.tp_max.dst,
2716 TCA_FLOWER_KEY_PORT_DST_MAX,
2717 &mask->tp_range.tp_max.dst, TCA_FLOWER_UNSPEC,
2718 sizeof(key->tp_range.tp_max.dst)) ||
2719 fl_dump_key_val(skb, &key->tp_range.tp_min.src,
2720 TCA_FLOWER_KEY_PORT_SRC_MIN,
2721 &mask->tp_range.tp_min.src, TCA_FLOWER_UNSPEC,
2722 sizeof(key->tp_range.tp_min.src)) ||
2723 fl_dump_key_val(skb, &key->tp_range.tp_max.src,
2724 TCA_FLOWER_KEY_PORT_SRC_MAX,
2725 &mask->tp_range.tp_max.src, TCA_FLOWER_UNSPEC,
2726 sizeof(key->tp_range.tp_max.src)))
2732 static int fl_dump_key_mpls_opt_lse(struct sk_buff *skb,
2733 struct flow_dissector_key_mpls *mpls_key,
2734 struct flow_dissector_key_mpls *mpls_mask,
2737 struct flow_dissector_mpls_lse *lse_mask = &mpls_mask->ls[lse_index];
2738 struct flow_dissector_mpls_lse *lse_key = &mpls_key->ls[lse_index];
2741 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH,
2746 if (lse_mask->mpls_ttl) {
2747 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL,
2752 if (lse_mask->mpls_bos) {
2753 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS,
2758 if (lse_mask->mpls_tc) {
2759 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_OPT_LSE_TC,
2764 if (lse_mask->mpls_label) {
2765 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL,
2766 lse_key->mpls_label);
2774 static int fl_dump_key_mpls_opts(struct sk_buff *skb,
2775 struct flow_dissector_key_mpls *mpls_key,
2776 struct flow_dissector_key_mpls *mpls_mask)
2778 struct nlattr *opts;
2783 opts = nla_nest_start(skb, TCA_FLOWER_KEY_MPLS_OPTS);
2787 for (lse_index = 0; lse_index < FLOW_DIS_MPLS_MAX; lse_index++) {
2788 if (!(mpls_mask->used_lses & 1 << lse_index))
2791 lse = nla_nest_start(skb, TCA_FLOWER_KEY_MPLS_OPTS_LSE);
2797 err = fl_dump_key_mpls_opt_lse(skb, mpls_key, mpls_mask,
2801 nla_nest_end(skb, lse);
2803 nla_nest_end(skb, opts);
2808 nla_nest_cancel(skb, lse);
2810 nla_nest_cancel(skb, opts);
2815 static int fl_dump_key_mpls(struct sk_buff *skb,
2816 struct flow_dissector_key_mpls *mpls_key,
2817 struct flow_dissector_key_mpls *mpls_mask)
2819 struct flow_dissector_mpls_lse *lse_mask;
2820 struct flow_dissector_mpls_lse *lse_key;
2823 if (!mpls_mask->used_lses)
2826 lse_mask = &mpls_mask->ls[0];
2827 lse_key = &mpls_key->ls[0];
2829 /* For backward compatibility, don't use the MPLS nested attributes if
2830 * the rule can be expressed using the old attributes.
