2 * net/sched/cls_api.c Packet classifier API.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13 * Eduardo J. Blanco <ejbs@netlabs.com.uy> :990222: kmod support
17 #include <linux/module.h>
18 #include <linux/types.h>
19 #include <linux/kernel.h>
20 #include <linux/string.h>
21 #include <linux/errno.h>
22 #include <linux/err.h>
23 #include <linux/skbuff.h>
24 #include <linux/init.h>
25 #include <linux/kmod.h>
26 #include <linux/slab.h>
27 #include <linux/idr.h>
28 #include <net/net_namespace.h>
30 #include <net/netlink.h>
31 #include <net/pkt_sched.h>
32 #include <net/pkt_cls.h>
34 extern const struct nla_policy rtm_tca_policy[TCA_MAX + 1];
36 /* The list of all installed classifier types */
37 static LIST_HEAD(tcf_proto_base);
39 /* Protects list of registered TC modules. It is pure SMP lock. */
40 static DEFINE_RWLOCK(cls_mod_lock);
42 /* Find classifier type by string name */
44 static const struct tcf_proto_ops *__tcf_proto_lookup_ops(const char *kind)
46 const struct tcf_proto_ops *t, *res = NULL;
49 read_lock(&cls_mod_lock);
50 list_for_each_entry(t, &tcf_proto_base, head) {
51 if (strcmp(kind, t->kind) == 0) {
52 if (try_module_get(t->owner))
57 read_unlock(&cls_mod_lock);
62 static const struct tcf_proto_ops *
63 tcf_proto_lookup_ops(const char *kind, struct netlink_ext_ack *extack)
65 const struct tcf_proto_ops *ops;
67 ops = __tcf_proto_lookup_ops(kind);
72 request_module("cls_%s", kind);
74 ops = __tcf_proto_lookup_ops(kind);
75 /* We dropped the RTNL semaphore in order to perform
76 * the module load. So, even if we succeeded in loading
77 * the module we have to replay the request. We indicate
81 module_put(ops->owner);
82 return ERR_PTR(-EAGAIN);
85 NL_SET_ERR_MSG(extack, "TC classifier not found");
86 return ERR_PTR(-ENOENT);
89 /* Register(unregister) new classifier type */
91 int register_tcf_proto_ops(struct tcf_proto_ops *ops)
93 struct tcf_proto_ops *t;
96 write_lock(&cls_mod_lock);
97 list_for_each_entry(t, &tcf_proto_base, head)
98 if (!strcmp(ops->kind, t->kind))
101 list_add_tail(&ops->head, &tcf_proto_base);
104 write_unlock(&cls_mod_lock);
107 EXPORT_SYMBOL(register_tcf_proto_ops);
109 static struct workqueue_struct *tc_filter_wq;
111 int unregister_tcf_proto_ops(struct tcf_proto_ops *ops)
113 struct tcf_proto_ops *t;
116 /* Wait for outstanding call_rcu()s, if any, from a
117 * tcf_proto_ops's destroy() handler.
120 flush_workqueue(tc_filter_wq);
122 write_lock(&cls_mod_lock);
123 list_for_each_entry(t, &tcf_proto_base, head) {
130 write_unlock(&cls_mod_lock);
133 EXPORT_SYMBOL(unregister_tcf_proto_ops);
135 bool tcf_queue_work(struct rcu_work *rwork, work_func_t func)
137 INIT_RCU_WORK(rwork, func);
138 return queue_rcu_work(tc_filter_wq, rwork);
140 EXPORT_SYMBOL(tcf_queue_work);
142 /* Select new prio value from the range, managed by kernel. */
144 static inline u32 tcf_auto_prio(struct tcf_proto *tp)
146 u32 first = TC_H_MAKE(0xC0000000U, 0U);
149 first = tp->prio - 1;
151 return TC_H_MAJ(first);
154 static struct tcf_proto *tcf_proto_create(const char *kind, u32 protocol,
155 u32 prio, struct tcf_chain *chain,
156 struct netlink_ext_ack *extack)
158 struct tcf_proto *tp;
161 tp = kzalloc(sizeof(*tp), GFP_KERNEL);
163 return ERR_PTR(-ENOBUFS);
165 tp->ops = tcf_proto_lookup_ops(kind, extack);
166 if (IS_ERR(tp->ops)) {
167 err = PTR_ERR(tp->ops);
170 tp->classify = tp->ops->classify;
171 tp->protocol = protocol;
175 err = tp->ops->init(tp);
177 module_put(tp->ops->owner);
187 static void tcf_proto_destroy(struct tcf_proto *tp,
188 struct netlink_ext_ack *extack)
190 tp->ops->destroy(tp, extack);
191 module_put(tp->ops->owner);
195 struct tcf_filter_chain_list_item {
196 struct list_head list;
197 tcf_chain_head_change_t *chain_head_change;
198 void *chain_head_change_priv;
201 static struct tcf_chain *tcf_chain_create(struct tcf_block *block,
204 struct tcf_chain *chain;
206 chain = kzalloc(sizeof(*chain), GFP_KERNEL);
209 list_add_tail(&chain->list, &block->chain_list);
210 chain->block = block;
211 chain->index = chain_index;
214 block->chain0.chain = chain;
218 static void tcf_chain_head_change_item(struct tcf_filter_chain_list_item *item,
219 struct tcf_proto *tp_head)
221 if (item->chain_head_change)
222 item->chain_head_change(tp_head, item->chain_head_change_priv);
225 static void tcf_chain0_head_change(struct tcf_chain *chain,
226 struct tcf_proto *tp_head)
228 struct tcf_filter_chain_list_item *item;
229 struct tcf_block *block = chain->block;
233 list_for_each_entry(item, &block->chain0.filter_chain_list, list)
234 tcf_chain_head_change_item(item, tp_head);
237 static void tcf_chain_destroy(struct tcf_chain *chain)
239 struct tcf_block *block = chain->block;
241 list_del(&chain->list);
243 block->chain0.chain = NULL;
245 if (list_empty(&block->chain_list) && block->refcnt == 0)
249 static void tcf_chain_hold(struct tcf_chain *chain)
254 static bool tcf_chain_held_by_acts_only(struct tcf_chain *chain)
256 /* In case all the references are action references, this
257 * chain should not be shown to the user.
259 return chain->refcnt == chain->action_refcnt;
262 static struct tcf_chain *tcf_chain_lookup(struct tcf_block *block,
265 struct tcf_chain *chain;
267 list_for_each_entry(chain, &block->chain_list, list) {
268 if (chain->index == chain_index)
274 static int tc_chain_notify(struct tcf_chain *chain, struct sk_buff *oskb,
275 u32 seq, u16 flags, int event, bool unicast);
277 static struct tcf_chain *__tcf_chain_get(struct tcf_block *block,
278 u32 chain_index, bool create,
281 struct tcf_chain *chain = tcf_chain_lookup(block, chain_index);
284 tcf_chain_hold(chain);
288 chain = tcf_chain_create(block, chain_index);
294 ++chain->action_refcnt;
296 /* Send notification only in case we got the first
297 * non-action reference. Until then, the chain acts only as
298 * a placeholder for actions pointing to it and user ought
299 * not know about them.
