cls_fw.c 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * net/sched/cls_fw.c Classifier mapping ipchains' fwmark to traffic class.
  4. *
  5. * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
  6. *
  7. * Changes:
  8. * Karlis Peisenieks <karlis@mt.lv> : 990415 : fw_walk off by one
  9. * Karlis Peisenieks <karlis@mt.lv> : 990415 : fw_delete killed all the filter (and kernel).
  10. * Alex <alex@pilotsoft.com> : 2004xxyy: Added Action extension
  11. */
  12. #include <linux/module.h>
  13. #include <linux/slab.h>
  14. #include <linux/types.h>
  15. #include <linux/kernel.h>
  16. #include <linux/string.h>
  17. #include <linux/errno.h>
  18. #include <linux/skbuff.h>
  19. #include <net/netlink.h>
  20. #include <net/act_api.h>
  21. #include <net/pkt_cls.h>
  22. #include <net/sch_generic.h>
  23. #include <net/tc_wrapper.h>
  24. #define HTSIZE 256
  25. struct fw_head {
  26. u32 mask;
  27. struct fw_filter __rcu *ht[HTSIZE];
  28. struct rcu_head rcu;
  29. };
  30. struct fw_filter {
  31. struct fw_filter __rcu *next;
  32. u32 id;
  33. struct tcf_result res;
  34. int ifindex;
  35. struct tcf_exts exts;
  36. struct tcf_proto *tp;
  37. struct rcu_work rwork;
  38. };
  39. static u32 fw_hash(u32 handle)
  40. {
  41. handle ^= (handle >> 16);
  42. handle ^= (handle >> 8);
  43. return handle % HTSIZE;
  44. }
  45. TC_INDIRECT_SCOPE int fw_classify(struct sk_buff *skb,
  46. const struct tcf_proto *tp,
  47. struct tcf_result *res)
  48. {
  49. struct fw_head *head = rcu_dereference_bh(tp->root);
  50. struct fw_filter *f;
  51. int r;
  52. u32 id = skb->mark;
  53. if (head != NULL) {
  54. id &= head->mask;
  55. for (f = rcu_dereference_bh(head->ht[fw_hash(id)]); f;
  56. f = rcu_dereference_bh(f->next)) {
  57. if (f->id == id) {
  58. *res = f->res;
  59. if (!tcf_match_indev(skb, f->ifindex))
  60. continue;
  61. r = tcf_exts_exec(skb, &f->exts, res);
  62. if (r < 0)
  63. continue;
  64. return r;
  65. }
  66. }
  67. } else {
  68. struct Qdisc *q = tcf_block_q(tp->chain->block);
  69. /* Old method: classify the packet using its skb mark. */
  70. if (id && (TC_H_MAJ(id) == 0 ||
  71. !(TC_H_MAJ(id ^ q->handle)))) {
  72. res->classid = id;
  73. res->class = 0;
  74. return 0;
  75. }
  76. }
  77. return -1;
  78. }
  79. static void *fw_get(struct tcf_proto *tp, u32 handle)
  80. {
  81. struct fw_head *head = rtnl_dereference(tp->root);
  82. struct fw_filter *f;
  83. if (head == NULL)
  84. return NULL;
  85. f = rtnl_dereference(head->ht[fw_hash(handle)]);
  86. for (; f; f = rtnl_dereference(f->next)) {
  87. if (f->id == handle)
  88. return f;
  89. }
  90. return NULL;
  91. }
  92. static int fw_init(struct tcf_proto *tp)
  93. {
  94. /* We don't allocate fw_head here, because in the old method
  95. * we don't need it at all.
