1
2
3
4
5
6
7
8
9
10
11
12
13#include <linux/module.h>
14#include <linux/types.h>
15#include <linux/kernel.h>
16#include <linux/string.h>
17#include <linux/errno.h>
18#include <linux/skbuff.h>
19#include <linux/rtnetlink.h>
20#include <linux/init.h>
21#include <linux/slab.h>
22#include <net/act_api.h>
23#include <net/netlink.h>
24
25struct tcf_police {
26 struct tc_action common;
27 int tcfp_result;
28 u32 tcfp_ewma_rate;
29 s64 tcfp_burst;
30 u32 tcfp_mtu;
31 s64 tcfp_toks;
32 s64 tcfp_ptoks;
33 s64 tcfp_mtu_ptoks;
34 s64 tcfp_t_c;
35 struct psched_ratecfg rate;
36 bool rate_present;
37 struct psched_ratecfg peak;
38 bool peak_present;
39};
40
41#define to_police(pc) ((struct tcf_police *)pc)
42
43
44struct tc_police_compat {
45 u32 index;
46 int action;
47 u32 limit;
48 u32 burst;
49 u32 mtu;
50 struct tc_ratespec rate;
51 struct tc_ratespec peakrate;
52};
53
54
55
56static int police_net_id;
57static struct tc_action_ops act_police_ops;
58
59static int tcf_act_police_walker(struct net *net, struct sk_buff *skb,
60 struct netlink_callback *cb, int type,
61 const struct tc_action_ops *ops)
62{
63 struct tc_action_net *tn = net_generic(net, police_net_id);
64
65 return tcf_generic_walker(tn, skb, cb, type, ops);
66}
67
68static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = {
69 [TCA_POLICE_RATE] = { .len = TC_RTAB_SIZE },
70 [TCA_POLICE_PEAKRATE] = { .len = TC_RTAB_SIZE },
71 [TCA_POLICE_AVRATE] = { .type = NLA_U32 },
72 [TCA_POLICE_RESULT] = { .type = NLA_U32 },
73};
74
75static int tcf_act_police_init(struct net *net, struct nlattr *nla,
76 struct nlattr *est, struct tc_action **a,
77 int ovr, int bind)
78{
79 int ret = 0, tcfp_result = TC_ACT_OK, err, size;
80 struct nlattr *tb[TCA_POLICE_MAX + 1];
81 struct tc_police *parm;
82 struct tcf_police *police;
83 struct qdisc_rate_table *R_tab = NULL, *P_tab = NULL;
84 struct tc_action_net *tn = net_generic(net, police_net_id);
85 bool exists = false;
86
87 if (nla == NULL)
88 return -EINVAL;
89
90 err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, police_policy);
91 if (err < 0)
92 return err;
93
94 if (tb[TCA_POLICE_TBF] == NULL)
95 return -EINVAL;
96 size = nla_len(tb[TCA_POLICE_TBF]);
97 if (size != sizeof(*parm) && size != sizeof(struct tc_police_compat))
98 return -EINVAL;
99
100 parm = nla_data(tb[TCA_POLICE_TBF]);
101 exists = tcf_idr_check(tn, parm->index, a, bind);
102 if (exists && bind)
103 return 0;
104
105 if (!exists) {
106 ret = tcf_idr_create(tn, parm->index, NULL, a,
107 &act_police_ops, bind, false);
108 if (ret)
109 return ret;
110 ret = ACT_P_CREATED;
111 } else if (!ovr) {
112 tcf_idr_release(*a, bind);
113 return -EEXIST;
114 }
115
116 police = to_police(*a);
117 if (parm->rate.rate) {
118 err = -ENOMEM;
119 R_tab = qdisc_get_rtab(&parm->rate, tb[TCA_POLICE_RATE]);
120 if (R_tab == NULL)
121 goto failure;
122
123 if (parm->peakrate.rate) {
124 P_tab = qdisc_get_rtab(&parm->peakrate,
125 tb[TCA_POLICE_PEAKRATE]);
126 if (P_tab == NULL)
127 goto failure;
128 }
129 }
130
131 if (est) {
132 err = gen_replace_estimator(&police->tcf_bstats, NULL,
133 &police->tcf_rate_est,
134 &police->tcf_lock,
135 NULL, est);
136 if (err)
137 goto failure;
138 } else if (tb[TCA_POLICE_AVRATE] &&
139 (ret == ACT_P_CREATED ||
