2 * net/sched/cls_flower.c Flower classifier
4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/rhashtable.h>
16 #include <linux/workqueue.h>
18 #include <linux/if_ether.h>
19 #include <linux/in6.h>
21 #include <linux/mpls.h>
23 #include <net/sch_generic.h>
24 #include <net/pkt_cls.h>
26 #include <net/flow_dissector.h>
29 #include <net/dst_metadata.h>
33 struct flow_dissector_key_control control;
34 struct flow_dissector_key_control enc_control;
35 struct flow_dissector_key_basic basic;
36 struct flow_dissector_key_eth_addrs eth;
37 struct flow_dissector_key_vlan vlan;
39 struct flow_dissector_key_ipv4_addrs ipv4;
40 struct flow_dissector_key_ipv6_addrs ipv6;
42 struct flow_dissector_key_ports tp;
43 struct flow_dissector_key_icmp icmp;
44 struct flow_dissector_key_arp arp;
45 struct flow_dissector_key_keyid enc_key_id;
47 struct flow_dissector_key_ipv4_addrs enc_ipv4;
48 struct flow_dissector_key_ipv6_addrs enc_ipv6;
50 struct flow_dissector_key_ports enc_tp;
51 struct flow_dissector_key_mpls mpls;
52 struct flow_dissector_key_tcp tcp;
53 struct flow_dissector_key_ip ip;
54 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
56 struct fl_flow_mask_range {
57 unsigned short int start;
58 unsigned short int end;
62 struct fl_flow_key key;
63 struct fl_flow_mask_range range;
69 struct fl_flow_mask mask;
70 struct flow_dissector dissector;
72 struct list_head filters;
73 struct rhashtable_params ht_params;
75 struct work_struct work;
78 struct idr handle_idr;
81 struct cls_fl_filter {
82 struct rhash_head ht_node;
83 struct fl_flow_key mkey;
85 struct tcf_result res;
86 struct fl_flow_key key;
87 struct list_head list;
91 struct work_struct work;
94 struct net_device *hw_dev;
97 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
99 return mask->range.end - mask->range.start;
102 static void fl_mask_update_range(struct fl_flow_mask *mask)
104 const u8 *bytes = (const u8 *) &mask->key;
105 size_t size = sizeof(mask->key);
106 size_t i, first = 0, last = size - 1;
108 for (i = 0; i < sizeof(mask->key); i++) {
115 mask->range.start = rounddown(first, sizeof(long));
116 mask->range.end = roundup(last + 1, sizeof(long));
119 static void *fl_key_get_start(struct fl_flow_key *key,
120 const struct fl_flow_mask *mask)
122 return (u8 *) key + mask->range.start;
125 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
126 struct fl_flow_mask *mask)
128 const long *lkey = fl_key_get_start(key, mask);
129 const long *lmask = fl_key_get_start(&mask->key, mask);
130 long *lmkey = fl_key_get_start(mkey, mask);
133 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
134 *lmkey++ = *lkey++ & *lmask++;
137 static void fl_clear_masked_range(struct fl_flow_key *key,
138 struct fl_flow_mask *mask)
140 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
143 static struct cls_fl_filter *fl_lookup(struct cls_fl_head *head,
144 struct fl_flow_key *mkey)
146 return rhashtable_lookup_fast(&head->ht,
147 fl_key_get_start(mkey, &head->mask),
151 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
152 struct tcf_result *res)
154 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
155 struct cls_fl_filter *f;
156 struct fl_flow_key skb_key;
157 struct fl_flow_key skb_mkey;
158 struct ip_tunnel_info *info;
160 if (!atomic_read(&head->ht.nelems))
163 flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
164 fl_clear_masked_range(&skb_key, &head->mask);
166 info = skb_tunnel_info(skb);
168 struct ip_tunnel_key *key = &info->key;
170 switch (ip_tunnel_info_af(info)) {
172 skb_key.enc_control.addr_type =
173 FLOW_DISSECTOR_KEY_IPV4_ADDRS;
174 skb_key.enc_ipv4.src = key->u.ipv4.src;
175 skb_key.enc_ipv4.dst = key->u.ipv4.dst;
178 skb_key.enc_control.addr_type =
179 FLOW_DISSECTOR_KEY_IPV6_ADDRS;
180 skb_key.enc_ipv6.src = key->u.ipv6.src;
181 skb_key.enc_ipv6.dst = key->u.ipv6.dst;
185 skb_key.enc_key_id.keyid = tunnel_id_to_key32(key->tun_id);
186 skb_key.enc_tp.src = key->tp_src;
187 skb_key.enc_tp.dst = key->tp_dst;
190 skb_key.indev_ifindex = skb->skb_iif;
191 /* skb_flow_dissect() does not set n_proto in case an unknown protocol,
192 * so do it rather here.