2832 if (mpls_mask->used_lses & ~1 ||
2833 (!lse_mask->mpls_ttl && !lse_mask->mpls_bos &&
2834 !lse_mask->mpls_tc && !lse_mask->mpls_label))
2835 return fl_dump_key_mpls_opts(skb, mpls_key, mpls_mask);
2837 if (lse_mask->mpls_ttl) {
2838 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
2843 if (lse_mask->mpls_tc) {
2844 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
2849 if (lse_mask->mpls_label) {
2850 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
2851 lse_key->mpls_label);
2855 if (lse_mask->mpls_bos) {
2856 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
2864 static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
2865 struct flow_dissector_key_ip *key,
2866 struct flow_dissector_key_ip *mask)
2868 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
2869 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
2870 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
2871 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
2873 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
2874 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
2880 static int fl_dump_key_vlan(struct sk_buff *skb,
2881 int vlan_id_key, int vlan_prio_key,
2882 struct flow_dissector_key_vlan *vlan_key,
2883 struct flow_dissector_key_vlan *vlan_mask)
2887 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
2889 if (vlan_mask->vlan_id) {
2890 err = nla_put_u16(skb, vlan_id_key,
2895 if (vlan_mask->vlan_priority) {
2896 err = nla_put_u8(skb, vlan_prio_key,
2897 vlan_key->vlan_priority);
2904 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
2905 u32 *flower_key, u32 *flower_mask,
2906 u32 flower_flag_bit, u32 dissector_flag_bit)
2908 if (dissector_mask & dissector_flag_bit) {
2909 *flower_mask |= flower_flag_bit;
2910 if (dissector_key & dissector_flag_bit)
2911 *flower_key |= flower_flag_bit;
2915 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
2921 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
2927 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2928 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
2929 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2930 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
2931 FLOW_DIS_FIRST_FRAG);
2933 _key = cpu_to_be32(key);
2934 _mask = cpu_to_be32(mask);
2936 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
2940 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
2943 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
2944 struct flow_dissector_key_enc_opts *enc_opts)
2946 struct geneve_opt *opt;
2947 struct nlattr *nest;
2950 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
2952 goto nla_put_failure;
2954 while (enc_opts->len > opt_off) {
2955 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
2957 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
2959 goto nla_put_failure;
2960 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
2962 goto nla_put_failure;
2963 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
2964 opt->length * 4, opt->opt_data))
2965 goto nla_put_failure;
2967 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
2969 nla_nest_end(skb, nest);
2973 nla_nest_cancel(skb, nest);
2977 static int fl_dump_key_vxlan_opt(struct sk_buff *skb,
2978 struct flow_dissector_key_enc_opts *enc_opts)
2980 struct vxlan_metadata *md;
2981 struct nlattr *nest;
2983 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_VXLAN);
2985 goto nla_put_failure;
2987 md = (struct vxlan_metadata *)&enc_opts->data[0];
2988 if (nla_put_u32(skb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP, md->gbp))
2989 goto nla_put_failure;
2991 nla_nest_end(skb, nest);
2995 nla_nest_cancel(skb, nest);
2999 static int fl_dump_key_erspan_opt(struct sk_buff *skb,
3000 struct flow_dissector_key_enc_opts *enc_opts)
3002 struct erspan_metadata *md;
3003 struct nlattr *nest;
3005 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_ERSPAN);
3007 goto nla_put_failure;
3009 md = (struct erspan_metadata *)&enc_opts->data[0];
3010 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER, md->version))
3011 goto nla_put_failure;
3013 if (md->version == 1 &&
3014 nla_put_be32(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index))