140 !gen_estimator_active(&police->tcf_rate_est))) {
141 err = -EINVAL;
142 goto failure;
143 }
144
145 if (tb[TCA_POLICE_RESULT]) {
146 tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
147 if (TC_ACT_EXT_CMP(tcfp_result, TC_ACT_GOTO_CHAIN)) {
148 NL_SET_ERR_MSG(extack,
149 "goto chain not allowed on fallback");
150 err = -EINVAL;
151 goto failure;
152 }
153 }
154
155 spin_lock_bh(&police->tcf_lock);
156
157 police->tcfp_mtu = parm->mtu;
158 if (police->tcfp_mtu == 0) {
159 police->tcfp_mtu = ~0;
160 if (R_tab)
161 police->tcfp_mtu = 255 << R_tab->rate.cell_log;
162 }
163 if (R_tab) {
164 police->rate_present = true;
165 psched_ratecfg_precompute(&police->rate, &R_tab->rate, 0);
166 qdisc_put_rtab(R_tab);
167 } else {
168 police->rate_present = false;
169 }
170 if (P_tab) {
171 police->peak_present = true;
172 psched_ratecfg_precompute(&police->peak, &P_tab->rate, 0);
173 qdisc_put_rtab(P_tab);
174 } else {
175 police->peak_present = false;
176 }
177
178 police->tcfp_burst = PSCHED_TICKS2NS(parm->burst);
179 police->tcfp_toks = police->tcfp_burst;
180 if (police->peak_present) {
181 police->tcfp_mtu_ptoks = (s64) psched_l2t_ns(&police->peak,
182 police->tcfp_mtu);
183 police->tcfp_ptoks = police->tcfp_mtu_ptoks;
184 }
185 police->tcf_action = parm->action;
186
187 if (tb[TCA_POLICE_AVRATE])
188 police->tcfp_ewma_rate = nla_get_u32(tb[TCA_POLICE_AVRATE]);
189
190 spin_unlock_bh(&police->tcf_lock);
191 if (ret != ACT_P_CREATED)
192 return ret;
193
194 police->tcfp_t_c = ktime_get_ns();
195 tcf_idr_insert(tn, *a);
196
197 return ret;
198
199failure:
200 qdisc_put_rtab(P_tab);
201 qdisc_put_rtab(R_tab);
202 tcf_idr_release(*a, bind);
203 return err;
204}
205
206static int tcf_act_police(struct sk_buff *skb, const struct tc_action *a,
207 struct tcf_result *res)
208{
209 struct tcf_police *police = to_police(a);
210 s64 now;
211 s64 toks;
212 s64 ptoks = 0;
213
214 spin_lock(&police->tcf_lock);
215
216 bstats_update(&police->tcf_bstats, skb);
217 tcf_lastuse_update(&police->tcf_tm);
218
219 if (police->tcfp_ewma_rate) {
220 struct gnet_stats_rate_est64 sample;
221
222 if (!gen_estimator_read(&police->tcf_rate_est, &sample) ||
223 sample.bps >= police->tcfp_ewma_rate) {
224 police->tcf_qstats.overlimits++;
225 if (police->tcf_action == TC_ACT_SHOT)
226 police->tcf_qstats.drops++;
227 spin_unlock(&police->tcf_lock);
228 return police->tcf_action;
229 }
230 }
231
232 if (qdisc_pkt_len(skb) <= police->tcfp_mtu) {
233 if (!police->rate_present) {
234 spin_unlock(&police->tcf_lock);
235 return police->tcfp_result;
236 }
237
238 now = ktime_get_ns();
239 toks = min_t(s64, now - police->tcfp_t_c,
240 police->tcfp_burst);
241 if (police->peak_present) {
242 ptoks = toks + police->tcfp_ptoks;
243 if (ptoks > police->tcfp_mtu_ptoks)
244 ptoks = police->tcfp_mtu_ptoks;
245 ptoks -= (s64) psched_l2t_ns(&police->peak,
246 qdisc_pkt_len(skb));
247 }
248 toks += police->tcfp_toks;
249 if (toks > police->tcfp_burst)
250 toks = police->tcfp_burst;
251 toks -= (s64) psched_l2t_ns(&police->rate, qdisc_pkt_len(skb));
252 if ((toks|ptoks) >= 0) {
253 police->tcfp_t_c = now;
254 police->tcfp_toks = toks;
255 police->tcfp_ptoks = ptoks;
256 if (police->tcfp_result == TC_ACT_SHOT)
257 police->tcf_qstats.drops++;