194 skb_key.basic.n_proto = skb->protocol;
195 skb_flow_dissect(skb, &head->dissector, &skb_key, 0);
197 fl_set_masked_key(&skb_mkey, &skb_key, &head->mask);
199 f = fl_lookup(head, &skb_mkey);
200 if (f && !tc_skip_sw(f->flags)) {
202 return tcf_exts_exec(skb, &f->exts, res);
207 static int fl_init(struct tcf_proto *tp)
209 struct cls_fl_head *head;
211 head = kzalloc(sizeof(*head), GFP_KERNEL);
215 INIT_LIST_HEAD_RCU(&head->filters);
216 rcu_assign_pointer(tp->root, head);
217 idr_init(&head->handle_idr);
222 static void __fl_destroy_filter(struct cls_fl_filter *f)
224 tcf_exts_destroy(&f->exts);
225 tcf_exts_put_net(&f->exts);
229 static void fl_destroy_filter_work(struct work_struct *work)
231 struct cls_fl_filter *f = container_of(work, struct cls_fl_filter, work);
234 __fl_destroy_filter(f);
238 static void fl_destroy_filter(struct rcu_head *head)
240 struct cls_fl_filter *f = container_of(head, struct cls_fl_filter, rcu);
242 INIT_WORK(&f->work, fl_destroy_filter_work);
243 tcf_queue_work(&f->work);
246 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f)
248 struct tc_cls_flower_offload cls_flower = {};
249 struct net_device *dev = f->hw_dev;
251 if (!tc_can_offload(dev))
254 tc_cls_common_offload_init(&cls_flower.common, tp);
255 cls_flower.command = TC_CLSFLOWER_DESTROY;
256 cls_flower.cookie = (unsigned long) f;
257 cls_flower.egress_dev = f->hw_dev != tp->q->dev_queue->dev;
259 dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_CLSFLOWER, &cls_flower);
262 static int fl_hw_replace_filter(struct tcf_proto *tp,
263 struct flow_dissector *dissector,
264 struct fl_flow_key *mask,
265 struct cls_fl_filter *f)
267 struct net_device *dev = tp->q->dev_queue->dev;
268 struct tc_cls_flower_offload cls_flower = {};
271 if (!tc_can_offload(dev)) {
272 if (tcf_exts_get_dev(dev, &f->exts, &f->hw_dev) ||
273 (f->hw_dev && !tc_can_offload(f->hw_dev))) {
275 return tc_skip_sw(f->flags) ? -EINVAL : 0;
278 cls_flower.egress_dev = true;
283 tc_cls_common_offload_init(&cls_flower.common, tp);
284 cls_flower.command = TC_CLSFLOWER_REPLACE;
285 cls_flower.cookie = (unsigned long) f;
286 cls_flower.dissector = dissector;
287 cls_flower.mask = mask;
288 cls_flower.key = &f->mkey;
289 cls_flower.exts = &f->exts;
291 err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_CLSFLOWER,
294 f->flags |= TCA_CLS_FLAGS_IN_HW;
296 if (tc_skip_sw(f->flags))
301 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f)
303 struct tc_cls_flower_offload cls_flower = {};
304 struct net_device *dev = f->hw_dev;
306 if (!tc_can_offload(dev))
309 tc_cls_common_offload_init(&cls_flower.common, tp);
310 cls_flower.command = TC_CLSFLOWER_STATS;
311 cls_flower.cookie = (unsigned long) f;
312 cls_flower.exts = &f->exts;
313 cls_flower.egress_dev = f->hw_dev != tp->q->dev_queue->dev;
315 dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_CLSFLOWER,
319 static void __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f)
321 struct cls_fl_head *head = rtnl_dereference(tp->root);
323 idr_remove_ext(&head->handle_idr, f->handle);
324 list_del_rcu(&f->list);
325 if (!tc_skip_hw(f->flags))
326 fl_hw_destroy_filter(tp, f);
327 tcf_unbind_filter(tp, &f->res);
328 if (tcf_exts_get_net(&f->exts))
329 call_rcu(&f->rcu, fl_destroy_filter);
331 __fl_destroy_filter(f);
334 static void fl_destroy_sleepable(struct work_struct *work)
336 struct cls_fl_head *head = container_of(work, struct cls_fl_head,
338 if (head->mask_assigned)
339 rhashtable_destroy(&head->ht);
341 module_put(THIS_MODULE);
344 static void fl_destroy_rcu(struct rcu_head *rcu)
346 struct cls_fl_head *head = container_of(rcu, struct cls_fl_head, rcu);
348 INIT_WORK(&head->work, fl_destroy_sleepable);
349 schedule_work(&head->work);
352 static void fl_destroy(struct tcf_proto *tp)
354 struct cls_fl_head *head = rtnl_dereference(tp->root);
355 struct cls_fl_filter *f, *next;
357 list_for_each_entry_safe(f, next, &head->filters, list)
359 idr_destroy(&head->handle_idr);
361 __module_get(THIS_MODULE);
362 call_rcu(&head->rcu, fl_destroy_rcu);
365 static void *fl_get(struct tcf_proto *tp, u32 handle)
367 struct cls_fl_head *head = rtnl_dereference(tp->root);
369 return idr_find_ext(&head->handle_idr, handle);
372 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
373 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
374 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
375 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
377 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
378 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
379 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
380 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
381 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
382 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
383 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
384 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
385 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
386 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
387 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
388 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