3015 goto nla_put_failure;
3017 if (md->version == 2 &&
3018 (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR,
3020 nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID,
3021 get_hwid(&md->u.md2))))
3022 goto nla_put_failure;
3024 nla_nest_end(skb, nest);
3028 nla_nest_cancel(skb, nest);
3032 static int fl_dump_key_gtp_opt(struct sk_buff *skb,
3033 struct flow_dissector_key_enc_opts *enc_opts)
3036 struct gtp_pdu_session_info *session_info;
3037 struct nlattr *nest;
3039 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GTP);
3041 goto nla_put_failure;
3043 session_info = (struct gtp_pdu_session_info *)&enc_opts->data[0];
3045 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GTP_PDU_TYPE,
3046 session_info->pdu_type))
3047 goto nla_put_failure;
3049 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GTP_QFI, session_info->qfi))
3050 goto nla_put_failure;
3052 nla_nest_end(skb, nest);
3056 nla_nest_cancel(skb, nest);
3060 static int fl_dump_key_ct(struct sk_buff *skb,
3061 struct flow_dissector_key_ct *key,
3062 struct flow_dissector_key_ct *mask)
3064 if (IS_ENABLED(CONFIG_NF_CONNTRACK) &&
3065 fl_dump_key_val(skb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
3066 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
3067 sizeof(key->ct_state)))
3068 goto nla_put_failure;
3070 if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) &&
3071 fl_dump_key_val(skb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
3072 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
3073 sizeof(key->ct_zone)))
3074 goto nla_put_failure;
3076 if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) &&
3077 fl_dump_key_val(skb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
3078 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
3079 sizeof(key->ct_mark)))
3080 goto nla_put_failure;
3082 if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) &&
3083 fl_dump_key_val(skb, &key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
3084 &mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
3085 sizeof(key->ct_labels)))
3086 goto nla_put_failure;
3094 static int fl_dump_key_cfm(struct sk_buff *skb,
3095 struct flow_dissector_key_cfm *key,
3096 struct flow_dissector_key_cfm *mask)
3098 struct nlattr *opts;
3102 if (!memchr_inv(mask, 0, sizeof(*mask)))
3105 opts = nla_nest_start(skb, TCA_FLOWER_KEY_CFM);
3109 if (FIELD_GET(FLOW_DIS_CFM_MDL_MASK, mask->mdl_ver)) {
3110 mdl = FIELD_GET(FLOW_DIS_CFM_MDL_MASK, key->mdl_ver);
3111 err = nla_put_u8(skb, TCA_FLOWER_KEY_CFM_MD_LEVEL, mdl);
3117 err = nla_put_u8(skb, TCA_FLOWER_KEY_CFM_OPCODE, key->opcode);
3122 nla_nest_end(skb, opts);
3127 nla_nest_cancel(skb, opts);
3131 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
3132 struct flow_dissector_key_enc_opts *enc_opts)
3134 struct nlattr *nest;
3140 nest = nla_nest_start_noflag(skb, enc_opt_type);
3142 goto nla_put_failure;
3144 switch (enc_opts->dst_opt_type) {
3145 case TUNNEL_GENEVE_OPT:
3146 err = fl_dump_key_geneve_opt(skb, enc_opts);
3148 goto nla_put_failure;
3150 case TUNNEL_VXLAN_OPT:
3151 err = fl_dump_key_vxlan_opt(skb, enc_opts);
3153 goto nla_put_failure;
3155 case TUNNEL_ERSPAN_OPT:
3156 err = fl_dump_key_erspan_opt(skb, enc_opts);
3158 goto nla_put_failure;
3160 case TUNNEL_GTP_OPT:
3161 err = fl_dump_key_gtp_opt(skb, enc_opts);
3163 goto nla_put_failure;
3166 goto nla_put_failure;
3168 nla_nest_end(skb, nest);
3172 nla_nest_cancel(skb, nest);
3176 static int fl_dump_key_enc_opt(struct sk_buff *skb,
3177 struct flow_dissector_key_enc_opts *key_opts,
3178 struct flow_dissector_key_enc_opts *msk_opts)
3182 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
3186 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
3189 static int fl_dump_key(struct sk_buff *skb, struct net *net,
3190 struct fl_flow_key *key, struct fl_flow_key *mask)
3192 if (mask->meta.ingress_ifindex) {
3193 struct net_device *dev;
3195 dev = __dev_get_by_index(net, key->meta.ingress_ifindex);
3196 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
3197 goto nla_put_failure;
3200 if (fl_dump_key_val(skb, &key->meta.l2_miss,