258 spin_unlock(&police->tcf_lock);
259 return police->tcfp_result;
260 }
261 }
262
263 police->tcf_qstats.overlimits++;
264 if (police->tcf_action == TC_ACT_SHOT)
265 police->tcf_qstats.drops++;
266 spin_unlock(&police->tcf_lock);
267 return police->tcf_action;
268}
269
270static int tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a,
271 int bind, int ref)
272{
273 unsigned char *b = skb_tail_pointer(skb);
274 struct tcf_police *police = to_police(a);
275 struct tc_police opt = {
276 .index = police->tcf_index,
277 .action = police->tcf_action,
278 .mtu = police->tcfp_mtu,
279 .burst = PSCHED_NS2TICKS(police->tcfp_burst),
280 .refcnt = police->tcf_refcnt - ref,
281 .bindcnt = police->tcf_bindcnt - bind,
282 };
283 struct tcf_t t;
284
285 if (police->rate_present)
286 psched_ratecfg_getrate(&opt.rate, &police->rate);
287 if (police->peak_present)
288 psched_ratecfg_getrate(&opt.peakrate, &police->peak);
289 if (nla_put(skb, TCA_POLICE_TBF, sizeof(opt), &opt))
290 goto nla_put_failure;
291 if (police->tcfp_result &&
292 nla_put_u32(skb, TCA_POLICE_RESULT, police->tcfp_result))
293 goto nla_put_failure;
294 if (police->tcfp_ewma_rate &&
295 nla_put_u32(skb, TCA_POLICE_AVRATE, police->tcfp_ewma_rate))
296 goto nla_put_failure;
297
298 t.install = jiffies_to_clock_t(jiffies - police->tcf_tm.install);
299 t.lastuse = jiffies_to_clock_t(jiffies - police->tcf_tm.lastuse);
300 t.firstuse = jiffies_to_clock_t(jiffies - police->tcf_tm.firstuse);
301 t.expires = jiffies_to_clock_t(police->tcf_tm.expires);
302 if (nla_put_64bit(skb, TCA_POLICE_TM, sizeof(t), &t, TCA_POLICE_PAD))
303 goto nla_put_failure;
304
305 return skb->len;
306
307nla_put_failure:
308 nlmsg_trim(skb, b);
309 return -1;
310}
311
312static int tcf_police_search(struct net *net, struct tc_action **a, u32 index)
313{
314 struct tc_action_net *tn = net_generic(net, police_net_id);
315
316 return tcf_idr_search(tn, a, index);
317}
318
319MODULE_AUTHOR("Alexey Kuznetsov");
320MODULE_DESCRIPTION("Policing actions");
321MODULE_LICENSE("GPL");
322
323static struct tc_action_ops act_police_ops = {
324 .kind = "police",
325 .type = TCA_ID_POLICE,
326 .owner = THIS_MODULE,
327 .act = tcf_act_police,
328 .dump = tcf_act_police_dump,
329 .init = tcf_act_police_init,
330 .walk = tcf_act_police_walker,
331 .lookup = tcf_police_search,
332 .size = sizeof(struct tcf_police),
333};
334
335static __net_init int police_init_net(struct net *net)
336{
337 struct tc_action_net *tn = net_generic(net, police_net_id);
338
339 return tc_action_net_init(tn, &act_police_ops);
340}
341
342static void __net_exit police_exit_net(struct net *net)
343{
344 struct tc_action_net *tn = net_generic(net, police_net_id);
345
346 tc_action_net_exit(tn);
347}
348
349static struct pernet_operations police_net_ops = {
350 .init = police_init_net,
351 .exit = police_exit_net,
352 .id = &police_net_id,
353 .size = sizeof(struct tc_action_net),
354};
355
356static int __init police_init_module(void)
357{
358 return tcf_register_action(&act_police_ops, &police_net_ops);
359}
360
361static void __exit police_cleanup_module(void)
362{
363 tcf_unregister_action(&act_police_ops, &police_net_ops);
364}
365
366module_init(police_init_module);
367module_exit(police_cleanup_module);
368
