2 * net/sched/cls_flower.c Flower classifier
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
21 #include <linux/mpls.h>
23 #include <net/sch_generic.h>
24 #include <net/pkt_cls.h>
26 #include <net/flow_dissector.h>
27 #include <net/geneve.h>
30 #include <net/dst_metadata.h>
34 struct flow_dissector_key_control control;
35 struct flow_dissector_key_control enc_control;
36 struct flow_dissector_key_basic basic;
37 struct flow_dissector_key_eth_addrs eth;
38 struct flow_dissector_key_vlan vlan;
39 struct flow_dissector_key_vlan cvlan;
41 struct flow_dissector_key_ipv4_addrs ipv4;
42 struct flow_dissector_key_ipv6_addrs ipv6;
44 struct flow_dissector_key_ports tp;
45 struct flow_dissector_key_icmp icmp;
46 struct flow_dissector_key_arp arp;
47 struct flow_dissector_key_keyid enc_key_id;
49 struct flow_dissector_key_ipv4_addrs enc_ipv4;
50 struct flow_dissector_key_ipv6_addrs enc_ipv6;
52 struct flow_dissector_key_ports enc_tp;
53 struct flow_dissector_key_mpls mpls;
54 struct flow_dissector_key_tcp tcp;
55 struct flow_dissector_key_ip ip;
56 struct flow_dissector_key_ip enc_ip;
57 struct flow_dissector_key_enc_opts enc_opts;
58 struct flow_dissector_key_ports tp_min;
59 struct flow_dissector_key_ports tp_max;
60 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
62 struct fl_flow_mask_range {
63 unsigned short int start;
64 unsigned short int end;
68 struct fl_flow_key key;
69 struct fl_flow_mask_range range;
71 struct rhash_head ht_node;
73 struct rhashtable_params filter_ht_params;
74 struct flow_dissector dissector;
75 struct list_head filters;
76 struct rcu_work rwork;
77 struct list_head list;
80 struct fl_flow_tmplt {
81 struct fl_flow_key dummy_key;
82 struct fl_flow_key mask;
83 struct flow_dissector dissector;
84 struct tcf_chain *chain;
89 struct list_head masks;
90 struct rcu_work rwork;
91 struct idr handle_idr;
94 struct cls_fl_filter {
95 struct fl_flow_mask *mask;
96 struct rhash_head ht_node;
97 struct fl_flow_key mkey;
99 struct tcf_result res;
100 struct fl_flow_key key;
101 struct list_head list;
105 struct rcu_work rwork;
106 struct net_device *hw_dev;
109 static const struct rhashtable_params mask_ht_params = {
110 .key_offset = offsetof(struct fl_flow_mask, key),
111 .key_len = sizeof(struct fl_flow_key),
112 .head_offset = offsetof(struct fl_flow_mask, ht_node),
113 .automatic_shrinking = true,
116 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
118 return mask->range.end - mask->range.start;
121 static void fl_mask_update_range(struct fl_flow_mask *mask)
123 const u8 *bytes = (const u8 *) &mask->key;
124 size_t size = sizeof(mask->key);
125 size_t i, first = 0, last;
127 for (i = 0; i < size; i++) {
134 for (i = size - 1; i != first; i--) {
140 mask->range.start = rounddown(first, sizeof(long));
141 mask->range.end = roundup(last + 1, sizeof(long));
144 static void *fl_key_get_start(struct fl_flow_key *key,
145 const struct fl_flow_mask *mask)
147 return (u8 *) key + mask->range.start;
150 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
151 struct fl_flow_mask *mask)
153 const long *lkey = fl_key_get_start(key, mask);
154 const long *lmask = fl_key_get_start(&mask->key, mask);
155 long *lmkey = fl_key_get_start(mkey, mask);
158 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
159 *lmkey++ = *lkey++ & *lmask++;
162 static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
163 struct fl_flow_mask *mask)
165 const long *lmask = fl_key_get_start(&mask->key, mask);
171 ltmplt = fl_key_get_start(&tmplt->mask, mask);
172 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
173 if (~*ltmplt++ & *lmask++)
179 static void fl_clear_masked_range(struct fl_flow_key *key,
180 struct fl_flow_mask *mask)
182 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
185 static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
186 struct fl_flow_key *key,
187 struct fl_flow_key *mkey)
189 __be16 min_mask, max_mask, min_val, max_val;
191 min_mask = htons(filter->mask->key.tp_min.dst);
192 max_mask = htons(filter->mask->key.tp_max.dst);
193 min_val = htons(filter->key.tp_min.dst);
194 max_val = htons(filter->key.tp_max.dst);
196 if (min_mask && max_mask) {
197 if (htons(key->tp.dst) < min_val ||
198 htons(key->tp.dst) > max_val)
201 /* skb does not have min and max values */
202 mkey->tp_min.dst = filter->mkey.tp_min.dst;
203 mkey->tp_max.dst = filter->mkey.tp_max.dst;
208 static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
209 struct fl_flow_key *key,
210 struct fl_flow_key *mkey)
212 __be16 min_mask, max_mask, min_val, max_val;
214 min_mask = htons(filter->mask->key.tp_min.src);
215 max_mask = htons(filter->mask->key.tp_max.src);
216 min_val = htons(filter->key.tp_min.src);
217 max_val = htons(filter->key.tp_max.src);
219 if (min_mask && max_mask) {
220 if (htons(key->tp.src) < min_val ||
221 htons(key->tp.src) > max_val)
224 /* skb does not have min and max values */
225 mkey->tp_min.src = filter->mkey.tp_min.src;
226 mkey->tp_max.src = filter->mkey.tp_max.src;
231 static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
232 struct fl_flow_key *mkey)
234 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
235 mask->filter_ht_params);
238 static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
239 struct fl_flow_key *mkey,
240 struct fl_flow_key *key)
242 struct cls_fl_filter *filter, *f;
244 list_for_each_entry_rcu(filter, &mask->filters, list) {
245 if (!fl_range_port_dst_cmp(filter, key, mkey))
248 if (!fl_range_port_src_cmp(filter, key, mkey))
251 f = __fl_lookup(mask, mkey);
258 static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
259 struct fl_flow_key *mkey,
260 struct fl_flow_key *key)
262 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
263 return fl_lookup_range(mask, mkey, key);
265 return __fl_lookup(mask, mkey);
268 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
269 struct tcf_result *res)
271 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
272 struct cls_fl_filter *f;
273 struct fl_flow_mask *mask;
274 struct fl_flow_key skb_key;
275 struct fl_flow_key skb_mkey;
277 list_for_each_entry_rcu(mask, &head->masks, list) {
278 fl_clear_masked_range(&skb_key, mask);
280 skb_key.indev_ifindex = skb->skb_iif;
281 /* skb_flow_dissect() does not set n_proto in case an unknown
282 * protocol, so do it rather here.