389 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
390 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
391 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
392 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
393 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
394 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
395 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
396 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
397 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
398 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
399 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
400 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
401 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
402 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
403 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
404 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
405 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
406 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
407 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
408 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
409 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
410 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
411 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
412 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
413 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
414 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
415 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
416 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
417 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
418 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
419 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
420 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
421 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
422 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
423 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
424 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
425 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
426 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
427 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
428 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
429 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
430 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
431 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
432 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
433 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
434 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
435 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
436 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
437 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
438 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
439 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
440 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
441 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
442 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
443 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
444 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
445 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
446 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
447 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
448 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
449 [TCA_FLOWER_FLAGS] = { .type = NLA_U32 },
452 static void fl_set_key_val(struct nlattr **tb,
453 void *val, int val_type,
454 void *mask, int mask_type, int len)
458 memcpy(val, nla_data(tb[val_type]), len);
459 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
460 memset(mask, 0xff, len);
462 memcpy(mask, nla_data(tb[mask_type]), len);
465 static int fl_set_key_mpls(struct nlattr **tb,
466 struct flow_dissector_key_mpls *key_val,
467 struct flow_dissector_key_mpls *key_mask)
469 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
470 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
471 key_mask->mpls_ttl = MPLS_TTL_MASK;
473 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
474 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
476 if (bos & ~MPLS_BOS_MASK)
478 key_val->mpls_bos = bos;
479 key_mask->mpls_bos = MPLS_BOS_MASK;
481 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
482 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
484 if (tc & ~MPLS_TC_MASK)
486 key_val->mpls_tc = tc;
487 key_mask->mpls_tc = MPLS_TC_MASK;
489 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
490 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
492 if (label & ~MPLS_LABEL_MASK)
494 key_val->mpls_label = label;
495 key_mask->mpls_label = MPLS_LABEL_MASK;
500 static void fl_set_key_vlan(struct nlattr **tb,
501 struct flow_dissector_key_vlan *key_val,
502 struct flow_dissector_key_vlan *key_mask)
504 #define VLAN_PRIORITY_MASK 0x7
506 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
508 nla_get_u16(tb[TCA_FLOWER_KEY_VLAN_ID]) & VLAN_VID_MASK;
509 key_mask->vlan_id = VLAN_VID_MASK;
511 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