301 if (chain->refcnt - chain->action_refcnt == 1 && !by_act)
302 tc_chain_notify(chain, NULL, 0, NLM_F_CREATE | NLM_F_EXCL,
303 RTM_NEWCHAIN, false);
308 static struct tcf_chain *tcf_chain_get(struct tcf_block *block, u32 chain_index,
311 return __tcf_chain_get(block, chain_index, create, false);
314 struct tcf_chain *tcf_chain_get_by_act(struct tcf_block *block, u32 chain_index)
316 return __tcf_chain_get(block, chain_index, true, true);
318 EXPORT_SYMBOL(tcf_chain_get_by_act);
320 static void tc_chain_tmplt_del(struct tcf_chain *chain);
322 static void __tcf_chain_put(struct tcf_chain *chain, bool by_act)
325 chain->action_refcnt--;
328 /* The last dropped non-action reference will trigger notification. */
329 if (chain->refcnt - chain->action_refcnt == 0 && !by_act)
330 tc_chain_notify(chain, NULL, 0, 0, RTM_DELCHAIN, false);
332 if (chain->refcnt == 0) {
333 tc_chain_tmplt_del(chain);
334 tcf_chain_destroy(chain);
338 static void tcf_chain_put(struct tcf_chain *chain)
340 __tcf_chain_put(chain, false);
343 void tcf_chain_put_by_act(struct tcf_chain *chain)
345 __tcf_chain_put(chain, true);
347 EXPORT_SYMBOL(tcf_chain_put_by_act);
349 static void tcf_chain_put_explicitly_created(struct tcf_chain *chain)
351 if (chain->explicitly_created)
352 tcf_chain_put(chain);
355 static void tcf_chain_flush(struct tcf_chain *chain)
357 struct tcf_proto *tp = rtnl_dereference(chain->filter_chain);
359 tcf_chain0_head_change(chain, NULL);
361 RCU_INIT_POINTER(chain->filter_chain, tp->next);
362 tcf_proto_destroy(tp, NULL);
363 tp = rtnl_dereference(chain->filter_chain);
364 tcf_chain_put(chain);
368 static bool tcf_block_offload_in_use(struct tcf_block *block)
370 return block->offloadcnt;
373 static int tcf_block_offload_cmd(struct tcf_block *block,
374 struct net_device *dev,
375 struct tcf_block_ext_info *ei,
376 enum tc_block_command command,
377 struct netlink_ext_ack *extack)
379 struct tc_block_offload bo = {};
381 bo.command = command;
382 bo.binder_type = ei->binder_type;
385 return dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_BLOCK, &bo);
388 static int tcf_block_offload_bind(struct tcf_block *block, struct Qdisc *q,
389 struct tcf_block_ext_info *ei,
390 struct netlink_ext_ack *extack)
392 struct net_device *dev = q->dev_queue->dev;
395 if (!dev->netdev_ops->ndo_setup_tc)
396 goto no_offload_dev_inc;
398 /* If tc offload feature is disabled and the block we try to bind
399 * to already has some offloaded filters, forbid to bind.
401 if (!tc_can_offload(dev) && tcf_block_offload_in_use(block)) {
402 NL_SET_ERR_MSG(extack, "Bind to offloaded block failed as dev has offload disabled");
406 err = tcf_block_offload_cmd(block, dev, ei, TC_BLOCK_BIND, extack);
407 if (err == -EOPNOTSUPP)
408 goto no_offload_dev_inc;
412 if (tcf_block_offload_in_use(block))
414 block->nooffloaddevcnt++;
418 static void tcf_block_offload_unbind(struct tcf_block *block, struct Qdisc *q,
419 struct tcf_block_ext_info *ei)
421 struct net_device *dev = q->dev_queue->dev;
424 if (!dev->netdev_ops->ndo_setup_tc)
425 goto no_offload_dev_dec;
426 err = tcf_block_offload_cmd(block, dev, ei, TC_BLOCK_UNBIND, NULL);
427 if (err == -EOPNOTSUPP)
428 goto no_offload_dev_dec;
432 WARN_ON(block->nooffloaddevcnt-- == 0);
436 tcf_chain0_head_change_cb_add(struct tcf_block *block,
437 struct tcf_block_ext_info *ei,
438 struct netlink_ext_ack *extack)
440 struct tcf_chain *chain0 = block->chain0.chain;
441 struct tcf_filter_chain_list_item *item;
443 item = kmalloc(sizeof(*item), GFP_KERNEL);
445 NL_SET_ERR_MSG(extack, "Memory allocation for head change callback item failed");
448 item->chain_head_change = ei->chain_head_change;
449 item->chain_head_change_priv = ei->chain_head_change_priv;
450 if (chain0 && chain0->filter_chain)
451 tcf_chain_head_change_item(item, chain0->filter_chain);
452 list_add(&item->list, &block->chain0.filter_chain_list);
457 tcf_chain0_head_change_cb_del(struct tcf_block *block,
458 struct tcf_block_ext_info *ei)
460 struct tcf_chain *chain0 = block->chain0.chain;
461 struct tcf_filter_chain_list_item *item;
463 list_for_each_entry(item, &block->chain0.filter_chain_list, list) {
464 if ((!ei->chain_head_change && !ei->chain_head_change_priv) ||
465 (item->chain_head_change == ei->chain_head_change &&
466 item->chain_head_change_priv == ei->chain_head_change_priv)) {
468 tcf_chain_head_change_item(item, NULL);
469 list_del(&item->list);
481 static unsigned int tcf_net_id;
483 static int tcf_block_insert(struct tcf_block *block, struct net *net,
484 struct netlink_ext_ack *extack)
486 struct tcf_net *tn = net_generic(net, tcf_net_id);
488 return idr_alloc_u32(&tn->idr, block, &block->index, block->index,
492 static void tcf_block_remove(struct tcf_block *block, struct net *net)
494 struct tcf_net *tn = net_generic(net, tcf_net_id);
496 idr_remove(&tn->idr, block->index);
499 static struct tcf_block *tcf_block_create(struct net *net, struct Qdisc *q,
501 struct netlink_ext_ack *extack)
503 struct tcf_block *block;
505 block = kzalloc(sizeof(*block), GFP_KERNEL);
507 NL_SET_ERR_MSG(extack, "Memory allocation for block failed");
508 return ERR_PTR(-ENOMEM);
510 INIT_LIST_HEAD(&block->chain_list);
511 INIT_LIST_HEAD(&block->cb_list);
512 INIT_LIST_HEAD(&block->owner_list);
513 INIT_LIST_HEAD(&block->chain0.filter_chain_list);
517 block->index = block_index;
519 /* Don't store q pointer for blocks which are shared */
520 if (!tcf_block_shared(block))
525 static struct tcf_block *tcf_block_lookup(struct net *net, u32 block_index)
527 struct tcf_net *tn = net_generic(net, tcf_net_id);
529 return idr_find(&tn->idr, block_index);
533 * Set q, parent, cl when appropriate.