284 skb_key.basic.n_proto = skb->protocol;
285 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
286 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
288 fl_set_masked_key(&skb_mkey, &skb_key, mask);
290 f = fl_lookup(mask, &skb_mkey, &skb_key);
291 if (f && !tc_skip_sw(f->flags)) {
293 return tcf_exts_exec(skb, &f->exts, res);
299 static int fl_init(struct tcf_proto *tp)
301 struct cls_fl_head *head;
303 head = kzalloc(sizeof(*head), GFP_KERNEL);
307 INIT_LIST_HEAD_RCU(&head->masks);
308 rcu_assign_pointer(tp->root, head);
309 idr_init(&head->handle_idr);
311 return rhashtable_init(&head->ht, &mask_ht_params);
314 static void fl_mask_free(struct fl_flow_mask *mask)
316 rhashtable_destroy(&mask->ht);
320 static void fl_mask_free_work(struct work_struct *work)
322 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
323 struct fl_flow_mask, rwork);
328 static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask,
331 if (!list_empty(&mask->filters))
334 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
335 list_del_rcu(&mask->list);
337 tcf_queue_work(&mask->rwork, fl_mask_free_work);
344 static void __fl_destroy_filter(struct cls_fl_filter *f)
346 tcf_exts_destroy(&f->exts);
347 tcf_exts_put_net(&f->exts);
351 static void fl_destroy_filter_work(struct work_struct *work)
353 struct cls_fl_filter *f = container_of(to_rcu_work(work),
354 struct cls_fl_filter, rwork);
357 __fl_destroy_filter(f);
361 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
362 struct netlink_ext_ack *extack)
364 struct tc_cls_flower_offload cls_flower = {};
365 struct tcf_block *block = tp->chain->block;
367 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
368 cls_flower.command = TC_CLSFLOWER_DESTROY;
369 cls_flower.cookie = (unsigned long) f;
371 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
372 tcf_block_offload_dec(block, &f->flags);
375 static int fl_hw_replace_filter(struct tcf_proto *tp,
376 struct cls_fl_filter *f,
377 struct netlink_ext_ack *extack)
379 struct tc_cls_flower_offload cls_flower = {};
380 struct tcf_block *block = tp->chain->block;
381 bool skip_sw = tc_skip_sw(f->flags);
384 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
385 cls_flower.command = TC_CLSFLOWER_REPLACE;
386 cls_flower.cookie = (unsigned long) f;
387 cls_flower.dissector = &f->mask->dissector;
388 cls_flower.mask = &f->mask->key;
389 cls_flower.key = &f->mkey;
390 cls_flower.exts = &f->exts;
391 cls_flower.classid = f->res.classid;
393 err = tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, skip_sw);
395 fl_hw_destroy_filter(tp, f, NULL);
397 } else if (err > 0) {
398 f->in_hw_count = err;
399 tcf_block_offload_inc(block, &f->flags);
402 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
408 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
410 struct tc_cls_flower_offload cls_flower = {};
411 struct tcf_block *block = tp->chain->block;
413 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
414 cls_flower.command = TC_CLSFLOWER_STATS;
415 cls_flower.cookie = (unsigned long) f;
416 cls_flower.exts = &f->exts;
417 cls_flower.classid = f->res.classid;
419 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
422 static bool __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
423 struct netlink_ext_ack *extack)
425 struct cls_fl_head *head = rtnl_dereference(tp->root);
426 bool async = tcf_exts_get_net(&f->exts);
429 idr_remove(&head->handle_idr, f->handle);
430 list_del_rcu(&f->list);
431 last = fl_mask_put(head, f->mask, async);
432 if (!tc_skip_hw(f->flags))
433 fl_hw_destroy_filter(tp, f, extack);
434 tcf_unbind_filter(tp, &f->res);
436 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
438 __fl_destroy_filter(f);
443 static void fl_destroy_sleepable(struct work_struct *work)
445 struct cls_fl_head *head = container_of(to_rcu_work(work),
449 rhashtable_destroy(&head->ht);
451 module_put(THIS_MODULE);
454 static void fl_destroy(struct tcf_proto *tp, struct netlink_ext_ack *extack)
456 struct cls_fl_head *head = rtnl_dereference(tp->root);
457 struct fl_flow_mask *mask, *next_mask;
458 struct cls_fl_filter *f, *next;
460 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
461 list_for_each_entry_safe(f, next, &mask->filters, list) {
462 if (__fl_delete(tp, f, extack))
466 idr_destroy(&head->handle_idr);
468 __module_get(THIS_MODULE);
469 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
472 static void *fl_get(struct tcf_proto *tp, u32 handle)
474 struct cls_fl_head *head = rtnl_dereference(tp->root);
476 return idr_find(&head->handle_idr, handle);
479 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
480 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
481 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
482 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
484 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
485 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
486 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
487 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
488 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
489 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
490 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
491 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
492 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
493 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
494 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
495 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
496 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
497 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
498 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
499 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
500 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
501 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
502 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
503 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
504 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
505 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
506 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
507 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
508 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
509 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
510 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
511 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
512 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
513 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
514 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
515 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
516 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
517 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
518 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
519 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
520 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
521 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
522 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
523 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
524 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
525 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
526 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
527 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
528 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
529 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
530 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
531 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
532 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
533 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
534 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
535 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
536 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
537 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
538 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
539 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
540 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
541 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
542 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
543 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
544 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
545 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
546 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
547 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
548 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
549 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
550 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
551 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