3201 TCA_FLOWER_L2_MISS, &mask->meta.l2_miss,
3202 TCA_FLOWER_UNSPEC, sizeof(key->meta.l2_miss)))
3203 goto nla_put_failure;
3205 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
3206 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
3207 sizeof(key->eth.dst)) ||
3208 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
3209 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
3210 sizeof(key->eth.src)) ||
3211 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
3212 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
3213 sizeof(key->basic.n_proto)))
3214 goto nla_put_failure;
3216 if (mask->num_of_vlans.num_of_vlans) {
3217 if (nla_put_u8(skb, TCA_FLOWER_KEY_NUM_OF_VLANS, key->num_of_vlans.num_of_vlans))
3218 goto nla_put_failure;
3221 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
3222 goto nla_put_failure;
3224 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
3225 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
3226 goto nla_put_failure;
3228 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
3229 TCA_FLOWER_KEY_CVLAN_PRIO,
3230 &key->cvlan, &mask->cvlan) ||
3231 (mask->cvlan.vlan_tpid &&
3232 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
3233 key->cvlan.vlan_tpid)))
3234 goto nla_put_failure;
3236 if (mask->basic.n_proto) {
3237 if (mask->cvlan.vlan_eth_type) {
3238 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
3239 key->basic.n_proto))
3240 goto nla_put_failure;
3241 } else if (mask->vlan.vlan_eth_type) {
3242 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
3243 key->vlan.vlan_eth_type))
3244 goto nla_put_failure;
3248 if ((key->basic.n_proto == htons(ETH_P_IP) ||
3249 key->basic.n_proto == htons(ETH_P_IPV6)) &&
3250 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
3251 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
3252 sizeof(key->basic.ip_proto)) ||
3253 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
3254 goto nla_put_failure;
3256 if (mask->pppoe.session_id) {
3257 if (nla_put_be16(skb, TCA_FLOWER_KEY_PPPOE_SID,
3258 key->pppoe.session_id))
3259 goto nla_put_failure;
3261 if (mask->basic.n_proto && mask->pppoe.ppp_proto) {
3262 if (nla_put_be16(skb, TCA_FLOWER_KEY_PPP_PROTO,
3263 key->pppoe.ppp_proto))
3264 goto nla_put_failure;
3267 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
3268 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
3269 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
3270 sizeof(key->ipv4.src)) ||
3271 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
3272 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
3273 sizeof(key->ipv4.dst))))
3274 goto nla_put_failure;
3275 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
3276 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
3277 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
3278 sizeof(key->ipv6.src)) ||
3279 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
3280 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
3281 sizeof(key->ipv6.dst))))
3282 goto nla_put_failure;
3284 if (key->basic.ip_proto == IPPROTO_TCP &&
3285 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
3286 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
3287 sizeof(key->tp.src)) ||
3288 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
3289 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
3290 sizeof(key->tp.dst)) ||
3291 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
3292 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
3293 sizeof(key->tcp.flags))))
3294 goto nla_put_failure;
3295 else if (key->basic.ip_proto == IPPROTO_UDP &&
3296 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
3297 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
3298 sizeof(key->tp.src)) ||
3299 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
3300 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
3301 sizeof(key->tp.dst))))
3302 goto nla_put_failure;
3303 else if (key->basic.ip_proto == IPPROTO_SCTP &&
3304 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
3305 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
3306 sizeof(key->tp.src)) ||
3307 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