  96. */
  97. return 0;
  98. }
  99. static void __fw_delete_filter(struct fw_filter *f)
  100. {
  101. tcf_exts_destroy(&f->exts);
  102. tcf_exts_put_net(&f->exts);
  103. kfree(f);
  104. }
  105. static void fw_delete_filter_work(struct work_struct *work)
  106. {
  107. struct fw_filter *f = container_of(to_rcu_work(work),
  108. struct fw_filter,
  109. rwork);
  110. rtnl_lock();
  111. __fw_delete_filter(f);
  112. rtnl_unlock();
  113. }
  114. static void fw_destroy(struct tcf_proto *tp, bool rtnl_held,
  115. struct netlink_ext_ack *extack)
  116. {
  117. struct fw_head *head = rtnl_dereference(tp->root);
  118. struct fw_filter *f;
  119. int h;
  120. if (head == NULL)
  121. return;
  122. for (h = 0; h < HTSIZE; h++) {
  123. while ((f = rtnl_dereference(head->ht[h])) != NULL) {
  124. RCU_INIT_POINTER(head->ht[h],
  125. rtnl_dereference(f->next));
  126. tcf_unbind_filter(tp, &f->res);
  127. if (tcf_exts_get_net(&f->exts))
  128. tcf_queue_work(&f->rwork, fw_delete_filter_work);
  129. else
  130. __fw_delete_filter(f);
  131. }
  132. }
  133. kfree_rcu(head, rcu);
  134. }
  135. static int fw_delete(struct tcf_proto *tp, void *arg, bool *last,
  136. bool rtnl_held, struct netlink_ext_ack *extack)
  137. {
  138. struct fw_head *head = rtnl_dereference(tp->root);
  139. struct fw_filter *f = arg;
  140. struct fw_filter __rcu **fp;
  141. struct fw_filter *pfp;
  142. int ret = -EINVAL;
  143. int h;
  144. if (head == NULL || f == NULL)
  145. goto out;
  146. fp = &head->ht[fw_hash(f->id)];
  147. for (pfp = rtnl_dereference(*fp); pfp;
  148. fp = &pfp->next, pfp = rtnl_dereference(*fp)) {
  149. if (pfp == f) {
  150. RCU_INIT_POINTER(*fp, rtnl_dereference(f->next));
  151. tcf_unbind_filter(tp, &f->res);
  152. tcf_exts_get_net(&f->exts);
  153. tcf_queue_work(&f->rwork, fw_delete_filter_work);
  154. ret = 0;
  155. break;
  156. }
  157. }
  158. *last = true;
  159. for (h = 0; h < HTSIZE; h++) {
  160. if (rcu_access_pointer(head->ht[h])) {
  161. *last = false;
  162. break;
  163. }
  164. }
  165. out:
  166. return ret;
  167. }
  168. static const struct nla_policy fw_policy[TCA_FW_MAX + 1] = {
  169. [TCA_FW_CLASSID] = { .type = NLA_U32 },
  170. [TCA_FW_INDEV] = { .type = NLA_STRING, .len = IFNAMSIZ },
  171. [TCA_FW_MASK] = { .type = NLA_U32 },
  172. };
  173. static int fw_set_parms(struct net *net, struct tcf_proto *tp,
  174. struct fw_filter *f, struct nlattr **tb,
  175. struct nlattr **tca, unsigned long base, u32 flags,
  176. struct netlink_ext_ack *extack)
  177. {
  178. struct fw_head *head = rtnl_dereference(tp->root);
  179. u32 mask;
  180. int err;
  181. err = tcf_exts_validate(net, tp, tb, tca[TCA_RATE], &f->exts, flags,
  182. extack);
  183. if (err < 0)
  184. return err;
  185. if (tb[TCA_FW_INDEV]) {
  186. int ret;
  187. ret = tcf_change_indev(net, tb[TCA_FW_INDEV], extack);
  188. if (ret < 0)
  189. return ret;
  190. f->ifindex = ret;
  191. }
  192. err = -EINVAL;