536 static struct tcf_block *tcf_block_find(struct net *net, struct Qdisc **q,
537 u32 *parent, unsigned long *cl,
538 int ifindex, u32 block_index,
539 struct netlink_ext_ack *extack)
541 struct tcf_block *block;
543 if (ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
544 block = tcf_block_lookup(net, block_index);
546 NL_SET_ERR_MSG(extack, "Block of given index was not found");
547 return ERR_PTR(-EINVAL);
550 const struct Qdisc_class_ops *cops;
551 struct net_device *dev;
554 dev = __dev_get_by_index(net, ifindex);
556 return ERR_PTR(-ENODEV);
561 *parent = (*q)->handle;
563 *q = qdisc_lookup(dev, TC_H_MAJ(*parent));
565 NL_SET_ERR_MSG(extack, "Parent Qdisc doesn't exists");
566 return ERR_PTR(-EINVAL);
570 /* Is it classful? */
571 cops = (*q)->ops->cl_ops;
573 NL_SET_ERR_MSG(extack, "Qdisc not classful");
574 return ERR_PTR(-EINVAL);
577 if (!cops->tcf_block) {
578 NL_SET_ERR_MSG(extack, "Class doesn't support blocks");
579 return ERR_PTR(-EOPNOTSUPP);
582 /* Do we search for filter, attached to class? */
583 if (TC_H_MIN(*parent)) {
584 *cl = cops->find(*q, *parent);
586 NL_SET_ERR_MSG(extack, "Specified class doesn't exist");
587 return ERR_PTR(-ENOENT);
591 /* And the last stroke */
592 block = cops->tcf_block(*q, *cl, extack);
594 return ERR_PTR(-EINVAL);
595 if (tcf_block_shared(block)) {
596 NL_SET_ERR_MSG(extack, "This filter block is shared. Please use the block index to manipulate the filters");
597 return ERR_PTR(-EOPNOTSUPP);
604 struct tcf_block_owner_item {
605 struct list_head list;
607 enum tcf_block_binder_type binder_type;
611 tcf_block_owner_netif_keep_dst(struct tcf_block *block,
613 enum tcf_block_binder_type binder_type)
615 if (block->keep_dst &&
616 binder_type != TCF_BLOCK_BINDER_TYPE_CLSACT_INGRESS &&
617 binder_type != TCF_BLOCK_BINDER_TYPE_CLSACT_EGRESS)
618 netif_keep_dst(qdisc_dev(q));
621 void tcf_block_netif_keep_dst(struct tcf_block *block)
623 struct tcf_block_owner_item *item;
625 block->keep_dst = true;
626 list_for_each_entry(item, &block->owner_list, list)
627 tcf_block_owner_netif_keep_dst(block, item->q,
630 EXPORT_SYMBOL(tcf_block_netif_keep_dst);
632 static int tcf_block_owner_add(struct tcf_block *block,
634 enum tcf_block_binder_type binder_type)
636 struct tcf_block_owner_item *item;
638 item = kmalloc(sizeof(*item), GFP_KERNEL);
642 item->binder_type = binder_type;
643 list_add(&item->list, &block->owner_list);
647 static void tcf_block_owner_del(struct tcf_block *block,
649 enum tcf_block_binder_type binder_type)
651 struct tcf_block_owner_item *item;
653 list_for_each_entry(item, &block->owner_list, list) {
654 if (item->q == q && item->binder_type == binder_type) {
655 list_del(&item->list);
663 int tcf_block_get_ext(struct tcf_block **p_block, struct Qdisc *q,
664 struct tcf_block_ext_info *ei,
665 struct netlink_ext_ack *extack)
667 struct net *net = qdisc_net(q);
668 struct tcf_block *block = NULL;
669 bool created = false;
672 if (ei->block_index) {
673 /* block_index not 0 means the shared block is requested */
674 block = tcf_block_lookup(net, ei->block_index);
680 block = tcf_block_create(net, q, ei->block_index, extack);
682 return PTR_ERR(block);
684 if (tcf_block_shared(block)) {
685 err = tcf_block_insert(block, net, extack);
687 goto err_block_insert;
691 err = tcf_block_owner_add(block, q, ei->binder_type);
693 goto err_block_owner_add;
695 tcf_block_owner_netif_keep_dst(block, q, ei->binder_type);
697 err = tcf_chain0_head_change_cb_add(block, ei, extack);
699 goto err_chain0_head_change_cb_add;
701 err = tcf_block_offload_bind(block, q, ei, extack);
703 goto err_block_offload_bind;
708 err_block_offload_bind:
709 tcf_chain0_head_change_cb_del(block, ei);
710 err_chain0_head_change_cb_add:
711 tcf_block_owner_del(block, q, ei->binder_type);
714 if (tcf_block_shared(block))
715 tcf_block_remove(block, net);
723 EXPORT_SYMBOL(tcf_block_get_ext);
725 static void tcf_chain_head_change_dflt(struct tcf_proto *tp_head, void *priv)
727 struct tcf_proto __rcu **p_filter_chain = priv;
729 rcu_assign_pointer(*p_filter_chain, tp_head);
732 int tcf_block_get(struct tcf_block **p_block,
733 struct tcf_proto __rcu **p_filter_chain, struct Qdisc *q,
734 struct netlink_ext_ack *extack)
736 struct tcf_block_ext_info ei = {
737 .chain_head_change = tcf_chain_head_change_dflt,
738 .chain_head_change_priv = p_filter_chain,
741 WARN_ON(!p_filter_chain);
742 return tcf_block_get_ext(p_block, q, &ei, extack);
744 EXPORT_SYMBOL(tcf_block_get);
746 /* XXX: Standalone actions are not allowed to jump to any chain, and bound
747 * actions should be all removed after flushing.
749 void tcf_block_put_ext(struct tcf_block *block, struct Qdisc *q,
750 struct tcf_block_ext_info *ei)
752 struct tcf_chain *chain, *tmp;
756 tcf_chain0_head_change_cb_del(block, ei);
757 tcf_block_owner_del(block, q, ei->binder_type);
759 if (block->refcnt == 1) {
760 if (tcf_block_shared(block))
761 tcf_block_remove(block, block->net);
763 /* Hold a refcnt for all chains, so that they don't disappear
764 * while we are iterating.