512 key_val->vlan_priority =
513 nla_get_u8(tb[TCA_FLOWER_KEY_VLAN_PRIO]) &
515 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
519 static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
520 u32 *dissector_key, u32 *dissector_mask,
521 u32 flower_flag_bit, u32 dissector_flag_bit)
523 if (flower_mask & flower_flag_bit) {
524 *dissector_mask |= dissector_flag_bit;
525 if (flower_key & flower_flag_bit)
526 *dissector_key |= dissector_flag_bit;
530 static int fl_set_key_flags(struct nlattr **tb,
531 u32 *flags_key, u32 *flags_mask)
535 /* mask is mandatory for flags */
536 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
539 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
540 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
545 fl_set_key_flag(key, mask, flags_key, flags_mask,
546 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
551 static void fl_set_key_ip(struct nlattr **tb,
552 struct flow_dissector_key_ip *key,
553 struct flow_dissector_key_ip *mask)
555 fl_set_key_val(tb, &key->tos, TCA_FLOWER_KEY_IP_TOS,
556 &mask->tos, TCA_FLOWER_KEY_IP_TOS_MASK,
559 fl_set_key_val(tb, &key->ttl, TCA_FLOWER_KEY_IP_TTL,
560 &mask->ttl, TCA_FLOWER_KEY_IP_TTL_MASK,
564 static int fl_set_key(struct net *net, struct nlattr **tb,
565 struct fl_flow_key *key, struct fl_flow_key *mask)
569 #ifdef CONFIG_NET_CLS_IND
570 if (tb[TCA_FLOWER_INDEV]) {
571 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV]);
574 key->indev_ifindex = err;
575 mask->indev_ifindex = 0xffffffff;
579 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
580 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
581 sizeof(key->eth.dst));
582 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
583 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
584 sizeof(key->eth.src));
586 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
587 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
589 if (ethertype == htons(ETH_P_8021Q)) {
590 fl_set_key_vlan(tb, &key->vlan, &mask->vlan);
591 fl_set_key_val(tb, &key->basic.n_proto,
592 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
593 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
594 sizeof(key->basic.n_proto));
596 key->basic.n_proto = ethertype;
597 mask->basic.n_proto = cpu_to_be16(~0);
601 if (key->basic.n_proto == htons(ETH_P_IP) ||
602 key->basic.n_proto == htons(ETH_P_IPV6)) {
603 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
604 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
605 sizeof(key->basic.ip_proto));
606 fl_set_key_ip(tb, &key->ip, &mask->ip);
609 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
610 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
611 mask->control.addr_type = ~0;
612 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
613 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
614 sizeof(key->ipv4.src));
615 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
616 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
617 sizeof(key->ipv4.dst));
618 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
619 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
620 mask->control.addr_type = ~0;
621 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
622 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
623 sizeof(key->ipv6.src));
624 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
625 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
626 sizeof(key->ipv6.dst));
629 if (key->basic.ip_proto == IPPROTO_TCP) {
630 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
631 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
632 sizeof(key->tp.src));
633 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
634 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
635 sizeof(key->tp.dst));
636 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
637 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
638 sizeof(key->tcp.flags));
639 } else if (key->basic.ip_proto == IPPROTO_UDP) {
640 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
641 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
642 sizeof(key->tp.src));
643 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
644 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
645 sizeof(key->tp.dst));
646 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
647 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
648 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
649 sizeof(key->tp.src));
650 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
651 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
652 sizeof(key->tp.dst));
653 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
654 key->basic.ip_proto == IPPROTO_ICMP) {
655 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
657 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
658 sizeof(key->icmp.type));
659 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
661 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
662 sizeof(key->icmp.code));
663 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
664 key->basic.ip_proto == IPPROTO_ICMPV6) {
665 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