552 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
553 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
554 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
555 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
556 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
557 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
558 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
559 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
560 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
561 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
562 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
563 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
564 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
567 static const struct nla_policy
568 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
569 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
572 static const struct nla_policy
573 geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
574 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
575 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
576 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
580 static void fl_set_key_val(struct nlattr **tb,
581 void *val, int val_type,
582 void *mask, int mask_type, int len)
586 memcpy(val, nla_data(tb[val_type]), len);
587 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
588 memset(mask, 0xff, len);
590 memcpy(mask, nla_data(tb[mask_type]), len);
593 static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
594 struct fl_flow_key *mask)
596 fl_set_key_val(tb, &key->tp_min.dst,
597 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_min.dst,
598 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.dst));
599 fl_set_key_val(tb, &key->tp_max.dst,
600 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_max.dst,
601 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.dst));
602 fl_set_key_val(tb, &key->tp_min.src,
603 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_min.src,
604 TCA_FLOWER_UNSPEC, sizeof(key->tp_min.src));
605 fl_set_key_val(tb, &key->tp_max.src,
606 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_max.src,
607 TCA_FLOWER_UNSPEC, sizeof(key->tp_max.src));
609 if ((mask->tp_min.dst && mask->tp_max.dst &&
610 htons(key->tp_max.dst) <= htons(key->tp_min.dst)) ||
611 (mask->tp_min.src && mask->tp_max.src &&
612 htons(key->tp_max.src) <= htons(key->tp_min.src)))
618 static int fl_set_key_mpls(struct nlattr **tb,
619 struct flow_dissector_key_mpls *key_val,
620 struct flow_dissector_key_mpls *key_mask)
622 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
623 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
624 key_mask->mpls_ttl = MPLS_TTL_MASK;
626 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
627 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
629 if (bos & ~MPLS_BOS_MASK)
631 key_val->mpls_bos = bos;
632 key_mask->mpls_bos = MPLS_BOS_MASK;
634 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
635 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
637 if (tc & ~MPLS_TC_MASK)
639 key_val->mpls_tc = tc;
640 key_mask->mpls_tc = MPLS_TC_MASK;
642 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
643 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
645 if (label & ~MPLS_LABEL_MASK)
647 key_val->mpls_label = label;
648 key_mask->mpls_label = MPLS_LABEL_MASK;
653 static void fl_set_key_vlan(struct nlattr **tb,
655 int vlan_id_key, int vlan_prio_key,
656 struct flow_dissector_key_vlan *key_val,
657 struct flow_dissector_key_vlan *key_mask)
659 #define VLAN_PRIORITY_MASK 0x7
661 if (tb[vlan_id_key]) {
663 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
664 key_mask->vlan_id = VLAN_VID_MASK;
666 if (tb[vlan_prio_key]) {
667 key_val->vlan_priority =
668 nla_get_u8(tb[vlan_prio_key]) &
670 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
672 key_val->vlan_tpid = ethertype;
673 key_mask->vlan_tpid = cpu_to_be16(~0);
676 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
677 u32 *dissector_key, u32 *dissector_mask,
678 u32 flower_flag_bit, u32 dissector_flag_bit)
680 if (flower_mask & flower_flag_bit) {
681 *dissector_mask |= dissector_flag_bit;
682 if (flower_key & flower_flag_bit)
683 *dissector_key |= dissector_flag_bit;
687 static int fl_set_key_flags(struct nlattr **tb,
688 u32 *flags_key, u32 *flags_mask)
692 /* mask is mandatory for flags */
693 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
696 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
697 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
702 fl_set_key_flag(key, mask, flags_key, flags_mask,
703 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
704 fl_set_key_flag(key, mask, flags_key, flags_mask,
705 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
706 FLOW_DIS_FIRST_FRAG);
711 static void fl_set_key_ip(struct nlattr **tb, bool encap,
712 struct flow_dissector_key_ip *key,
713 struct flow_dissector_key_ip *mask)
715 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
716 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
717 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
718 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
720 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
721 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
724 static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
725 int depth, int option_len,
726 struct netlink_ext_ack *extack)
728 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
729 struct nlattr *class = NULL, *type = NULL, *data = NULL;
730 struct geneve_opt *opt;
731 int err, data_len = 0;
733 if (option_len > sizeof(struct geneve_opt))
734 data_len = option_len - sizeof(struct geneve_opt);
736 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
737 memset(opt, 0xff, option_len);
738 opt->length = data_len / 4;
743 /* If no mask has been prodived we assume an exact match. */
745 return sizeof(struct geneve_opt) + data_len;
747 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
748 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
752 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
753 nla, geneve_opt_policy, extack);
757 /* We are not allowed to omit any of CLASS, TYPE or DATA
758 * fields from the key.
761 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
762 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
763 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
764 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
768 /* Omitting any of CLASS, TYPE or DATA fields is allowed
771 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
772 int new_len = key->enc_opts.len;
774 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
775 data_len = nla_len(data);
777 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
781 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
785 new_len += sizeof(struct geneve_opt) + data_len;
786 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
787 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
788 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
791 opt->length = data_len / 4;
792 memcpy(opt->opt_data, nla_data(data), data_len);
795 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
796 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
797 opt->opt_class = nla_get_be16(class);
800 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
801 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
802 opt->type = nla_get_u8(type);
805 return sizeof(struct geneve_opt) + data_len;
808 static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
809 struct fl_flow_key *mask,
810 struct netlink_ext_ack *extack)
812 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
813 int err, option_len, key_depth, msk_depth = 0;
815 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS],
816 TCA_FLOWER_KEY_ENC_OPTS_MAX,
817 enc_opts_policy, extack);
821 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
823 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
824 err = nla_validate_nested(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
825 TCA_FLOWER_KEY_ENC_OPTS_MAX,
826 enc_opts_policy, extack);
830 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
831 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
834 nla_for_each_attr(nla_opt_key, nla_enc_key,
835 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
836 switch (nla_type(nla_opt_key)) {
837 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
839 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
840 option_len = fl_set_geneve_opt(nla_opt_key, key,
841 key_depth, option_len,
846 key->enc_opts.len += option_len;
847 /* At the same time we need to parse through the mask
848 * in order to verify exact and mask attribute lengths.