3308 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
3309 sizeof(key->tp.dst))))
3310 goto nla_put_failure;
3311 else if (key->basic.n_proto == htons(ETH_P_IP) &&
3312 key->basic.ip_proto == IPPROTO_ICMP &&
3313 (fl_dump_key_val(skb, &key->icmp.type,
3314 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
3315 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
3316 sizeof(key->icmp.type)) ||
3317 fl_dump_key_val(skb, &key->icmp.code,
3318 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
3319 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
3320 sizeof(key->icmp.code))))
3321 goto nla_put_failure;
3322 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
3323 key->basic.ip_proto == IPPROTO_ICMPV6 &&
3324 (fl_dump_key_val(skb, &key->icmp.type,
3325 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
3326 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
3327 sizeof(key->icmp.type)) ||
3328 fl_dump_key_val(skb, &key->icmp.code,
3329 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
3330 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
3331 sizeof(key->icmp.code))))
3332 goto nla_put_failure;
3333 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
3334 key->basic.n_proto == htons(ETH_P_RARP)) &&
3335 (fl_dump_key_val(skb, &key->arp.sip,
3336 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
3337 TCA_FLOWER_KEY_ARP_SIP_MASK,
3338 sizeof(key->arp.sip)) ||
3339 fl_dump_key_val(skb, &key->arp.tip,
3340 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
3341 TCA_FLOWER_KEY_ARP_TIP_MASK,
3342 sizeof(key->arp.tip)) ||
3343 fl_dump_key_val(skb, &key->arp.op,
3344 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
3345 TCA_FLOWER_KEY_ARP_OP_MASK,
3346 sizeof(key->arp.op)) ||
3347 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
3348 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
3349 sizeof(key->arp.sha)) ||
3350 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
3351 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
3352 sizeof(key->arp.tha))))
3353 goto nla_put_failure;
3354 else if (key->basic.ip_proto == IPPROTO_L2TP &&
3355 fl_dump_key_val(skb, &key->l2tpv3.session_id,
3356 TCA_FLOWER_KEY_L2TPV3_SID,
3357 &mask->l2tpv3.session_id,
3359 sizeof(key->l2tpv3.session_id)))
3360 goto nla_put_failure;
3362 if ((key->basic.ip_proto == IPPROTO_TCP ||
3363 key->basic.ip_proto == IPPROTO_UDP ||
3364 key->basic.ip_proto == IPPROTO_SCTP) &&
3365 fl_dump_key_port_range(skb, key, mask))
3366 goto nla_put_failure;
3368 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
3369 (fl_dump_key_val(skb, &key->enc_ipv4.src,
3370 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
3371 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
3372 sizeof(key->enc_ipv4.src)) ||
3373 fl_dump_key_val(skb, &key->enc_ipv4.dst,
3374 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
3375 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
3376 sizeof(key->enc_ipv4.dst))))
3377 goto nla_put_failure;
3378 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
3379 (fl_dump_key_val(skb, &key->enc_ipv6.src,
3380 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
3381 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
3382 sizeof(key->enc_ipv6.src)) ||
3383 fl_dump_key_val(skb, &key->enc_ipv6.dst,
3384 TCA_FLOWER_KEY_ENC_IPV6_DST,
3385 &mask->enc_ipv6.dst,
3386 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
3387 sizeof(key->enc_ipv6.dst))))
3388 goto nla_put_failure;
3390 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
3391 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
3392 sizeof(key->enc_key_id)) ||
3393 fl_dump_key_val(skb, &key->enc_tp.src,
3394 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
3396 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
3397 sizeof(key->enc_tp.src)) ||
3398 fl_dump_key_val(skb, &key->enc_tp.dst,
3399 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
3401 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
3402 sizeof(key->enc_tp.dst)) ||
3403 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
3404 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
3405 goto nla_put_failure;