766 list_for_each_entry(chain, &block->chain_list, list)
767 tcf_chain_hold(chain);
769 list_for_each_entry(chain, &block->chain_list, list)
770 tcf_chain_flush(chain);
773 tcf_block_offload_unbind(block, q, ei);
775 if (block->refcnt == 1) {
776 /* At this point, all the chains should have refcnt >= 1. */
777 list_for_each_entry_safe(chain, tmp, &block->chain_list, list) {
778 tcf_chain_put_explicitly_created(chain);
779 tcf_chain_put(chain);
783 if (list_empty(&block->chain_list))
789 EXPORT_SYMBOL(tcf_block_put_ext);
791 void tcf_block_put(struct tcf_block *block)
793 struct tcf_block_ext_info ei = {0, };
797 tcf_block_put_ext(block, block->q, &ei);
800 EXPORT_SYMBOL(tcf_block_put);
802 struct tcf_block_cb {
803 struct list_head list;
810 void *tcf_block_cb_priv(struct tcf_block_cb *block_cb)
812 return block_cb->cb_priv;
814 EXPORT_SYMBOL(tcf_block_cb_priv);
816 struct tcf_block_cb *tcf_block_cb_lookup(struct tcf_block *block,
817 tc_setup_cb_t *cb, void *cb_ident)
818 { struct tcf_block_cb *block_cb;
820 list_for_each_entry(block_cb, &block->cb_list, list)
821 if (block_cb->cb == cb && block_cb->cb_ident == cb_ident)
825 EXPORT_SYMBOL(tcf_block_cb_lookup);
827 void tcf_block_cb_incref(struct tcf_block_cb *block_cb)
831 EXPORT_SYMBOL(tcf_block_cb_incref);
833 unsigned int tcf_block_cb_decref(struct tcf_block_cb *block_cb)
835 return --block_cb->refcnt;
837 EXPORT_SYMBOL(tcf_block_cb_decref);
840 tcf_block_playback_offloads(struct tcf_block *block, tc_setup_cb_t *cb,
841 void *cb_priv, bool add, bool offload_in_use,
842 struct netlink_ext_ack *extack)
844 struct tcf_chain *chain;
845 struct tcf_proto *tp;
848 list_for_each_entry(chain, &block->chain_list, list) {
849 for (tp = rtnl_dereference(chain->filter_chain); tp;
850 tp = rtnl_dereference(tp->next)) {
851 if (tp->ops->reoffload) {
852 err = tp->ops->reoffload(tp, add, cb, cb_priv,
855 goto err_playback_remove;
856 } else if (add && offload_in_use) {
858 NL_SET_ERR_MSG(extack, "Filter HW offload failed - classifier without re-offloading support");
859 goto err_playback_remove;
867 tcf_block_playback_offloads(block, cb, cb_priv, false, offload_in_use,
872 struct tcf_block_cb *__tcf_block_cb_register(struct tcf_block *block,
873 tc_setup_cb_t *cb, void *cb_ident,
875 struct netlink_ext_ack *extack)
877 struct tcf_block_cb *block_cb;
880 /* Replay any already present rules */
881 err = tcf_block_playback_offloads(block, cb, cb_priv, true,
882 tcf_block_offload_in_use(block),
887 block_cb = kzalloc(sizeof(*block_cb), GFP_KERNEL);
889 return ERR_PTR(-ENOMEM);
891 block_cb->cb_ident = cb_ident;
892 block_cb->cb_priv = cb_priv;
893 list_add(&block_cb->list, &block->cb_list);
896 EXPORT_SYMBOL(__tcf_block_cb_register);
898 int tcf_block_cb_register(struct tcf_block *block,
899 tc_setup_cb_t *cb, void *cb_ident,
900 void *cb_priv, struct netlink_ext_ack *extack)
902 struct tcf_block_cb *block_cb;
904 block_cb = __tcf_block_cb_register(block, cb, cb_ident, cb_priv,
906 return PTR_ERR_OR_ZERO(block_cb);
908 EXPORT_SYMBOL(tcf_block_cb_register);
910 void __tcf_block_cb_unregister(struct tcf_block *block,
911 struct tcf_block_cb *block_cb)
913 tcf_block_playback_offloads(block, block_cb->cb, block_cb->cb_priv,
914 false, tcf_block_offload_in_use(block),
916 list_del(&block_cb->list);
919 EXPORT_SYMBOL(__tcf_block_cb_unregister);
921 void tcf_block_cb_unregister(struct tcf_block *block,
922 tc_setup_cb_t *cb, void *cb_ident)
924 struct tcf_block_cb *block_cb;
926 block_cb = tcf_block_cb_lookup(block, cb, cb_ident);
929 __tcf_block_cb_unregister(block, block_cb);
931 EXPORT_SYMBOL(tcf_block_cb_unregister);
933 static int tcf_block_cb_call(struct tcf_block *block, enum tc_setup_type type,
934 void *type_data, bool err_stop)
936 struct tcf_block_cb *block_cb;
940 /* Make sure all netdevs sharing this block are offload-capable. */
941 if (block->nooffloaddevcnt && err_stop)
944 list_for_each_entry(block_cb, &block->cb_list, list) {
945 err = block_cb->cb(type, type_data, block_cb->cb_priv);
956 /* Main classifier routine: scans classifier chain attached
957 * to this qdisc, (optionally) tests for protocol and asks
958 * specific classifiers.
960 int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp,
961 struct tcf_result *res, bool compat_mode)
963 #ifdef CONFIG_NET_CLS_ACT
964 const int max_reclassify_loop = 4;
965 const struct tcf_proto *orig_tp = tp;
966 const struct tcf_proto *first_tp;
971 for (; tp; tp = rcu_dereference_bh(tp->next)) {
972 __be16 protocol = skb_protocol(skb, false);
975 if (tp->protocol != protocol &&
976 tp->protocol != htons(ETH_P_ALL))
979 err = tp->classify(skb, tp, res);
980 #ifdef CONFIG_NET_CLS_ACT
981 if (unlikely(err == TC_ACT_RECLASSIFY && !compat_mode)) {
984 } else if (unlikely(TC_ACT_EXT_CMP(err, TC_ACT_GOTO_CHAIN))) {
985 first_tp = res->goto_tp;
993 return TC_ACT_UNSPEC; /* signal: continue lookup */
994 #ifdef CONFIG_NET_CLS_ACT
996 if (unlikely(limit++ >= max_reclassify_loop)) {
997 net_notice_ratelimited("%u: reclassify loop, rule prio %u, protocol %02x\n",
998 tp->chain->block->index,
1000 ntohs(tp->protocol));
1008 EXPORT_SYMBOL(tcf_classify);
1010 struct tcf_chain_info {
1011 struct tcf_proto __rcu **pprev;
1012 struct tcf_proto __rcu *next;
1015 static struct tcf_proto *tcf_chain_tp_prev(struct tcf_chain_info *chain_info)
1017 return rtnl_dereference(*chain_info->pprev);
1020 static void tcf_chain_tp_insert(struct tcf_chain *chain,
1021 struct tcf_chain_info *chain_info,
1022 struct tcf_proto *tp)
1024 if (*chain_info->pprev == chain->filter_chain)
1025 tcf_chain0_head_change(chain, tp);
1026 RCU_INIT_POINTER(tp->next, tcf_chain_tp_prev(chain_info));
1027 rcu_assign_pointer(*chain_info->pprev, tp);
1028 tcf_chain_hold(chain);
1031 static void tcf_chain_tp_remove(struct tcf_chain *chain,
1032 struct tcf_chain_info *chain_info,
1033 struct tcf_proto *tp)
1035 struct tcf_proto *next = rtnl_dereference(chain_info->next);
1037 if (tp == chain->filter_chain)
1038 tcf_chain0_head_change(chain, next);
1039 RCU_INIT_POINTER(*chain_info->pprev, next);
1040 tcf_chain_put(chain);
1043 static struct tcf_proto *tcf_chain_tp_find(struct tcf_chain *chain,
1044 struct tcf_chain_info *chain_info,
1045 u32 protocol, u32 prio,
1048 struct tcf_proto **pprev;
1049 struct tcf_proto *tp;
1051 /* Check the chain for existence of proto-tcf with this priority */
1052 for (pprev = &chain->filter_chain;
1053 (tp = rtnl_dereference(*pprev)); pprev = &tp->next) {
1054 if (tp->prio >= prio) {
1055 if (tp->prio == prio) {
1056 if (prio_allocate ||
1057 (tp->protocol != protocol && protocol))
1058 return ERR_PTR(-EINVAL);
1065 chain_info->pprev = pprev;
1066 chain_info->next = tp ? tp->next : NULL;
1070 static int tcf_fill_node(struct net *net, struct sk_buff *skb,
1071 struct tcf_proto *tp, struct tcf_block *block,
1072 struct Qdisc *q, u32 parent, void *fh,
1073 u32 portid, u32 seq, u16 flags, int event)
1076 struct nlmsghdr *nlh;