850 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
851 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
852 msk_depth, option_len,
857 mask->enc_opts.len += option_len;
858 if (key->enc_opts.len != mask->enc_opts.len) {
859 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
864 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
867 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
875 static int fl_set_key(struct net *net, struct nlattr **tb,
876 struct fl_flow_key *key, struct fl_flow_key *mask,
877 struct netlink_ext_ack *extack)
881 #ifdef CONFIG_NET_CLS_IND
882 if (tb[TCA_FLOWER_INDEV]) {
883 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
886 key->indev_ifindex = err;
887 mask->indev_ifindex = 0xffffffff;
891 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
892 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
893 sizeof(key->eth.dst));
894 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
895 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
896 sizeof(key->eth.src));
898 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
899 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
901 if (eth_type_vlan(ethertype)) {
902 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
903 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
906 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
907 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
908 if (eth_type_vlan(ethertype)) {
909 fl_set_key_vlan(tb, ethertype,
910 TCA_FLOWER_KEY_CVLAN_ID,
911 TCA_FLOWER_KEY_CVLAN_PRIO,
912 &key->cvlan, &mask->cvlan);
913 fl_set_key_val(tb, &key->basic.n_proto,
914 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
915 &mask->basic.n_proto,
917 sizeof(key->basic.n_proto));
919 key->basic.n_proto = ethertype;
920 mask->basic.n_proto = cpu_to_be16(~0);
924 key->basic.n_proto = ethertype;
925 mask->basic.n_proto = cpu_to_be16(~0);
929 if (key->basic.n_proto == htons(ETH_P_IP) ||
930 key->basic.n_proto == htons(ETH_P_IPV6)) {
931 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
932 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
933 sizeof(key->basic.ip_proto));
934 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
937 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
938 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
939 mask->control.addr_type = ~0;
940 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
941 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
942 sizeof(key->ipv4.src));
943 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
944 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
945 sizeof(key->ipv4.dst));
946 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
947 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
948 mask->control.addr_type = ~0;
949 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
950 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
951 sizeof(key->ipv6.src));
952 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
953 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
954 sizeof(key->ipv6.dst));
957 if (key->basic.ip_proto == IPPROTO_TCP) {
958 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
959 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
960 sizeof(key->tp.src));
961 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
962 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
963 sizeof(key->tp.dst));
964 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
965 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
966 sizeof(key->tcp.flags));
967 } else if (key->basic.ip_proto == IPPROTO_UDP) {
968 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
969 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
970 sizeof(key->tp.src));
971 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
972 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
973 sizeof(key->tp.dst));
974 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
975 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
976 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
977 sizeof(key->tp.src));
978 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
979 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
980 sizeof(key->tp.dst));
981 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
982 key->basic.ip_proto == IPPROTO_ICMP) {
983 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
985 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
986 sizeof(key->icmp.type));
987 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
989 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
990 sizeof(key->icmp.code));
991 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
992 key->basic.ip_proto == IPPROTO_ICMPV6) {
993 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
995 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
996 sizeof(key->icmp.type));
997 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
999 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1000 sizeof(key->icmp.code));
1001 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1002 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1003 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
1006 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1007 key->basic.n_proto == htons(ETH_P_RARP)) {
1008 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1009 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1010 sizeof(key->arp.sip));
1011 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1012 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1013 sizeof(key->arp.tip));
1014 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1015 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1016 sizeof(key->arp.op));
1017 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1018 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1019 sizeof(key->arp.sha));
1020 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1021 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1022 sizeof(key->arp.tha));
1025 if (key->basic.ip_proto == IPPROTO_TCP ||
1026 key->basic.ip_proto == IPPROTO_UDP ||
1027 key->basic.ip_proto == IPPROTO_SCTP) {
1028 ret = fl_set_key_port_range(tb, key, mask);
1033 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1034 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1035 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1036 mask->enc_control.addr_type = ~0;
1037 fl_set_key_val(tb, &key->enc_ipv4.src,
1038 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1039 &mask->enc_ipv4.src,
1040 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1041 sizeof(key->enc_ipv4.src));
1042 fl_set_key_val(tb, &key->enc_ipv4.dst,
1043 TCA_FLOWER_KEY_ENC_IPV4_DST,
1044 &mask->enc_ipv4.dst,
1045 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1046 sizeof(key->enc_ipv4.dst));
1049 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1050 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1051 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1052 mask->enc_control.addr_type = ~0;