667 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
668 sizeof(key->icmp.type));
669 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
671 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
672 sizeof(key->icmp.code));
673 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
674 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
675 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
678 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
679 key->basic.n_proto == htons(ETH_P_RARP)) {
680 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
681 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
682 sizeof(key->arp.sip));
683 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
684 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
685 sizeof(key->arp.tip));
686 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
687 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
688 sizeof(key->arp.op));
689 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
690 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
691 sizeof(key->arp.sha));
692 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
693 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
694 sizeof(key->arp.tha));
697 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
698 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
699 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
700 mask->enc_control.addr_type = ~0;
701 fl_set_key_val(tb, &key->enc_ipv4.src,
702 TCA_FLOWER_KEY_ENC_IPV4_SRC,
704 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
705 sizeof(key->enc_ipv4.src));
706 fl_set_key_val(tb, &key->enc_ipv4.dst,
707 TCA_FLOWER_KEY_ENC_IPV4_DST,
709 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
710 sizeof(key->enc_ipv4.dst));
713 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
714 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
715 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
716 mask->enc_control.addr_type = ~0;
717 fl_set_key_val(tb, &key->enc_ipv6.src,
718 TCA_FLOWER_KEY_ENC_IPV6_SRC,
720 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
721 sizeof(key->enc_ipv6.src));
722 fl_set_key_val(tb, &key->enc_ipv6.dst,
723 TCA_FLOWER_KEY_ENC_IPV6_DST,
725 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
726 sizeof(key->enc_ipv6.dst));
729 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
730 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
731 sizeof(key->enc_key_id.keyid));
733 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
734 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
735 sizeof(key->enc_tp.src));
737 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
738 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
739 sizeof(key->enc_tp.dst));
741 if (tb[TCA_FLOWER_KEY_FLAGS])
742 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
747 static bool fl_mask_eq(struct fl_flow_mask *mask1,
748 struct fl_flow_mask *mask2)
750 const long *lmask1 = fl_key_get_start(&mask1->key, mask1);
751 const long *lmask2 = fl_key_get_start(&mask2->key, mask2);
753 return !memcmp(&mask1->range, &mask2->range, sizeof(mask1->range)) &&
754 !memcmp(lmask1, lmask2, fl_mask_range(mask1));
757 static const struct rhashtable_params fl_ht_params = {
758 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */
759 .head_offset = offsetof(struct cls_fl_filter, ht_node),
760 .automatic_shrinking = true,
763 static int fl_init_hashtable(struct cls_fl_head *head,
764 struct fl_flow_mask *mask)
766 head->ht_params = fl_ht_params;
767 head->ht_params.key_len = fl_mask_range(mask);
768 head->ht_params.key_offset += mask->range.start;
770 return rhashtable_init(&head->ht, &head->ht_params);
773 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
774 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member))
776 #define FL_KEY_IS_MASKED(mask, member) \
777 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
778 0, FL_KEY_MEMBER_SIZE(member)) \
780 #define FL_KEY_SET(keys, cnt, id, member) \
782 keys[cnt].key_id = id; \
783 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
787 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
789 if (FL_KEY_IS_MASKED(mask, member)) \
790 FL_KEY_SET(keys, cnt, id, member); \
793 static void fl_init_dissector(struct cls_fl_head *head,
794 struct fl_flow_mask *mask)
796 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
799 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
800 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
801 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
802 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
803 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
804 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
805 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
806 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
807 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
808 FLOW_DISSECTOR_KEY_PORTS, tp);
809 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
810 FLOW_DISSECTOR_KEY_IP, ip);
811 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
812 FLOW_DISSECTOR_KEY_TCP, tcp);
813 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