1077 unsigned char *b = skb_tail_pointer(skb);
1079 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*tcm), flags);
1081 goto out_nlmsg_trim;
1082 tcm = nlmsg_data(nlh);
1083 tcm->tcm_family = AF_UNSPEC;
1087 tcm->tcm_ifindex = qdisc_dev(q)->ifindex;
1088 tcm->tcm_parent = parent;
1090 tcm->tcm_ifindex = TCM_IFINDEX_MAGIC_BLOCK;
1091 tcm->tcm_block_index = block->index;
1093 tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol);
1094 if (nla_put_string(skb, TCA_KIND, tp->ops->kind))
1095 goto nla_put_failure;
1096 if (nla_put_u32(skb, TCA_CHAIN, tp->chain->index))
1097 goto nla_put_failure;
1099 tcm->tcm_handle = 0;
1101 if (tp->ops->dump && tp->ops->dump(net, tp, fh, skb, tcm) < 0)
1102 goto nla_put_failure;
1104 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1113 static int tfilter_notify(struct net *net, struct sk_buff *oskb,
1114 struct nlmsghdr *n, struct tcf_proto *tp,
1115 struct tcf_block *block, struct Qdisc *q,
1116 u32 parent, void *fh, int event, bool unicast)
1118 struct sk_buff *skb;
1119 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1121 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1125 if (tcf_fill_node(net, skb, tp, block, q, parent, fh, portid,
1126 n->nlmsg_seq, n->nlmsg_flags, event) <= 0) {
1132 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1134 return rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1135 n->nlmsg_flags & NLM_F_ECHO);
1138 static int tfilter_del_notify(struct net *net, struct sk_buff *oskb,
1139 struct nlmsghdr *n, struct tcf_proto *tp,
1140 struct tcf_block *block, struct Qdisc *q,
1141 u32 parent, void *fh, bool unicast, bool *last,
1142 struct netlink_ext_ack *extack)
1144 struct sk_buff *skb;
1145 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1148 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1152 if (tcf_fill_node(net, skb, tp, block, q, parent, fh, portid,
1153 n->nlmsg_seq, n->nlmsg_flags, RTM_DELTFILTER) <= 0) {
1154 NL_SET_ERR_MSG(extack, "Failed to build del event notification");
1159 err = tp->ops->delete(tp, fh, last, extack);
1166 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1168 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1169 n->nlmsg_flags & NLM_F_ECHO);
1171 NL_SET_ERR_MSG(extack, "Failed to send filter delete notification");
1175 static void tfilter_notify_chain(struct net *net, struct sk_buff *oskb,
1176 struct tcf_block *block, struct Qdisc *q,
1177 u32 parent, struct nlmsghdr *n,
1178 struct tcf_chain *chain, int event)
1180 struct tcf_proto *tp;
1182 for (tp = rtnl_dereference(chain->filter_chain);
1183 tp; tp = rtnl_dereference(tp->next))
1184 tfilter_notify(net, oskb, n, tp, block,
1185 q, parent, NULL, event, false);
1188 static int tc_new_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1189 struct netlink_ext_ack *extack)
1191 struct net *net = sock_net(skb->sk);
1192 struct nlattr *tca[TCA_MAX + 1];
1199 struct Qdisc *q = NULL;
1200 struct tcf_chain_info chain_info;
1201 struct tcf_chain *chain = NULL;
1202 struct tcf_block *block;
1203 struct tcf_proto *tp;
1209 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1215 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1220 protocol = TC_H_MIN(t->tcm_info);
1221 prio = TC_H_MAJ(t->tcm_info);
1222 prio_allocate = false;
1223 parent = t->tcm_parent;
1227 /* If no priority is provided by the user,
1230 if (n->nlmsg_flags & NLM_F_CREATE) {
1231 prio = TC_H_MAKE(0x80000000U, 0U);
1232 prio_allocate = true;
1234 NL_SET_ERR_MSG(extack, "Invalid filter command with priority of zero");
1239 /* Find head of filter chain. */
1241 block = tcf_block_find(net, &q, &parent, &cl,
1242 t->tcm_ifindex, t->tcm_block_index, extack);
1243 if (IS_ERR(block)) {
1244 err = PTR_ERR(block);
1248 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1249 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1250 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1254 chain = tcf_chain_get(block, chain_index, true);
1256 NL_SET_ERR_MSG(extack, "Cannot create specified filter chain");
1261 tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1262 prio, prio_allocate);
1264 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1270 /* Proto-tcf does not exist, create new one */
1272 if (tca[TCA_KIND] == NULL || !protocol) {
1273 NL_SET_ERR_MSG(extack, "Filter kind and protocol must be specified");
1278 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1279 NL_SET_ERR_MSG(extack, "Need both RTM_NEWTFILTER and NLM_F_CREATE to create a new filter");
1285 prio = tcf_auto_prio(tcf_chain_tp_prev(&chain_info));
1287 tp = tcf_proto_create(nla_data(tca[TCA_KIND]),
1288 protocol, prio, chain, extack);
1294 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1295 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1300 fh = tp->ops->get(tp, t->tcm_handle);
1303 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1304 NL_SET_ERR_MSG(extack, "Need both RTM_NEWTFILTER and NLM_F_CREATE to create a new filter");
1308 } else if (n->nlmsg_flags & NLM_F_EXCL) {
1309 NL_SET_ERR_MSG(extack, "Filter already exists");
1314 if (chain->tmplt_ops && chain->tmplt_ops != tp->ops) {
1315 NL_SET_ERR_MSG(extack, "Chain template is set to a different filter kind");
1320 err = tp->ops->change(net, skb, tp, cl, t->tcm_handle, tca, &fh,
1321 n->nlmsg_flags & NLM_F_CREATE ? TCA_ACT_NOREPLACE : TCA_ACT_REPLACE,
1325 tcf_chain_tp_insert(chain, &chain_info, tp);
1326 tfilter_notify(net, skb, n, tp, block, q, parent, fh,
1327 RTM_NEWTFILTER, false);
1328 /* q pointer is NULL for shared blocks */
1330 q->flags &= ~TCQ_F_CAN_BYPASS;
1333 tcf_proto_destroy(tp, NULL);
1338 tcf_chain_put(chain);
1340 /* Replay the request. */
1345 static int tc_del_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1346 struct netlink_ext_ack *extack)
1348 struct net *net = sock_net(skb->sk);
1349 struct nlattr *tca[TCA_MAX + 1];
1355 struct Qdisc *q = NULL;
1356 struct tcf_chain_info chain_info;
1357 struct tcf_chain *chain = NULL;
1358 struct tcf_block *block;
1359 struct tcf_proto *tp = NULL;
1360 unsigned long cl = 0;
1364 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1367 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1372 protocol = TC_H_MIN(t->tcm_info);
1373 prio = TC_H_MAJ(t->tcm_info);
1374 parent = t->tcm_parent;
1376 if (prio == 0 && (protocol || t->tcm_handle || tca[TCA_KIND])) {
1377 NL_SET_ERR_MSG(extack, "Cannot flush filters with protocol, handle or kind set");
1381 /* Find head of filter chain. */
1383 block = tcf_block_find(net, &q, &parent, &cl,
1384 t->tcm_ifindex, t->tcm_block_index, extack);
1385 if (IS_ERR(block)) {
1386 err = PTR_ERR(block);
1390 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1391 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1392 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1396 chain = tcf_chain_get(block, chain_index, false);
1398 /* User requested flush on non-existent chain. Nothing to do,
1399 * so just return success.