1053 fl_set_key_val(tb, &key->enc_ipv6.src,
1054 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1055 &mask->enc_ipv6.src,
1056 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1057 sizeof(key->enc_ipv6.src));
1058 fl_set_key_val(tb, &key->enc_ipv6.dst,
1059 TCA_FLOWER_KEY_ENC_IPV6_DST,
1060 &mask->enc_ipv6.dst,
1061 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1062 sizeof(key->enc_ipv6.dst));
1065 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
1066 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
1067 sizeof(key->enc_key_id.keyid));
1069 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1070 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1071 sizeof(key->enc_tp.src));
1073 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1074 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1075 sizeof(key->enc_tp.dst));
1077 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1079 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1080 ret = fl_set_enc_opt(tb, key, mask, extack);
1085 if (tb[TCA_FLOWER_KEY_FLAGS])
1086 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
1091 static void fl_mask_copy(struct fl_flow_mask *dst,
1092 struct fl_flow_mask *src)
1094 const void *psrc = fl_key_get_start(&src->key, src);
1095 void *pdst = fl_key_get_start(&dst->key, src);
1097 memcpy(pdst, psrc, fl_mask_range(src));
1098 dst->range = src->range;
1101 static const struct rhashtable_params fl_ht_params = {
1102 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
1103 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1104 .automatic_shrinking = true,
1107 static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1109 mask->filter_ht_params = fl_ht_params;
1110 mask->filter_ht_params.key_len = fl_mask_range(mask);
1111 mask->filter_ht_params.key_offset += mask->range.start;
1113 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1116 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1117 #define FL_KEY_MEMBER_SIZE(member) FIELD_SIZEOF(struct fl_flow_key, member)
1119 #define FL_KEY_IS_MASKED(mask, member) \
1120 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1121 0, FL_KEY_MEMBER_SIZE(member)) \
1123 #define FL_KEY_SET(keys, cnt, id, member) \
1125 keys[cnt].key_id = id; \
1126 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1130 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1132 if (FL_KEY_IS_MASKED(mask, member)) \
1133 FL_KEY_SET(keys, cnt, id, member); \
1136 static void fl_init_dissector(struct flow_dissector *dissector,
1137 struct fl_flow_key *mask)
1139 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1142 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1143 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1144 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1145 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1146 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1147 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1148 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1149 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1150 if (FL_KEY_IS_MASKED(mask, tp) ||
1151 FL_KEY_IS_MASKED(mask, tp_min) || FL_KEY_IS_MASKED(mask, tp_max))
1152 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_PORTS, tp);
1153 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1154 FLOW_DISSECTOR_KEY_IP, ip);
1155 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1156 FLOW_DISSECTOR_KEY_TCP, tcp);
1157 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1158 FLOW_DISSECTOR_KEY_ICMP, icmp);
1159 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1160 FLOW_DISSECTOR_KEY_ARP, arp);
1161 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1162 FLOW_DISSECTOR_KEY_MPLS, mpls);
1163 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1164 FLOW_DISSECTOR_KEY_VLAN, vlan);
1165 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1166 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1167 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1168 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1169 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1170 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1171 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1172 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1173 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1174 FL_KEY_IS_MASKED(mask, enc_ipv6))
1175 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1177 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1178 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1179 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1180 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1181 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1182 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1184 skb_flow_dissector_init(dissector, keys, cnt);
1187 static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1188 struct fl_flow_mask *mask)
1190 struct fl_flow_mask *newmask;
1193 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1195 return ERR_PTR(-ENOMEM);
1197 fl_mask_copy(newmask, mask);
1199 if ((newmask->key.tp_min.dst && newmask->key.tp_max.dst) ||
1200 (newmask->key.tp_min.src && newmask->key.tp_max.src))
1201 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
1203 err = fl_init_mask_hashtable(newmask);
1207 fl_init_dissector(&newmask->dissector, &newmask->key);
1209 INIT_LIST_HEAD_RCU(&newmask->filters);
1211 err = rhashtable_insert_fast(&head->ht, &newmask->ht_node,
1214 goto errout_destroy;
1216 list_add_tail_rcu(&newmask->list, &head->masks);
1221 rhashtable_destroy(&newmask->ht);
1225 return ERR_PTR(err);
1228 static int fl_check_assign_mask(struct cls_fl_head *head,
1229 struct cls_fl_filter *fnew,
1230 struct cls_fl_filter *fold,
1231 struct fl_flow_mask *mask)
1233 struct fl_flow_mask *newmask;
1235 fnew->mask = rhashtable_lookup_fast(&head->ht, mask, mask_ht_params);
1240 newmask = fl_create_new_mask(head, mask);
1241 if (IS_ERR(newmask))
1242 return PTR_ERR(newmask);
1244 fnew->mask = newmask;
1245 } else if (fold && fold->mask != fnew->mask) {
1252 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1253 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1254 unsigned long base, struct nlattr **tb,
1255 struct nlattr *est, bool ovr,
1256 struct fl_flow_tmplt *tmplt,
1257 struct netlink_ext_ack *extack)
1261 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, extack);
1265 if (tb[TCA_FLOWER_CLASSID]) {
1266 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1267 tcf_bind_filter(tp, &f->res, base);
1270 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1274 fl_mask_update_range(mask);
1275 fl_set_masked_key(&f->mkey, &f->key, mask);
1277 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1278 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1285 static int fl_change(struct net *net, struct sk_buff *in_skb,
