fib_rules.h 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. #ifndef __NET_FIB_RULES_H
  3. #define __NET_FIB_RULES_H
  4. #include <linux/types.h>
  5. #include <linux/slab.h>
  6. #include <linux/netdevice.h>
  7. #include <linux/fib_rules.h>
  8. #include <linux/refcount.h>
  9. #include <net/flow.h>
  10. #include <net/rtnetlink.h>
  11. #include <net/fib_notifier.h>
  12. #include <linux/indirect_call_wrapper.h>
  13. struct fib_kuid_range {
  14. kuid_t start;
  15. kuid_t end;
  16. };
  17. struct fib_rule {
  18. struct list_head list;
  19. int iifindex;
  20. int oifindex;
  21. u32 mark;
  22. u32 mark_mask;
  23. u32 flags;
  24. u32 table;
  25. u8 action;
  26. u8 l3mdev;
  27. u8 proto;
  28. u8 ip_proto;
  29. u32 target;
  30. __be64 tun_id;
  31. struct fib_rule __rcu *ctarget;
  32. struct net *fr_net;
  33. refcount_t refcnt;
  34. u32 pref;
  35. int suppress_ifgroup;
  36. int suppress_prefixlen;
  37. char iifname[IFNAMSIZ];
  38. char oifname[IFNAMSIZ];
  39. struct fib_kuid_range uid_range;
  40. struct fib_rule_port_range sport_range;
  41. struct fib_rule_port_range dport_range;
  42. u16 sport_mask;
  43. u16 dport_mask;
  44. u8 iif_is_l3_master;
  45. u8 oif_is_l3_master;
  46. struct rcu_head rcu;
  47. };
  48. struct fib_lookup_arg {
  49. void *lookup_ptr;
  50. const void *lookup_data;
  51. void *result;
  52. struct fib_rule *rule;
  53. u32 table;
  54. int flags;
  55. #define FIB_LOOKUP_NOREF 1
  56. #define FIB_LOOKUP_IGNORE_LINKSTATE 2
  57. };
  58. struct fib_rules_ops {
  59. int family;
  60. struct list_head list;
  61. int rule_size;
  62. int addr_size;
  63. int unresolved_rules;
  64. int nr_goto_rules;
  65. unsigned int fib_rules_seq;
  66. int (*action)(struct fib_rule *,
  67. struct flowi *, int,
  68. struct fib_lookup_arg *);
  69. bool (*suppress)(struct fib_rule *, int,
  70. struct fib_lookup_arg *);
  71. int (*match)(struct fib_rule *,
  72. struct flowi *, int);
  73. int (*configure)(struct fib_rule *,
  74. struct sk_buff *,
  75. struct fib_rule_hdr *,
  76. struct nlattr **,
  77. struct netlink_ext_ack *);
  78. int (*delete)(struct fib_rule *);
  79. int (*compare)(struct fib_rule *,
  80. struct fib_rule_hdr *,
  81. struct nlattr **);
  82. int (*fill)(struct fib_rule *, struct sk_buff *,
  83. struct fib_rule_hdr *);
  84. size_t (*nlmsg_payload)(struct fib_rule *);
  85. /* Called after modifications to the rules set, must flush
  86. * the route cache if one exists. */
  87. void (*flush_cache)(struct fib_rules_ops *ops);
  88. int nlgroup;
  89. struct list_head rules_list;
  90. struct module *owner;
  91. struct net *fro_net;
  92. struct rcu_head rcu;
  93. };
  94. struct fib_rule_notifier_info {
  95. struct fib_notifier_info info; /* must be first */
  96. struct fib_rule *rule;
  97. };
  98. static inline void fib_rule_get(struct fib_rule *rule)
  99. {
  100. refcount_inc(&rule->refcnt);
  101. }
  102. static inline void fib_rule_put(struct fib_rule *rule)
  103. {
  104. if (refcount_dec_and_test(&rule->refcnt))
  105. kfree_rcu(rule, rcu);
  106. }
  107. #ifdef CONFIG_NET_L3_MASTER_DEV
  108. static inline u32 fib_rule_get_table(struct fib_rule *rule,
  109. struct fib_lookup_arg *arg)
  110. {
  111. return rule->l3mdev ? arg->table : rule->table;
  112. }
  113. #else
  114. static inline u32 fib_rule_get_table(struct fib_rule *rule,
  115. struct fib_lookup_arg *arg)
  116. {
  117. return rule->table;