814 FLOW_DISSECTOR_KEY_ICMP, icmp);
815 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
816 FLOW_DISSECTOR_KEY_ARP, arp);
817 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
818 FLOW_DISSECTOR_KEY_MPLS, mpls);
819 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
820 FLOW_DISSECTOR_KEY_VLAN, vlan);
821 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
822 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
823 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
824 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
825 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
826 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
827 if (FL_KEY_IS_MASKED(&mask->key, enc_ipv4) ||
828 FL_KEY_IS_MASKED(&mask->key, enc_ipv6))
829 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
831 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt,
832 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
834 skb_flow_dissector_init(&head->dissector, keys, cnt);
837 static int fl_check_assign_mask(struct cls_fl_head *head,
838 struct fl_flow_mask *mask)
842 if (head->mask_assigned) {
843 if (!fl_mask_eq(&head->mask, mask))
849 /* Mask is not assigned yet. So assign it and init hashtable
852 err = fl_init_hashtable(head, mask);
855 memcpy(&head->mask, mask, sizeof(head->mask));
856 head->mask_assigned = true;
858 fl_init_dissector(head, mask);
863 static int fl_set_parms(struct net *net, struct tcf_proto *tp,
864 struct cls_fl_filter *f, struct fl_flow_mask *mask,
865 unsigned long base, struct nlattr **tb,
866 struct nlattr *est, bool ovr)
870 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr);
874 if (tb[TCA_FLOWER_CLASSID]) {
875 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
876 tcf_bind_filter(tp, &f->res, base);
879 err = fl_set_key(net, tb, &f->key, &mask->key);
883 fl_mask_update_range(mask);
884 fl_set_masked_key(&f->mkey, &f->key, mask);
889 static int fl_change(struct net *net, struct sk_buff *in_skb,
890 struct tcf_proto *tp, unsigned long base,
891 u32 handle, struct nlattr **tca,
892 void **arg, bool ovr)
894 struct cls_fl_head *head = rtnl_dereference(tp->root);
895 struct cls_fl_filter *fold = *arg;
896 struct cls_fl_filter *fnew;
898 struct fl_flow_mask mask = {};
899 unsigned long idr_index;
902 if (!tca[TCA_OPTIONS])
905 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
909 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS],
914 if (fold && handle && fold->handle != handle) {
919 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
925 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0);
930 err = idr_alloc_ext(&head->handle_idr, fnew, &idr_index,
931 1, 0x80000000, GFP_KERNEL);
934 fnew->handle = idr_index;
937 /* user specifies a handle and it doesn't exist */
938 if (handle && !fold) {
939 err = idr_alloc_ext(&head->handle_idr, fnew, &idr_index,
940 handle, handle + 1, GFP_KERNEL);
943 fnew->handle = idr_index;
946 if (tb[TCA_FLOWER_FLAGS]) {
947 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
949 if (!tc_flags_valid(fnew->flags)) {
955 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr);
959 err = fl_check_assign_mask(head, &mask);
963 if (!tc_skip_sw(fnew->flags)) {
964 if (!fold && fl_lookup(head, &fnew->mkey)) {
969 err = rhashtable_insert_fast(&head->ht, &fnew->ht_node,
975 if (!tc_skip_hw(fnew->flags)) {
976 err = fl_hw_replace_filter(tp,
984 if (!tc_in_hw(fnew->flags))
985 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
988 if (!tc_skip_sw(fold->flags))
989 rhashtable_remove_fast(&head->ht, &fold->ht_node,
991 if (!tc_skip_hw(fold->flags))
992 fl_hw_destroy_filter(tp, fold);
998 fnew->handle = handle;
999 idr_replace_ext(&head->handle_idr, fnew, fnew->handle);
1000 list_replace_rcu(&fold->list, &fnew->list);
1001 tcf_unbind_filter(tp, &fold->res);
1002 tcf_exts_get_net(&fold->exts);
1003 call_rcu(&fold->rcu, fl_destroy_filter);
1005 list_add_tail_rcu(&fnew->list, &head->filters);
1013 idr_remove_ext(&head->handle_idr, fnew->handle);
1015 tcf_exts_destroy(&fnew->exts);
1022 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last)
1024 struct cls_fl_head *head = rtnl_dereference(tp->root);
1025 struct cls_fl_filter *f = arg;
1027 if (!tc_skip_sw(f->flags))
1028 rhashtable_remove_fast(&head->ht, &f->ht_node,
1031 *last = list_empty(&head->filters);
1035 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg)
1037 struct cls_fl_head *head = rtnl_dereference(tp->root);
1038 struct cls_fl_filter *f;
1040 list_for_each_entry_rcu(f, &head->filters, list) {
1041 if (arg->count < arg->skip)
1043 if (arg->fn(tp, f, arg) < 0) {
1052 static int fl_dump_key_val(struct sk_buff *skb,
1053 void *val, int val_type,
1054 void *mask, int mask_type, int len)
1058 if (!memchr_inv(mask, 0, len))
1060 err = nla_put(skb, val_type, len, val);
1063 if (mask_type != TCA_FLOWER_UNSPEC) {
1064 err = nla_put(skb, mask_type, len, mask);
1071 static int fl_dump_key_mpls(struct sk_buff *skb,
1072 struct flow_dissector_key_mpls *mpls_key,
1073 struct flow_dissector_key_mpls *mpls_mask)
1077 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
1079 if (mpls_mask->mpls_ttl) {