1405 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1411 tfilter_notify_chain(net, skb, block, q, parent, n,
1412 chain, RTM_DELTFILTER);
1413 tcf_chain_flush(chain);
1418 tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1420 if (!tp || IS_ERR(tp)) {
1421 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1422 err = tp ? PTR_ERR(tp) : -ENOENT;
1424 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1425 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1430 fh = tp->ops->get(tp, t->tcm_handle);
1433 if (t->tcm_handle == 0) {
1434 tcf_chain_tp_remove(chain, &chain_info, tp);
1435 tfilter_notify(net, skb, n, tp, block, q, parent, fh,
1436 RTM_DELTFILTER, false);
1437 tcf_proto_destroy(tp, extack);
1440 NL_SET_ERR_MSG(extack, "Specified filter handle not found");
1446 err = tfilter_del_notify(net, skb, n, tp, block,
1447 q, parent, fh, false, &last,
1452 tcf_chain_tp_remove(chain, &chain_info, tp);
1453 tcf_proto_destroy(tp, extack);
1459 tcf_chain_put(chain);
1463 static int tc_get_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1464 struct netlink_ext_ack *extack)
1466 struct net *net = sock_net(skb->sk);
1467 struct nlattr *tca[TCA_MAX + 1];
1473 struct Qdisc *q = NULL;
1474 struct tcf_chain_info chain_info;
1475 struct tcf_chain *chain = NULL;
1476 struct tcf_block *block;
1477 struct tcf_proto *tp = NULL;
1478 unsigned long cl = 0;
1482 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1487 protocol = TC_H_MIN(t->tcm_info);
1488 prio = TC_H_MAJ(t->tcm_info);
1489 parent = t->tcm_parent;
1492 NL_SET_ERR_MSG(extack, "Invalid filter command with priority of zero");
1496 /* Find head of filter chain. */
1498 block = tcf_block_find(net, &q, &parent, &cl,
1499 t->tcm_ifindex, t->tcm_block_index, extack);
1500 if (IS_ERR(block)) {
1501 err = PTR_ERR(block);
1505 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1506 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1507 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1511 chain = tcf_chain_get(block, chain_index, false);
1513 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1518 tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1520 if (!tp || IS_ERR(tp)) {
1521 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1522 err = tp ? PTR_ERR(tp) : -ENOENT;
1524 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1525 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1530 fh = tp->ops->get(tp, t->tcm_handle);
1533 NL_SET_ERR_MSG(extack, "Specified filter handle not found");
1536 err = tfilter_notify(net, skb, n, tp, block, q, parent,
1537 fh, RTM_NEWTFILTER, true);
1539 NL_SET_ERR_MSG(extack, "Failed to send filter notify message");
1544 tcf_chain_put(chain);
1548 struct tcf_dump_args {
1549 struct tcf_walker w;
1550 struct sk_buff *skb;
1551 struct netlink_callback *cb;
1552 struct tcf_block *block;
1557 static int tcf_node_dump(struct tcf_proto *tp, void *n, struct tcf_walker *arg)
1559 struct tcf_dump_args *a = (void *)arg;
1560 struct net *net = sock_net(a->skb->sk);
1562 return tcf_fill_node(net, a->skb, tp, a->block, a->q, a->parent,
1563 n, NETLINK_CB(a->cb->skb).portid,
1564 a->cb->nlh->nlmsg_seq, NLM_F_MULTI,
1568 static bool tcf_chain_dump(struct tcf_chain *chain, struct Qdisc *q, u32 parent,
1569 struct sk_buff *skb, struct netlink_callback *cb,
1570 long index_start, long *p_index)
1572 struct net *net = sock_net(skb->sk);
1573 struct tcf_block *block = chain->block;
1574 struct tcmsg *tcm = nlmsg_data(cb->nlh);
1575 struct tcf_dump_args arg;
1576 struct tcf_proto *tp;
1578 for (tp = rtnl_dereference(chain->filter_chain);
1579 tp; tp = rtnl_dereference(tp->next), (*p_index)++) {
1580 if (*p_index < index_start)
1582 if (TC_H_MAJ(tcm->tcm_info) &&
1583 TC_H_MAJ(tcm->tcm_info) != tp->prio)
1585 if (TC_H_MIN(tcm->tcm_info) &&
1586 TC_H_MIN(tcm->tcm_info) != tp->protocol)
1588 if (*p_index > index_start)
1589 memset(&cb->args[1], 0,
1590 sizeof(cb->args) - sizeof(cb->args[0]));
1591 if (cb->args[1] == 0) {
1592 if (tcf_fill_node(net, skb, tp, block, q, parent, NULL,
1593 NETLINK_CB(cb->skb).portid,
1594 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1595 RTM_NEWTFILTER) <= 0)
1602 arg.w.fn = tcf_node_dump;
1607 arg.parent = parent;
1609 arg.w.skip = cb->args[1] - 1;
1611 arg.w.cookie = cb->args[2];
1612 tp->ops->walk(tp, &arg.w);
1613 cb->args[2] = arg.w.cookie;
1614 cb->args[1] = arg.w.count + 1;
1621 /* called with RTNL */
1622 static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
1624 struct net *net = sock_net(skb->sk);
1625 struct nlattr *tca[TCA_MAX + 1];
1626 struct Qdisc *q = NULL;
1627 struct tcf_block *block;
1628 struct tcf_chain *chain;
1629 struct tcmsg *tcm = nlmsg_data(cb->nlh);
1635 if (nlmsg_len(cb->nlh) < sizeof(*tcm))
1638 err = nlmsg_parse(cb->nlh, sizeof(*tcm), tca, TCA_MAX, NULL, NULL);
1642 if (tcm->tcm_ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
1643 block = tcf_block_lookup(net, tcm->tcm_block_index);
1646 /* If we work with block index, q is NULL and parent value
1647 * will never be used in the following code. The check
1648 * in tcf_fill_node prevents it. However, compiler does not
1649 * see that far, so set parent to zero to silence the warning
1650 * about parent being uninitialized.