  118. }
  119. #endif
  120. static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
  121. {
  122. if (nla[FRA_TABLE])
  123. return nla_get_u32(nla[FRA_TABLE]);
  124. return frh->table;
  125. }
  126. static inline bool fib_rule_port_range_set(const struct fib_rule_port_range *range)
  127. {
  128. return range->start != 0 && range->end != 0;
  129. }
  130. static inline bool fib_rule_port_inrange(const struct fib_rule_port_range *a,
  131. __be16 port)
  132. {
  133. return ntohs(port) >= a->start &&
  134. ntohs(port) <= a->end;
  135. }
  136. static inline bool fib_rule_port_match(const struct fib_rule_port_range *range,
  137. u16 port_mask, __be16 port)
  138. {
  139. if ((range->start ^ ntohs(port)) & port_mask)
  140. return false;
  141. if (!port_mask && fib_rule_port_range_set(range) &&
  142. !fib_rule_port_inrange(range, port))
  143. return false;
  144. return true;
  145. }
  146. static inline bool fib_rule_port_range_valid(const struct fib_rule_port_range *a)
  147. {
  148. return a->start != 0 && a->end != 0 && a->end < 0xffff &&
  149. a->start <= a->end;
  150. }
  151. static inline bool fib_rule_port_range_compare(struct fib_rule_port_range *a,
  152. struct fib_rule_port_range *b)
  153. {
  154. return a->start == b->start &&
  155. a->end == b->end;
  156. }
  157. static inline bool
  158. fib_rule_port_is_range(const struct fib_rule_port_range *range)
  159. {
  160. return range->start != range->end;
  161. }
  162. static inline bool fib_rule_requires_fldissect(struct fib_rule *rule)
  163. {
  164. return rule->iifindex != LOOPBACK_IFINDEX && (rule->ip_proto ||
  165. fib_rule_port_range_set(&rule->sport_range) ||
  166. fib_rule_port_range_set(&rule->dport_range));
  167. }
  168. struct fib_rules_ops *fib_rules_register(const struct fib_rules_ops *,
  169. struct net *);
  170. void fib_rules_unregister(struct fib_rules_ops *);
  171. int fib_rules_lookup(struct fib_rules_ops *, struct flowi *, int flags,
  172. struct fib_lookup_arg *);
  173. int fib_default_rule_add(struct fib_rules_ops *, u32 pref, u32 table);
  174. bool fib_rule_matchall(const struct fib_rule *rule);
  175. int fib_rules_dump(struct net *net, struct notifier_block *nb, int family,
  176. struct netlink_ext_ack *extack);
  177. unsigned int fib_rules_seq_read(const struct net *net, int family);
  178. int fib_newrule(struct net *net, struct sk_buff *skb, struct nlmsghdr *nlh,
  179. struct netlink_ext_ack *extack, bool rtnl_held);
  180. int fib_delrule(struct net *net, struct sk_buff *skb, struct nlmsghdr *nlh,
  181. struct netlink_ext_ack *extack, bool rtnl_held);
  182. INDIRECT_CALLABLE_DECLARE(int fib6_rule_match(struct fib_rule *rule,
  183. struct flowi *fl, int flags));
  184. INDIRECT_CALLABLE_DECLARE(int fib4_rule_match(struct fib_rule *rule,
  185. struct flowi *fl, int flags));
  186. INDIRECT_CALLABLE_DECLARE(int fib6_rule_action(struct fib_rule *rule,
  187. struct flowi *flp, int flags,
  188. struct fib_lookup_arg *arg));
  189. INDIRECT_CALLABLE_DECLARE(int fib4_rule_action(struct fib_rule *rule,
  190. struct flowi *flp, int flags,
  191. struct fib_lookup_arg *arg));
  192. INDIRECT_CALLABLE_DECLARE(bool fib6_rule_suppress(struct fib_rule *rule,
  193. int flags,
  194. struct fib_lookup_arg *arg));
  195. INDIRECT_CALLABLE_DECLARE(bool fib4_rule_suppress(struct fib_rule *rule,
  196. int flags,
  197. struct fib_lookup_arg *arg));
  198. #endif