1080 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
1081 mpls_key->mpls_ttl);
1085 if (mpls_mask->mpls_tc) {
1086 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
1091 if (mpls_mask->mpls_label) {
1092 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
1093 mpls_key->mpls_label);
1097 if (mpls_mask->mpls_bos) {
1098 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
1099 mpls_key->mpls_bos);
1106 static int fl_dump_key_ip(struct sk_buff *skb,
1107 struct flow_dissector_key_ip *key,
1108 struct flow_dissector_key_ip *mask)
1110 if (fl_dump_key_val(skb, &key->tos, TCA_FLOWER_KEY_IP_TOS, &mask->tos,
1111 TCA_FLOWER_KEY_IP_TOS_MASK, sizeof(key->tos)) ||
1112 fl_dump_key_val(skb, &key->ttl, TCA_FLOWER_KEY_IP_TTL, &mask->ttl,
1113 TCA_FLOWER_KEY_IP_TTL_MASK, sizeof(key->ttl)))
1119 static int fl_dump_key_vlan(struct sk_buff *skb,
1120 struct flow_dissector_key_vlan *vlan_key,
1121 struct flow_dissector_key_vlan *vlan_mask)
1125 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
1127 if (vlan_mask->vlan_id) {
1128 err = nla_put_u16(skb, TCA_FLOWER_KEY_VLAN_ID,
1133 if (vlan_mask->vlan_priority) {
1134 err = nla_put_u8(skb, TCA_FLOWER_KEY_VLAN_PRIO,
1135 vlan_key->vlan_priority);
1142 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
1143 u32 *flower_key, u32 *flower_mask,
1144 u32 flower_flag_bit, u32 dissector_flag_bit)
1146 if (dissector_mask & dissector_flag_bit) {
1147 *flower_mask |= flower_flag_bit;
1148 if (dissector_key & dissector_flag_bit)
1149 *flower_key |= flower_flag_bit;
1153 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
1159 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
1165 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
1166 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
1168 _key = cpu_to_be32(key);
1169 _mask = cpu_to_be32(mask);
1171 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
1175 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
1178 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
1179 struct sk_buff *skb, struct tcmsg *t)
1181 struct cls_fl_head *head = rtnl_dereference(tp->root);
1182 struct cls_fl_filter *f = fh;
1183 struct nlattr *nest;
1184 struct fl_flow_key *key, *mask;
1189 t->tcm_handle = f->handle;
1191 nest = nla_nest_start(skb, TCA_OPTIONS);
1193 goto nla_put_failure;
1195 if (f->res.classid &&
1196 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
1197 goto nla_put_failure;
1200 mask = &head->mask.key;
1202 if (mask->indev_ifindex) {
1203 struct net_device *dev;
1205 dev = __dev_get_by_index(net, key->indev_ifindex);
1206 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
1207 goto nla_put_failure;
1210 if (!tc_skip_hw(f->flags))
1211 fl_hw_update_stats(tp, f);
1213 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1214 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1215 sizeof(key->eth.dst)) ||
1216 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1217 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1218 sizeof(key->eth.src)) ||
1219 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
1220 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
1221 sizeof(key->basic.n_proto)))
1222 goto nla_put_failure;
1224 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
1225 goto nla_put_failure;
1227 if (fl_dump_key_vlan(skb, &key->vlan, &mask->vlan))
1228 goto nla_put_failure;
1230 if ((key->basic.n_proto == htons(ETH_P_IP) ||
1231 key->basic.n_proto == htons(ETH_P_IPV6)) &&
1232 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1233 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1234 sizeof(key->basic.ip_proto)) ||
1235 fl_dump_key_ip(skb, &key->ip, &mask->ip)))
1236 goto nla_put_failure;
1238 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1239 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1240 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1241 sizeof(key->ipv4.src)) ||
1242 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1243 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1244 sizeof(key->ipv4.dst))))
1245 goto nla_put_failure;
1246 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1247 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1248 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1249 sizeof(key->ipv6.src)) ||
1250 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1251 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1252 sizeof(key->ipv6.dst))))
1253 goto nla_put_failure;
1255 if (key->basic.ip_proto == IPPROTO_TCP &&
1256 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1257 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1258 sizeof(key->tp.src)) ||
1259 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1260 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1261 sizeof(key->tp.dst)) ||
1262 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1263 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1264 sizeof(key->tcp.flags))))
1265 goto nla_put_failure;
1266 else if (key->basic.ip_proto == IPPROTO_UDP &&
1267 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1268 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1269 sizeof(key->tp.src)) ||