1654 const struct Qdisc_class_ops *cops;
1655 struct net_device *dev;
1656 unsigned long cl = 0;
1658 dev = __dev_get_by_index(net, tcm->tcm_ifindex);
1662 parent = tcm->tcm_parent;
1667 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
1671 cops = q->ops->cl_ops;
1674 if (!cops->tcf_block)
1676 if (TC_H_MIN(tcm->tcm_parent)) {
1677 cl = cops->find(q, tcm->tcm_parent);
1681 block = cops->tcf_block(q, cl, NULL);
1684 if (tcf_block_shared(block))
1688 index_start = cb->args[0];
1691 list_for_each_entry(chain, &block->chain_list, list) {
1692 if (tca[TCA_CHAIN] &&
1693 nla_get_u32(tca[TCA_CHAIN]) != chain->index)
1695 if (!tcf_chain_dump(chain, q, parent, skb, cb,
1696 index_start, &index)) {
1702 cb->args[0] = index;
1705 /* If we did no progress, the error (EMSGSIZE) is real */
1706 if (skb->len == 0 && err)
1711 static int tc_chain_fill_node(struct tcf_chain *chain, struct net *net,
1712 struct sk_buff *skb, struct tcf_block *block,
1713 u32 portid, u32 seq, u16 flags, int event)
1715 unsigned char *b = skb_tail_pointer(skb);
1716 const struct tcf_proto_ops *ops;
1717 struct nlmsghdr *nlh;
1721 ops = chain->tmplt_ops;
1722 priv = chain->tmplt_priv;
1724 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*tcm), flags);
1726 goto out_nlmsg_trim;
1727 tcm = nlmsg_data(nlh);
1728 tcm->tcm_family = AF_UNSPEC;
1731 tcm->tcm_handle = 0;
1733 tcm->tcm_ifindex = qdisc_dev(block->q)->ifindex;
1734 tcm->tcm_parent = block->q->handle;
1736 tcm->tcm_ifindex = TCM_IFINDEX_MAGIC_BLOCK;
1737 tcm->tcm_block_index = block->index;
1740 if (nla_put_u32(skb, TCA_CHAIN, chain->index))
1741 goto nla_put_failure;
1744 if (nla_put_string(skb, TCA_KIND, ops->kind))
1745 goto nla_put_failure;
1746 if (ops->tmplt_dump(skb, net, priv) < 0)
1747 goto nla_put_failure;
1750 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1759 static int tc_chain_notify(struct tcf_chain *chain, struct sk_buff *oskb,
1760 u32 seq, u16 flags, int event, bool unicast)
1762 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1763 struct tcf_block *block = chain->block;
1764 struct net *net = block->net;
1765 struct sk_buff *skb;
1767 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1771 if (tc_chain_fill_node(chain, net, skb, block, portid,
1772 seq, flags, event) <= 0) {
1778 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1780 return rtnetlink_send(skb, net, portid, RTNLGRP_TC, flags & NLM_F_ECHO);
1783 static int tc_chain_tmplt_add(struct tcf_chain *chain, struct net *net,
1784 struct nlattr **tca,
1785 struct netlink_ext_ack *extack)
1787 const struct tcf_proto_ops *ops;
1790 /* If kind is not set, user did not specify template. */
1794 ops = tcf_proto_lookup_ops(nla_data(tca[TCA_KIND]), extack);
1796 return PTR_ERR(ops);
1797 if (!ops->tmplt_create || !ops->tmplt_destroy || !ops->tmplt_dump) {
1798 NL_SET_ERR_MSG(extack, "Chain templates are not supported with specified classifier");
1802 tmplt_priv = ops->tmplt_create(net, chain, tca, extack);
1803 if (IS_ERR(tmplt_priv)) {
1804 module_put(ops->owner);
1805 return PTR_ERR(tmplt_priv);
1807 chain->tmplt_ops = ops;
1808 chain->tmplt_priv = tmplt_priv;
1812 static void tc_chain_tmplt_del(struct tcf_chain *chain)
1814 const struct tcf_proto_ops *ops = chain->tmplt_ops;
1816 /* If template ops are set, no work to do for us. */
1820 ops->tmplt_destroy(chain->tmplt_priv);
1821 module_put(ops->owner);
1824 /* Add/delete/get a chain */
1826 static int tc_ctl_chain(struct sk_buff *skb, struct nlmsghdr *n,
1827 struct netlink_ext_ack *extack)
1829 struct net *net = sock_net(skb->sk);
1830 struct nlattr *tca[TCA_MAX + 1];
1834 struct Qdisc *q = NULL;
1835 struct tcf_chain *chain = NULL;
1836 struct tcf_block *block;
1840 if (n->nlmsg_type != RTM_GETCHAIN &&
1841 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1845 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1850 parent = t->tcm_parent;
1853 block = tcf_block_find(net, &q, &parent, &cl,
1854 t->tcm_ifindex, t->tcm_block_index, extack);
1856 return PTR_ERR(block);
1858 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1859 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1860 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1863 chain = tcf_chain_lookup(block, chain_index);
1864 if (n->nlmsg_type == RTM_NEWCHAIN) {
1866 if (tcf_chain_held_by_acts_only(chain)) {
1867 /* The chain exists only because there is
1868 * some action referencing it.
1870 tcf_chain_hold(chain);
1872 NL_SET_ERR_MSG(extack, "Filter chain already exists");
1876 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1877 NL_SET_ERR_MSG(extack, "Need both RTM_NEWCHAIN and NLM_F_CREATE to create a new chain");
1880 chain = tcf_chain_create(block, chain_index);
1882 NL_SET_ERR_MSG(extack, "Failed to create filter chain");
1887 if (!chain || tcf_chain_held_by_acts_only(chain)) {
1888 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1891 tcf_chain_hold(chain);
1894 switch (n->nlmsg_type) {
1896 err = tc_chain_tmplt_add(chain, net, tca, extack);
1899 /* In case the chain was successfully added, take a reference
1900 * to the chain. This ensures that an empty chain
1901 * does not disappear at the end of this function.
1903 tcf_chain_hold(chain);
1904 chain->explicitly_created = true;
1905 tc_chain_notify(chain, NULL, 0, NLM_F_CREATE | NLM_F_EXCL,
1906 RTM_NEWCHAIN, false);
1909 tfilter_notify_chain(net, skb, block, q, parent, n,
1910 chain, RTM_DELTFILTER);
1911 /* Flush the chain first as the user requested chain removal. */
1912 tcf_chain_flush(chain);
1913 /* In case the chain was successfully deleted, put a reference
1914 * to the chain previously taken during addition.
1916 tcf_chain_put_explicitly_created(chain);
1917 chain->explicitly_created = false;
1920 err = tc_chain_notify(chain, skb, n->nlmsg_seq,
1921 n->nlmsg_flags, n->nlmsg_type, true);
1923 NL_SET_ERR_MSG(extack, "Failed to send chain notify message");
1927 NL_SET_ERR_MSG(extack, "Unsupported message type");
1932 tcf_chain_put(chain);
1934 /* Replay the request. */
1939 /* called with RTNL */
1940 static int tc_dump_chain(struct sk_buff *skb, struct netlink_callback *cb)
1942 struct net *net = sock_net(skb->sk);
1943 struct nlattr *tca[TCA_MAX + 1];
1944 struct Qdisc *q = NULL;
1945 struct tcf_block *block;
1946 struct tcf_chain *chain;
1947 struct tcmsg *tcm = nlmsg_data(cb->nlh);
1953 if (nlmsg_len(cb->nlh) < sizeof(*tcm))
1956 err = nlmsg_parse(cb->nlh, sizeof(*tcm), tca, TCA_MAX, rtm_tca_policy,
1961 if (tcm->tcm_ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
1962 block = tcf_block_lookup(net, tcm->tcm_block_index);
1965 /* If we work with block index, q is NULL and parent value
1966 * will never be used in the following code. The check
1967 * in tcf_fill_node prevents it. However, compiler does not
1968 * see that far, so set parent to zero to silence the warning
1969 * about parent being uninitialized.