1286 struct tcf_proto *tp, unsigned long base,
1287 u32 handle, struct nlattr **tca,
1288 void **arg, bool ovr, struct netlink_ext_ack *extack)
1290 struct cls_fl_head *head = rtnl_dereference(tp->root);
1291 struct cls_fl_filter *fold = *arg;
1292 struct cls_fl_filter *fnew;
1294 struct fl_flow_mask mask = {};
1297 if (!tca[TCA_OPTIONS])
1300 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1304 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1309 if (fold && handle && fold->handle != handle) {
1314 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1320 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
1326 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1327 INT_MAX, GFP_KERNEL);
1329 /* user specifies a handle and it doesn't exist */
1330 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1331 handle, GFP_KERNEL);
1335 fnew->handle = handle;
1337 if (tb[TCA_FLOWER_FLAGS]) {
1338 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1340 if (!tc_flags_valid(fnew->flags)) {
1346 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr,
1347 tp->chain->tmplt_priv, extack);
1351 err = fl_check_assign_mask(head, fnew, fold, &mask);
1355 if (!fold && __fl_lookup(fnew->mask, &fnew->mkey)) {
1360 err = rhashtable_insert_fast(&fnew->mask->ht, &fnew->ht_node,
1361 fnew->mask->filter_ht_params);
1365 if (!tc_skip_hw(fnew->flags)) {
1366 err = fl_hw_replace_filter(tp, fnew, extack);
1371 if (!tc_in_hw(fnew->flags))
1372 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1375 rhashtable_remove_fast(&fold->mask->ht,
1377 fold->mask->filter_ht_params);
1378 if (!tc_skip_hw(fold->flags))
1379 fl_hw_destroy_filter(tp, fold, NULL);
1385 idr_replace(&head->handle_idr, fnew, fnew->handle);
1386 list_replace_rcu(&fold->list, &fnew->list);
1387 tcf_unbind_filter(tp, &fold->res);
1388 tcf_exts_get_net(&fold->exts);
1389 tcf_queue_work(&fold->rwork, fl_destroy_filter_work);
1391 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1398 fl_mask_put(head, fnew->mask, false);
1402 idr_remove(&head->handle_idr, fnew->handle);
1404 tcf_exts_destroy(&fnew->exts);
1411 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1412 struct netlink_ext_ack *extack)
1414 struct cls_fl_head *head = rtnl_dereference(tp->root);
1415 struct cls_fl_filter *f = arg;
1417 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
1418 f->mask->filter_ht_params);
1419 __fl_delete(tp, f, extack);
1420 *last = list_empty(&head->masks);
1424 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
1426 struct cls_fl_head *head = rtnl_dereference(tp->root);
1427 struct cls_fl_filter *f;
1429 arg->count = arg->skip;
1431 while ((f = idr_get_next_ul(&head->handle_idr,
1432 &arg->cookie)) != NULL) {
1433 if (arg->fn(tp, f, arg) < 0) {
1437 arg->cookie = f->handle + 1;
1442 static int fl_reoffload(struct tcf_proto *tp, bool add, tc_setup_cb_t *cb,
1443 void *cb_priv, struct netlink_ext_ack *extack)
1445 struct cls_fl_head *head = rtnl_dereference(tp->root);
1446 struct tc_cls_flower_offload cls_flower = {};
1447 struct tcf_block *block = tp->chain->block;
1448 struct fl_flow_mask *mask;
1449 struct cls_fl_filter *f;
1452 list_for_each_entry(mask, &head->masks, list) {
1453 list_for_each_entry(f, &mask->filters, list) {
1454 if (tc_skip_hw(f->flags))
1457 tc_cls_common_offload_init(&cls_flower.common, tp,
1459 cls_flower.command = add ?
1460 TC_CLSFLOWER_REPLACE : TC_CLSFLOWER_DESTROY;
1461 cls_flower.cookie = (unsigned long)f;
1462 cls_flower.dissector = &mask->dissector;
1463 cls_flower.mask = &mask->key;
1464 cls_flower.key = &f->mkey;
1465 cls_flower.exts = &f->exts;
1466 cls_flower.classid = f->res.classid;
1468 err = cb(TC_SETUP_CLSFLOWER, &cls_flower, cb_priv);
1470 if (add && tc_skip_sw(f->flags))
1475 tc_cls_offload_cnt_update(block, &f->in_hw_count,
1483 static void fl_hw_create_tmplt(struct tcf_chain *chain,
1484 struct fl_flow_tmplt *tmplt)
1486 struct tc_cls_flower_offload cls_flower = {};
1487 struct tcf_block *block = chain->block;
1488 struct tcf_exts dummy_exts = { 0, };
1490 cls_flower.common.chain_index = chain->index;
1491 cls_flower.command = TC_CLSFLOWER_TMPLT_CREATE;
1492 cls_flower.cookie = (unsigned long) tmplt;
1493 cls_flower.dissector = &tmplt->dissector;
1494 cls_flower.mask = &tmplt->mask;
1495 cls_flower.key = &tmplt->dummy_key;
1496 cls_flower.exts = &dummy_exts;
1498 /* We don't care if driver (any of them) fails to handle this
1499 * call. It serves just as a hint for it.
1501 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
1504 static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
1505 struct fl_flow_tmplt *tmplt)
1507 struct tc_cls_flower_offload cls_flower = {};
1508 struct tcf_block *block = chain->block;
1510 cls_flower.common.chain_index = chain->index;
1511 cls_flower.command = TC_CLSFLOWER_TMPLT_DESTROY;
1512 cls_flower.cookie = (unsigned long) tmplt;
1514 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false);
1517 static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
1518 struct nlattr **tca,
1519 struct netlink_ext_ack *extack)
1521 struct fl_flow_tmplt *tmplt;
1525 if (!tca[TCA_OPTIONS])
1526 return ERR_PTR(-EINVAL);
1528 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1530 return ERR_PTR(-ENOBUFS);
1531 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
1536 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
1541 tmplt->chain = chain;
1542 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
1547 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
1549 fl_hw_create_tmplt(chain, tmplt);
1557 return ERR_PTR(err);
1560 static void fl_tmplt_destroy(void *tmplt_priv)
1562 struct fl_flow_tmplt *tmplt = tmplt_priv;
1564 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
1568 static int fl_dump_key_val(struct sk_buff *skb,
1569 void *val, int val_type,
1570 void *mask, int mask_type, int len)
1574 if (!memchr_inv(mask, 0, len))
1576 err = nla_put(skb, val_type, len, val);
1579 if (mask_type != TCA_FLOWER_UNSPEC) {
1580 err = nla_put(skb, mask_type, len, mask);
1587 static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
1588 struct fl_flow_key *mask)
1590 if (fl_dump_key_val(skb, &key->tp_min.dst, TCA_FLOWER_KEY_PORT_DST_MIN,
1591 &mask->tp_min.dst, TCA_FLOWER_UNSPEC,
1592 sizeof(key->tp_min.dst)) ||
1593 fl_dump_key_val(skb, &key->tp_max.dst, TCA_FLOWER_KEY_PORT_DST_MAX,
1594 &mask->tp_max.dst, TCA_FLOWER_UNSPEC,
1595 sizeof(key->tp_max.dst)) ||
1596 fl_dump_key_val(skb, &key->tp_min.src, TCA_FLOWER_KEY_PORT_SRC_MIN,
1597 &mask->tp_min.src, TCA_FLOWER_UNSPEC,
1598 sizeof(key->tp_min.src)) ||
1599 fl_dump_key_val(skb, &key->tp_max.src, TCA_FLOWER_KEY_PORT_SRC_MAX,
1600 &mask->tp_max.src, TCA_FLOWER_UNSPEC,
1601 sizeof(key->tp_max.src)))
1607 static int fl_dump_key_mpls(struct sk_buff *skb,
1608 struct flow_dissector_key_mpls *mpls_key,
1609 struct flow_dissector_key_mpls *mpls_mask)
1613 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1615 if (mpls_mask->mpls_ttl) {