1270 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1271 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1272 sizeof(key->tp.dst))))
1273 goto nla_put_failure;
1274 else if (key->basic.ip_proto == IPPROTO_SCTP &&
1275 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1276 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1277 sizeof(key->tp.src)) ||
1278 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1279 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1280 sizeof(key->tp.dst))))
1281 goto nla_put_failure;
1282 else if (key->basic.n_proto == htons(ETH_P_IP) &&
1283 key->basic.ip_proto == IPPROTO_ICMP &&
1284 (fl_dump_key_val(skb, &key->icmp.type,
1285 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
1286 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1287 sizeof(key->icmp.type)) ||
1288 fl_dump_key_val(skb, &key->icmp.code,
1289 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
1290 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1291 sizeof(key->icmp.code))))
1292 goto nla_put_failure;
1293 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1294 key->basic.ip_proto == IPPROTO_ICMPV6 &&
1295 (fl_dump_key_val(skb, &key->icmp.type,
1296 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
1297 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1298 sizeof(key->icmp.type)) ||
1299 fl_dump_key_val(skb, &key->icmp.code,
1300 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
1301 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1302 sizeof(key->icmp.code))))
1303 goto nla_put_failure;
1304 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
1305 key->basic.n_proto == htons(ETH_P_RARP)) &&
1306 (fl_dump_key_val(skb, &key->arp.sip,
1307 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
1308 TCA_FLOWER_KEY_ARP_SIP_MASK,
1309 sizeof(key->arp.sip)) ||
1310 fl_dump_key_val(skb, &key->arp.tip,
1311 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
1312 TCA_FLOWER_KEY_ARP_TIP_MASK,
1313 sizeof(key->arp.tip)) ||
1314 fl_dump_key_val(skb, &key->arp.op,
1315 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
1316 TCA_FLOWER_KEY_ARP_OP_MASK,
1317 sizeof(key->arp.op)) ||
1318 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1319 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1320 sizeof(key->arp.sha)) ||
1321 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1322 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1323 sizeof(key->arp.tha))))
1324 goto nla_put_failure;
1326 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
1327 (fl_dump_key_val(skb, &key->enc_ipv4.src,
1328 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
1329 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1330 sizeof(key->enc_ipv4.src)) ||
1331 fl_dump_key_val(skb, &key->enc_ipv4.dst,
1332 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
1333 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1334 sizeof(key->enc_ipv4.dst))))
1335 goto nla_put_failure;
1336 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
1337 (fl_dump_key_val(skb, &key->enc_ipv6.src,
1338 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
1339 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1340 sizeof(key->enc_ipv6.src)) ||
1341 fl_dump_key_val(skb, &key->enc_ipv6.dst,
1342 TCA_FLOWER_KEY_ENC_IPV6_DST,
1343 &mask->enc_ipv6.dst,
1344 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1345 sizeof(key->enc_ipv6.dst))))
1346 goto nla_put_failure;
1348 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
1349 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
1350 sizeof(key->enc_key_id)) ||
1351 fl_dump_key_val(skb, &key->enc_tp.src,
1352 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1354 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1355 sizeof(key->enc_tp.src)) ||
1356 fl_dump_key_val(skb, &key->enc_tp.dst,
1357 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1359 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1360 sizeof(key->enc_tp.dst)))
1361 goto nla_put_failure;
1363 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
1364 goto nla_put_failure;
1366 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
1367 goto nla_put_failure;
1369 if (tcf_exts_dump(skb, &f->exts))
1370 goto nla_put_failure;
1372 nla_nest_end(skb, nest);
1374 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
1375 goto nla_put_failure;
1380 nla_nest_cancel(skb, nest);
1384 static void fl_bind_class(void *fh, u32 classid, unsigned long cl)
1386 struct cls_fl_filter *f = fh;
1388 if (f && f->res.classid == classid)
1392 static struct tcf_proto_ops cls_fl_ops __read_mostly = {
1394 .classify = fl_classify,
1396 .destroy = fl_destroy,
1398 .change = fl_change,
1399 .delete = fl_delete,
1402 .bind_class = fl_bind_class,
1403 .owner = THIS_MODULE,
1406 static int __init cls_fl_init(void)
1408 return register_tcf_proto_ops(&cls_fl_ops);
1411 static void __exit cls_fl_exit(void)
1413 unregister_tcf_proto_ops(&cls_fl_ops);
1416 module_init(cls_fl_init);
1417 module_exit(cls_fl_exit);
1419 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
1420 MODULE_DESCRIPTION("Flower classifier");
1421 MODULE_LICENSE("GPL v2");
projects / releases.git / blob