  193. if (tb[TCA_FW_MASK]) {
  194. mask = nla_get_u32(tb[TCA_FW_MASK]);
  195. if (mask != head->mask)
  196. return err;
  197. } else if (head->mask != 0xFFFFFFFF)
  198. return err;
  199. if (tb[TCA_FW_CLASSID]) {
  200. f->res.classid = nla_get_u32(tb[TCA_FW_CLASSID]);
  201. tcf_bind_filter(tp, &f->res, base);
  202. }
  203. return 0;
  204. }
  205. static int fw_change(struct net *net, struct sk_buff *in_skb,
  206. struct tcf_proto *tp, unsigned long base,
  207. u32 handle, struct nlattr **tca, void **arg,
  208. u32 flags, struct netlink_ext_ack *extack)
  209. {
  210. struct fw_head *head = rtnl_dereference(tp->root);
  211. struct fw_filter *f = *arg;
  212. struct nlattr *opt = tca[TCA_OPTIONS];
  213. struct nlattr *tb[TCA_FW_MAX + 1];
  214. int err;
  215. if (!opt) {
  216. if (handle)
  217. return -EINVAL;
  218. if (tcf_block_shared(tp->chain->block)) {
  219. NL_SET_ERR_MSG(extack,
  220. "Must specify mark when attaching fw filter to block");
  221. return -EINVAL;
  222. }
  223. return 0; /* Succeed if it is old method. */
  224. }
  225. err = nla_parse_nested_deprecated(tb, TCA_FW_MAX, opt, fw_policy,
  226. NULL);
  227. if (err < 0)
  228. return err;
  229. if (f) {
  230. struct fw_filter *pfp, *fnew;
  231. struct fw_filter __rcu **fp;
  232. if (f->id != handle && handle)
  233. return -EINVAL;
  234. fnew = kzalloc_obj(struct fw_filter);
  235. if (!fnew)
  236. return -ENOBUFS;
  237. fnew->id = f->id;
  238. fnew->ifindex = f->ifindex;
  239. fnew->tp = f->tp;
  240. err = tcf_exts_init(&fnew->exts, net, TCA_FW_ACT,
  241. TCA_FW_POLICE);
  242. if (err < 0) {
  243. kfree(fnew);
  244. return err;
  245. }
  246. err = fw_set_parms(net, tp, fnew, tb, tca, base, flags, extack);
  247. if (err < 0) {
  248. tcf_exts_destroy(&fnew->exts);
  249. kfree(fnew);
  250. return err;
  251. }
  252. fp = &head->ht[fw_hash(fnew->id)];
  253. for (pfp = rtnl_dereference(*fp); pfp;
  254. fp = &pfp->next, pfp = rtnl_dereference(*fp))
  255. if (pfp == f)
  256. break;
  257. RCU_INIT_POINTER(fnew->next, rtnl_dereference(pfp->next));
  258. rcu_assign_pointer(*fp, fnew);
  259. tcf_unbind_filter(tp, &f->res);
  260. tcf_exts_get_net(&f->exts);
  261. tcf_queue_work(&f->rwork, fw_delete_filter_work);
  262. *arg = fnew;
  263. return err;
  264. }
  265. if (!handle)
  266. return -EINVAL;
  267. if (!head) {
  268. u32 mask = 0xFFFFFFFF;
  269. if (tb[TCA_FW_MASK])
  270. mask = nla_get_u32(tb[TCA_FW_MASK]);
  271. head = kzalloc_obj(*head);
  272. if (!head)
  273. return -ENOBUFS;
  274. head->mask = mask;
  275. rcu_assign_pointer(tp->root, head);
  276. }
  277. f = kzalloc_obj(struct fw_filter);
  278. if (f == NULL)
  279. return -ENOBUFS;
  280. err = tcf_exts_init(&f->exts, net, TCA_FW_ACT, TCA_FW_POLICE);
  281. if (err < 0)
  282. goto errout;
  283. f->id = handle;
  284. f->tp = tp;
  285. err = fw_set_parms(net, tp, f, tb, tca, base, flags, extack);
  286. if (err < 0)
  287. goto errout;