3407 if (fl_dump_key_ct(skb, &key->ct, &mask->ct))
3408 goto nla_put_failure;
3410 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
3411 goto nla_put_failure;
3413 if (fl_dump_key_val(skb, &key->hash.hash, TCA_FLOWER_KEY_HASH,
3414 &mask->hash.hash, TCA_FLOWER_KEY_HASH_MASK,
3415 sizeof(key->hash.hash)))
3416 goto nla_put_failure;
3418 if (fl_dump_key_cfm(skb, &key->cfm, &mask->cfm))
3419 goto nla_put_failure;
3427 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
3428 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
3430 struct cls_fl_filter *f = fh;
3431 struct nlattr *nest;
3432 struct fl_flow_key *key, *mask;
3438 t->tcm_handle = f->handle;
3440 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
3442 goto nla_put_failure;
3444 spin_lock(&tp->lock);
3446 if (f->res.classid &&
3447 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
3448 goto nla_put_failure_locked;
3451 mask = &f->mask->key;
3452 skip_hw = tc_skip_hw(f->flags);
3454 if (fl_dump_key(skb, net, key, mask))
3455 goto nla_put_failure_locked;
3457 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
3458 goto nla_put_failure_locked;
3460 spin_unlock(&tp->lock);
3463 fl_hw_update_stats(tp, f, rtnl_held);
3465 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
3466 goto nla_put_failure;
3468 if (tcf_exts_dump(skb, &f->exts))
3469 goto nla_put_failure;
3471 nla_nest_end(skb, nest);
3473 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
3474 goto nla_put_failure;
3478 nla_put_failure_locked:
3479 spin_unlock(&tp->lock);
3481 nla_nest_cancel(skb, nest);
3485 static int fl_terse_dump(struct net *net, struct tcf_proto *tp, void *fh,
3486 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
3488 struct cls_fl_filter *f = fh;
3489 struct nlattr *nest;
3495 t->tcm_handle = f->handle;
3497 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
3499 goto nla_put_failure;
3501 spin_lock(&tp->lock);
3503 skip_hw = tc_skip_hw(f->flags);
3505 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
3506 goto nla_put_failure_locked;
3508 spin_unlock(&tp->lock);
3511 fl_hw_update_stats(tp, f, rtnl_held);
3513 if (tcf_exts_terse_dump(skb, &f->exts))
3514 goto nla_put_failure;
3516 nla_nest_end(skb, nest);
3520 nla_put_failure_locked:
3521 spin_unlock(&tp->lock);
3523 nla_nest_cancel(skb, nest);
3527 static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
3529 struct fl_flow_tmplt *tmplt = tmplt_priv;
3530 struct fl_flow_key *key, *mask;
3531 struct nlattr *nest;
3533 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
3535 goto nla_put_failure;
3537 key = &tmplt->dummy_key;
3538 mask = &tmplt->mask;
3540 if (fl_dump_key(skb, net, key, mask))
3541 goto nla_put_failure;
3543 nla_nest_end(skb, nest);
3548 nla_nest_cancel(skb, nest);
3552 static void fl_bind_class(void *fh, u32 classid, unsigned long cl, void *q,
3555 struct cls_fl_filter *f = fh;
3557 tc_cls_bind_class(classid, cl, q, &f->res, base);
3560 static bool fl_delete_empty(struct tcf_proto *tp)
3562 struct cls_fl_head *head = fl_head_dereference(tp);
3564 spin_lock(&tp->lock);
3565 tp->deleting = idr_is_empty(&head->handle_idr);
3566 spin_unlock(&tp->lock);
3568 return tp->deleting;
3571 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
3573 .classify = fl_classify,
3575 .destroy = fl_destroy,
3578 .change = fl_change,
3579 .delete = fl_delete,
3580 .delete_empty = fl_delete_empty,
3582 .reoffload = fl_reoffload,
3583 .hw_add = fl_hw_add,
3584 .hw_del = fl_hw_del,
3586 .terse_dump = fl_terse_dump,
3587 .bind_class = fl_bind_class,
3588 .tmplt_create = fl_tmplt_create,
3589 .tmplt_destroy = fl_tmplt_destroy,
3590 .tmplt_dump = fl_tmplt_dump,
3591 .get_exts = fl_get_exts,
3592 .owner = THIS_MODULE,
3593 .flags = TCF_PROTO_OPS_DOIT_UNLOCKED,
3596 static int __init cls_fl_init(void)
3598 return register_tcf_proto_ops(&cls_fl_ops);
3601 static void __exit cls_fl_exit(void)
3603 unregister_tcf_proto_ops(&cls_fl_ops);
3606 module_init(cls_fl_init);
3607 module_exit(cls_fl_exit);
3609 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
3610 MODULE_DESCRIPTION("Flower classifier");
3611 MODULE_LICENSE("GPL v2");
projects / linux-2.6-microblaze.git / blob