1616 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1617 mpls_key->mpls_ttl);
1621 if (mpls_mask->mpls_tc) {
1622 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1627 if (mpls_mask->mpls_label) {
1628 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1629 mpls_key->mpls_label);
1633 if (mpls_mask->mpls_bos) {
1634 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1635 mpls_key->mpls_bos);
1642 static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
1643 struct flow_dissector_key_ip *key,
1644 struct flow_dissector_key_ip *mask)
1646 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
1647 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
1648 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
1649 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
1651 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
1652 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
1658 static int fl_dump_key_vlan(struct sk_buff *skb,
1659 int vlan_id_key, int vlan_prio_key,
1660 struct flow_dissector_key_vlan *vlan_key,
1661 struct flow_dissector_key_vlan *vlan_mask)
1665 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1667 if (vlan_mask->vlan_id) {
1668 err = nla_put_u16(skb, vlan_id_key,
1673 if (vlan_mask->vlan_priority) {
1674 err = nla_put_u8(skb, vlan_prio_key,
1675 vlan_key->vlan_priority);
1682 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
1683 u32 *flower_key, u32 *flower_mask,
1684 u32 flower_flag_bit, u32 dissector_flag_bit)
1686 if (dissector_mask & dissector_flag_bit) {
1687 *flower_mask |= flower_flag_bit;
1688 if (dissector_key & dissector_flag_bit)
1689 *flower_key |= flower_flag_bit;
1693 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
1699 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
1705 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1706 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
1707 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1708 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
1709 FLOW_DIS_FIRST_FRAG);
1711 _key = cpu_to_be32(key);
1712 _mask = cpu_to_be32(mask);
1714 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
1718 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
1721 static int fl_dump_key_geneve_opt(struct sk_buff *skb,
1722 struct flow_dissector_key_enc_opts *enc_opts)
1724 struct geneve_opt *opt;
1725 struct nlattr *nest;
1728 nest = nla_nest_start(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
1730 goto nla_put_failure;
1732 while (enc_opts->len > opt_off) {
1733 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
1735 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
1737 goto nla_put_failure;
1738 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
1740 goto nla_put_failure;
1741 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
1742 opt->length * 4, opt->opt_data))
1743 goto nla_put_failure;
1745 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
1747 nla_nest_end(skb, nest);
1751 nla_nest_cancel(skb, nest);
1755 static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
1756 struct flow_dissector_key_enc_opts *enc_opts)
1758 struct nlattr *nest;
1764 nest = nla_nest_start(skb, enc_opt_type);
1766 goto nla_put_failure;
1768 switch (enc_opts->dst_opt_type) {
1769 case TUNNEL_GENEVE_OPT:
1770 err = fl_dump_key_geneve_opt(skb, enc_opts);
1772 goto nla_put_failure;
1775 goto nla_put_failure;
1777 nla_nest_end(skb, nest);
1781 nla_nest_cancel(skb, nest);
1785 static int fl_dump_key_enc_opt(struct sk_buff *skb,
1786 struct flow_dissector_key_enc_opts *key_opts,
1787 struct flow_dissector_key_enc_opts *msk_opts)
1791 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
1795 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
1798 static int fl_dump_key(struct sk_buff *skb, struct net *net,
1799 struct fl_flow_key *key, struct fl_flow_key *mask)
1801 if (mask->indev_ifindex) {
1802 struct net_device *dev;
1804 dev = __dev_get_by_index(net, key->indev_ifindex);
1805 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1806 goto nla_put_failure;
1809 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1810 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1811 sizeof(key->eth.dst)) ||
1812 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1813 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1814 sizeof(key->eth.src)) ||
1815 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1816 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1817 sizeof(key->basic.n_proto)))
1818 goto nla_put_failure;
1820 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
1821 goto nla_put_failure;
1823 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
1824 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
1825 goto nla_put_failure;
1827 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
1828 TCA_FLOWER_KEY_CVLAN_PRIO,
1829 &key->cvlan, &mask->cvlan) ||
1830 (mask->cvlan.vlan_tpid &&
1831 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1832 key->cvlan.vlan_tpid)))
1833 goto nla_put_failure;
1835 if (mask->basic.n_proto) {
1836 if (mask->cvlan.vlan_tpid) {
1837 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1838 key->basic.n_proto))
1839 goto nla_put_failure;
1840 } else if (mask->vlan.vlan_tpid) {
1841 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1842 key->basic.n_proto))
1843 goto nla_put_failure;
1847 if ((key->basic.n_proto == htons(ETH_P_IP) ||
1848 key->basic.n_proto == htons(ETH_P_IPV6)) &&
1849 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1850 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1851 sizeof(key->basic.ip_proto)) ||
1852 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
1853 goto nla_put_failure;
1855 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1856 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1857 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1858 sizeof(key->ipv4.src)) ||
1859 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1860 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1861 sizeof(key->ipv4.dst))))
1862 goto nla_put_failure;
1863 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1864 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1865 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1866 sizeof(key->ipv6.src)) ||
1867 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1868 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1869 sizeof(key->ipv6.dst))))
1870 goto nla_put_failure;
1872 if (key->basic.ip_proto == IPPROTO_TCP &&
1873 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1874 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1875 sizeof(key->tp.src)) ||
1876 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1877 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1878 sizeof(key->tp.dst)) ||
1879 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1880 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1881 sizeof(key->tcp.flags))))
1882 goto nla_put_failure;