1973 const struct Qdisc_class_ops *cops;
1974 struct net_device *dev;
1975 unsigned long cl = 0;
1977 dev = __dev_get_by_index(net, tcm->tcm_ifindex);
1981 parent = tcm->tcm_parent;
1986 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
1990 cops = q->ops->cl_ops;
1993 if (!cops->tcf_block)
1995 if (TC_H_MIN(tcm->tcm_parent)) {
1996 cl = cops->find(q, tcm->tcm_parent);
2000 block = cops->tcf_block(q, cl, NULL);
2003 if (tcf_block_shared(block))
2007 index_start = cb->args[0];
2010 list_for_each_entry(chain, &block->chain_list, list) {
2011 if ((tca[TCA_CHAIN] &&
2012 nla_get_u32(tca[TCA_CHAIN]) != chain->index))
2014 if (index < index_start) {
2018 if (tcf_chain_held_by_acts_only(chain))
2020 err = tc_chain_fill_node(chain, net, skb, block,
2021 NETLINK_CB(cb->skb).portid,
2022 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2029 cb->args[0] = index;
2032 /* If we did no progress, the error (EMSGSIZE) is real */
2033 if (skb->len == 0 && err)
2038 void tcf_exts_destroy(struct tcf_exts *exts)
2040 #ifdef CONFIG_NET_CLS_ACT
2041 if (exts->actions) {
2042 tcf_action_destroy(exts->actions, TCA_ACT_UNBIND);
2043 kfree(exts->actions);
2045 exts->nr_actions = 0;
2048 EXPORT_SYMBOL(tcf_exts_destroy);
2050 int tcf_exts_validate(struct net *net, struct tcf_proto *tp, struct nlattr **tb,
2051 struct nlattr *rate_tlv, struct tcf_exts *exts, bool ovr,
2052 struct netlink_ext_ack *extack)
2054 #ifdef CONFIG_NET_CLS_ACT
2056 struct tc_action *act;
2057 size_t attr_size = 0;
2059 if (exts->police && tb[exts->police]) {
2060 act = tcf_action_init_1(net, tp, tb[exts->police],
2061 rate_tlv, "police", ovr,
2062 TCA_ACT_BIND, true, extack);
2064 return PTR_ERR(act);
2066 act->type = exts->type = TCA_OLD_COMPAT;
2067 exts->actions[0] = act;
2068 exts->nr_actions = 1;
2069 } else if (exts->action && tb[exts->action]) {
2072 err = tcf_action_init(net, tp, tb[exts->action],
2073 rate_tlv, NULL, ovr, TCA_ACT_BIND,
2074 exts->actions, &attr_size, true,
2078 exts->nr_actions = err;
2083 if ((exts->action && tb[exts->action]) ||
2084 (exts->police && tb[exts->police])) {
2085 NL_SET_ERR_MSG(extack, "Classifier actions are not supported per compile options (CONFIG_NET_CLS_ACT)");
2092 EXPORT_SYMBOL(tcf_exts_validate);
2094 void tcf_exts_change(struct tcf_exts *dst, struct tcf_exts *src)
2096 #ifdef CONFIG_NET_CLS_ACT
2097 struct tcf_exts old = *dst;
2100 tcf_exts_destroy(&old);
2103 EXPORT_SYMBOL(tcf_exts_change);
2105 #ifdef CONFIG_NET_CLS_ACT
2106 static struct tc_action *tcf_exts_first_act(struct tcf_exts *exts)
2108 if (exts->nr_actions == 0)
2111 return exts->actions[0];
2115 int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts)
2117 #ifdef CONFIG_NET_CLS_ACT
2118 struct nlattr *nest;
2120 if (exts->action && tcf_exts_has_actions(exts)) {
2122 * again for backward compatible mode - we want
2123 * to work with both old and new modes of entering
2124 * tc data even if iproute2 was newer - jhs
2126 if (exts->type != TCA_OLD_COMPAT) {
2127 nest = nla_nest_start(skb, exts->action);
2129 goto nla_put_failure;
2131 if (tcf_action_dump(skb, exts->actions, 0, 0) < 0)
2132 goto nla_put_failure;
2133 nla_nest_end(skb, nest);
2134 } else if (exts->police) {
2135 struct tc_action *act = tcf_exts_first_act(exts);
2136 nest = nla_nest_start(skb, exts->police);
2137 if (nest == NULL || !act)
2138 goto nla_put_failure;
2139 if (tcf_action_dump_old(skb, act, 0, 0) < 0)
2140 goto nla_put_failure;
2141 nla_nest_end(skb, nest);
2147 nla_nest_cancel(skb, nest);
2153 EXPORT_SYMBOL(tcf_exts_dump);
2156 int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts)
2158 #ifdef CONFIG_NET_CLS_ACT
2159 struct tc_action *a = tcf_exts_first_act(exts);
2160 if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0)
2165 EXPORT_SYMBOL(tcf_exts_dump_stats);
2167 static int tc_exts_setup_cb_egdev_call(struct tcf_exts *exts,
2168 enum tc_setup_type type,
2169 void *type_data, bool err_stop)
2172 #ifdef CONFIG_NET_CLS_ACT
2173 const struct tc_action *a;
2174 struct net_device *dev;
2177 if (!tcf_exts_has_actions(exts))
2180 for (i = 0; i < exts->nr_actions; i++) {
2181 a = exts->actions[i];
2182 if (!a->ops->get_dev)
2184 dev = a->ops->get_dev(a);
2187 ret = tc_setup_cb_egdev_call(dev, type, type_data, err_stop);
2188 a->ops->put_dev(dev);
2197 int tc_setup_cb_call(struct tcf_block *block, struct tcf_exts *exts,
2198 enum tc_setup_type type, void *type_data, bool err_stop)
2203 ret = tcf_block_cb_call(block, type, type_data, err_stop);
2208 if (!exts || ok_count)
2210 ret = tc_exts_setup_cb_egdev_call(exts, type, type_data, err_stop);
2217 EXPORT_SYMBOL(tc_setup_cb_call);
2219 static __net_init int tcf_net_init(struct net *net)
2221 struct tcf_net *tn = net_generic(net, tcf_net_id);
2227 static void __net_exit tcf_net_exit(struct net *net)
2229 struct tcf_net *tn = net_generic(net, tcf_net_id);
2231 idr_destroy(&tn->idr);
2234 static struct pernet_operations tcf_net_ops = {
2235 .init = tcf_net_init,
2236 .exit = tcf_net_exit,
2238 .size = sizeof(struct tcf_net),
2241 static int __init tc_filter_init(void)
2245 tc_filter_wq = alloc_ordered_workqueue("tc_filter_workqueue", 0);
2249 err = register_pernet_subsys(&tcf_net_ops);
2251 goto err_register_pernet_subsys;
2253 rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_new_tfilter, NULL, 0);
2254 rtnl_register(PF_UNSPEC, RTM_DELTFILTER, tc_del_tfilter, NULL, 0);
2255 rtnl_register(PF_UNSPEC, RTM_GETTFILTER, tc_get_tfilter,
2256 tc_dump_tfilter, 0);
2257 rtnl_register(PF_UNSPEC, RTM_NEWCHAIN, tc_ctl_chain, NULL, 0);
2258 rtnl_register(PF_UNSPEC, RTM_DELCHAIN, tc_ctl_chain, NULL, 0);
2259 rtnl_register(PF_UNSPEC, RTM_GETCHAIN, tc_ctl_chain,
2264 err_register_pernet_subsys:
2265 destroy_workqueue(tc_filter_wq);
2269 subsys_initcall(tc_filter_init);
projects / releases.git / blob