  288. RCU_INIT_POINTER(f->next, head->ht[fw_hash(handle)]);
  289. rcu_assign_pointer(head->ht[fw_hash(handle)], f);
  290. *arg = f;
  291. return 0;
  292. errout:
  293. tcf_exts_destroy(&f->exts);
  294. kfree(f);
  295. return err;
  296. }
  297. static void fw_walk(struct tcf_proto *tp, struct tcf_walker *arg,
  298. bool rtnl_held)
  299. {
  300. struct fw_head *head = rtnl_dereference(tp->root);
  301. int h;
  302. if (head == NULL)
  303. arg->stop = 1;
  304. if (arg->stop)
  305. return;
  306. for (h = 0; h < HTSIZE; h++) {
  307. struct fw_filter *f;
  308. for (f = rtnl_dereference(head->ht[h]); f;
  309. f = rtnl_dereference(f->next)) {
  310. if (!tc_cls_stats_dump(tp, arg, f))
  311. return;
  312. }
  313. }
  314. }
  315. static int fw_dump(struct net *net, struct tcf_proto *tp, void *fh,
  316. struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
  317. {
  318. struct fw_head *head = rtnl_dereference(tp->root);
  319. struct fw_filter *f = fh;
  320. struct nlattr *nest;
  321. if (f == NULL)
  322. return skb->len;
  323. t->tcm_handle = f->id;
  324. if (!f->res.classid && !tcf_exts_has_actions(&f->exts))
  325. return skb->len;
  326. nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
  327. if (nest == NULL)
  328. goto nla_put_failure;
  329. if (f->res.classid &&
  330. nla_put_u32(skb, TCA_FW_CLASSID, f->res.classid))
  331. goto nla_put_failure;
  332. if (f->ifindex) {
  333. struct net_device *dev;
  334. dev = __dev_get_by_index(net, f->ifindex);
  335. if (dev && nla_put_string(skb, TCA_FW_INDEV, dev->name))
  336. goto nla_put_failure;
  337. }
  338. if (head->mask != 0xFFFFFFFF &&
  339. nla_put_u32(skb, TCA_FW_MASK, head->mask))
  340. goto nla_put_failure;
  341. if (tcf_exts_dump(skb, &f->exts) < 0)
  342. goto nla_put_failure;
  343. nla_nest_end(skb, nest);
  344. if (tcf_exts_dump_stats(skb, &f->exts) < 0)
  345. goto nla_put_failure;
  346. return skb->len;
  347. nla_put_failure:
  348. nla_nest_cancel(skb, nest);
  349. return -1;
  350. }
  351. static void fw_bind_class(void *fh, u32 classid, unsigned long cl, void *q,
  352. unsigned long base)
  353. {
  354. struct fw_filter *f = fh;
  355. tc_cls_bind_class(classid, cl, q, &f->res, base);
  356. }
  357. static struct tcf_proto_ops cls_fw_ops __read_mostly = {
  358. .kind = "fw",
  359. .classify = fw_classify,
  360. .init = fw_init,
  361. .destroy = fw_destroy,
  362. .get = fw_get,
  363. .change = fw_change,
  364. .delete = fw_delete,
  365. .walk = fw_walk,
  366. .dump = fw_dump,
  367. .bind_class = fw_bind_class,
  368. .owner = THIS_MODULE,
  369. };
  370. MODULE_ALIAS_NET_CLS("fw");
  371. static int __init init_fw(void)
  372. {
  373. return register_tcf_proto_ops(&cls_fw_ops);
  374. }
  375. static void __exit exit_fw(void)
  376. {
  377. unregister_tcf_proto_ops(&cls_fw_ops);
  378. }
  379. module_init(init_fw)
  380. module_exit(exit_fw)
  381. MODULE_DESCRIPTION("SKB mark based TC classifier");
  382. MODULE_LICENSE("GPL");