1883 else if (key->basic.ip_proto == IPPROTO_UDP &&
1884 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1885 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1886 sizeof(key->tp.src)) ||
1887 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1888 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1889 sizeof(key->tp.dst))))
1890 goto nla_put_failure;
1891 else if (key->basic.ip_proto == IPPROTO_SCTP &&
1892 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1893 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1894 sizeof(key->tp.src)) ||
1895 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1896 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1897 sizeof(key->tp.dst))))
1898 goto nla_put_failure;
1899 else if (key->basic.n_proto == htons(ETH_P_IP) &&
1900 key->basic.ip_proto == IPPROTO_ICMP &&
1901 (fl_dump_key_val(skb, &key->icmp.type,
1902 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
1903 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1904 sizeof(key->icmp.type)) ||
1905 fl_dump_key_val(skb, &key->icmp.code,
1906 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
1907 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1908 sizeof(key->icmp.code))))
1909 goto nla_put_failure;
1910 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1911 key->basic.ip_proto == IPPROTO_ICMPV6 &&
1912 (fl_dump_key_val(skb, &key->icmp.type,
1913 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
1914 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1915 sizeof(key->icmp.type)) ||
1916 fl_dump_key_val(skb, &key->icmp.code,
1917 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
1918 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1919 sizeof(key->icmp.code))))
1920 goto nla_put_failure;
1921 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
1922 key->basic.n_proto == htons(ETH_P_RARP)) &&
1923 (fl_dump_key_val(skb, &key->arp.sip,
1924 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
1925 TCA_FLOWER_KEY_ARP_SIP_MASK,
1926 sizeof(key->arp.sip)) ||
1927 fl_dump_key_val(skb, &key->arp.tip,
1928 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
1929 TCA_FLOWER_KEY_ARP_TIP_MASK,
1930 sizeof(key->arp.tip)) ||
1931 fl_dump_key_val(skb, &key->arp.op,
1932 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
1933 TCA_FLOWER_KEY_ARP_OP_MASK,
1934 sizeof(key->arp.op)) ||
1935 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1936 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1937 sizeof(key->arp.sha)) ||
1938 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1939 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1940 sizeof(key->arp.tha))))
1941 goto nla_put_failure;
1943 if ((key->basic.ip_proto == IPPROTO_TCP ||
1944 key->basic.ip_proto == IPPROTO_UDP ||
1945 key->basic.ip_proto == IPPROTO_SCTP) &&
1946 fl_dump_key_port_range(skb, key, mask))
1947 goto nla_put_failure;
1949 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1950 (fl_dump_key_val(skb, &key->enc_ipv4.src,
1951 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
1952 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1953 sizeof(key->enc_ipv4.src)) ||
1954 fl_dump_key_val(skb, &key->enc_ipv4.dst,
1955 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
1956 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1957 sizeof(key->enc_ipv4.dst))))
1958 goto nla_put_failure;
1959 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1960 (fl_dump_key_val(skb, &key->enc_ipv6.src,
1961 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
1962 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1963 sizeof(key->enc_ipv6.src)) ||
1964 fl_dump_key_val(skb, &key->enc_ipv6.dst,
1965 TCA_FLOWER_KEY_ENC_IPV6_DST,
1966 &mask->enc_ipv6.dst,
1967 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1968 sizeof(key->enc_ipv6.dst))))
1969 goto nla_put_failure;
1971 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
1972 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
1973 sizeof(key->enc_key_id)) ||
1974 fl_dump_key_val(skb, &key->enc_tp.src,
1975 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1977 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1978 sizeof(key->enc_tp.src)) ||
1979 fl_dump_key_val(skb, &key->enc_tp.dst,
1980 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1982 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1983 sizeof(key->enc_tp.dst)) ||
1984 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
1985 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
1986 goto nla_put_failure;
1988 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
1989 goto nla_put_failure;
1997 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
1998 struct sk_buff *skb, struct tcmsg *t)
2000 struct cls_fl_filter *f = fh;
2001 struct nlattr *nest;
2002 struct fl_flow_key *key, *mask;
2007 t->tcm_handle = f->handle;
2009 nest = nla_nest_start(skb, TCA_OPTIONS);
2011 goto nla_put_failure;
2013 if (f->res.classid &&
2014 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
2015 goto nla_put_failure;
2018 mask = &f->mask->key;
2020 if (fl_dump_key(skb, net, key, mask))
2021 goto nla_put_failure;
2023 if (!tc_skip_hw(f->flags))
2024 fl_hw_update_stats(tp, f);
2026 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
2027 goto nla_put_failure;
2029 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
2030 goto nla_put_failure;
2032 if (tcf_exts_dump(skb, &f->exts))
2033 goto nla_put_failure;
2035 nla_nest_end(skb, nest);
2037 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
2038 goto nla_put_failure;
2043 nla_nest_cancel(skb, nest);
2047 static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
2049 struct fl_flow_tmplt *tmplt = tmplt_priv;
2050 struct fl_flow_key *key, *mask;
2051 struct nlattr *nest;
2053 nest = nla_nest_start(skb, TCA_OPTIONS);
2055 goto nla_put_failure;
2057 key = &tmplt->dummy_key;
2058 mask = &tmplt->mask;
2060 if (fl_dump_key(skb, net, key, mask))
2061 goto nla_put_failure;
2063 nla_nest_end(skb, nest);
2068 nla_nest_cancel(skb, nest);
2072 static void fl_bind_class(void *fh, u32 classid, unsigned long cl)
2074 struct cls_fl_filter *f = fh;
2076 if (f && f->res.classid == classid)
2080 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
2082 .classify = fl_classify,
2084 .destroy = fl_destroy,
2086 .change = fl_change,
2087 .delete = fl_delete,
2089 .reoffload = fl_reoffload,
2091 .bind_class = fl_bind_class,
2092 .tmplt_create = fl_tmplt_create,
2093 .tmplt_destroy = fl_tmplt_destroy,
2094 .tmplt_dump = fl_tmplt_dump,
2095 .owner = THIS_MODULE,
2098 static int __init cls_fl_init(void)
2100 return register_tcf_proto_ops(&cls_fl_ops);
2103 static void __exit cls_fl_exit(void)
2105 unregister_tcf_proto_ops(&cls_fl_ops);
2108 module_init(cls_fl_init);
2109 module_exit(cls_fl_exit);
2111 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2112 MODULE_DESCRIPTION("Flower classifier");
2113 MODULE_LICENSE("GPL v2");
projects / linux-2.6-microblaze.git / blob