1
2
3
4
5
6
7
8
9
10
11
12#include <linux/kernel.h>
13#include <linux/init.h>
14#include <linux/module.h>
15#include <linux/rhashtable.h>
16#include <linux/workqueue.h>
17#include <linux/refcount.h>
18
19#include <linux/if_ether.h>
20#include <linux/in6.h>
21#include <linux/ip.h>
22#include <linux/mpls.h>
23
24#include <net/sch_generic.h>
25#include <net/pkt_cls.h>
26#include <net/ip.h>
27#include <net/flow_dissector.h>
28#include <net/geneve.h>
29#include <net/vxlan.h>
30#include <net/erspan.h>
31
32#include <net/dst.h>
33#include <net/dst_metadata.h>
34
35#include <uapi/linux/netfilter/nf_conntrack_common.h>
36
37struct fl_flow_key {
38 struct flow_dissector_key_meta meta;
39 struct flow_dissector_key_control control;
40 struct flow_dissector_key_control enc_control;
41 struct flow_dissector_key_basic basic;
42 struct flow_dissector_key_eth_addrs eth;
43 struct flow_dissector_key_vlan vlan;
44 struct flow_dissector_key_vlan cvlan;
45 union {
46 struct flow_dissector_key_ipv4_addrs ipv4;
47 struct flow_dissector_key_ipv6_addrs ipv6;
48 };
49 struct flow_dissector_key_ports tp;
50 struct flow_dissector_key_icmp icmp;
51 struct flow_dissector_key_arp arp;
52 struct flow_dissector_key_keyid enc_key_id;
53 union {
54 struct flow_dissector_key_ipv4_addrs enc_ipv4;
55 struct flow_dissector_key_ipv6_addrs enc_ipv6;
56 };
57 struct flow_dissector_key_ports enc_tp;
58 struct flow_dissector_key_mpls mpls;
59 struct flow_dissector_key_tcp tcp;
60 struct flow_dissector_key_ip ip;
61 struct flow_dissector_key_ip enc_ip;
62 struct flow_dissector_key_enc_opts enc_opts;
63 union {
64 struct flow_dissector_key_ports tp;
65 struct {
66 struct flow_dissector_key_ports tp_min;
67 struct flow_dissector_key_ports tp_max;
68 };
69 } tp_range;
70 struct flow_dissector_key_ct ct;
71} __aligned(BITS_PER_LONG / 8);
72
73struct fl_flow_mask_range {
74 unsigned short int start;
75 unsigned short int end;
76};
77
78struct fl_flow_mask {
79 struct fl_flow_key key;
80 struct fl_flow_mask_range range;
81 u32 flags;
82 struct rhash_head ht_node;
83 struct rhashtable ht;
84 struct rhashtable_params filter_ht_params;
85 struct flow_dissector dissector;
86 struct list_head filters;
87 struct rcu_work rwork;
88 struct list_head list;
89 refcount_t refcnt;
90};
91
92struct fl_flow_tmplt {
93 struct fl_flow_key dummy_key;
94 struct fl_flow_key mask;
95 struct flow_dissector dissector;
96 struct tcf_chain *chain;
97};
98
99struct cls_fl_head {
100 struct rhashtable ht;
101 spinlock_t masks_lock;
102 struct list_head masks;
103 struct list_head hw_filters;
104 struct rcu_work rwork;
105 struct idr handle_idr;
106};
107
108struct cls_fl_filter {
109 struct fl_flow_mask *mask;
110 struct rhash_head ht_node;
111 struct fl_flow_key mkey;
112 struct tcf_exts exts;
113 struct tcf_result res;
114 struct fl_flow_key key;
115 struct list_head list;
116 struct list_head hw_list;
117 u32 handle;
118 u32 flags;
119 u32 in_hw_count;
120 struct rcu_work rwork;
121 struct net_device *hw_dev;
122
123
124
125
126 refcount_t refcnt;
127 bool deleted;
128};
129
130static const struct rhashtable_params mask_ht_params = {
131 .key_offset = offsetof(struct fl_flow_mask, key),
132 .key_len = sizeof(struct fl_flow_key),
133 .head_offset = offsetof(struct fl_flow_mask, ht_node),
134 .automatic_shrinking = true,
135};
136
137static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
138{
139 return mask->range.end - mask->range.start;
140}
141
142static void fl_mask_update_range(struct fl_flow_mask *mask)
143{
144 const u8 *bytes = (const u8 *) &mask->key;
145 size_t size = sizeof(mask->key);
146 size_t i, first = 0, last;
147
148 for (i = 0; i < size; i++) {
149 if (bytes[i]) {
150 first = i;
151 break;
152 }
153 }
154 last = first;
155 for (i = size - 1; i != first; i--) {
156 if (bytes[i]) {
157 last = i;
158 break;
159 }
160 }
161 mask->range.start = rounddown(first, sizeof(long));
162 mask->range.end = roundup(last + 1, sizeof(long));
163}
164
165static void *fl_key_get_start(struct fl_flow_key *key,
166 const struct fl_flow_mask *mask)
167{
168 return (u8 *) key + mask->range.start;
169}
170
171static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
172 struct fl_flow_mask *mask)
173{
174 const long *lkey = fl_key_get_start(key, mask);
175 const long *lmask = fl_key_get_start(&mask->key, mask);
176 long *lmkey = fl_key_get_start(mkey, mask);
177 int i;
178
179 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
180 *lmkey++ = *lkey++ & *lmask++;
181}
182
183static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
184 struct fl_flow_mask *mask)
185{
186 const long *lmask = fl_key_get_start(&mask->key, mask);
187 const long *ltmplt;
188 int i;
189
190 if (!tmplt)
191 return true;
192 ltmplt = fl_key_get_start(&tmplt->mask, mask);
193 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
194 if (~*ltmplt++ & *lmask++)
195 return false;
196 }
197 return true;
198}
199
200static void fl_clear_masked_range(struct fl_flow_key *key,
201 struct fl_flow_mask *mask)
202{
203 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
204}
205
206static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
207 struct fl_flow_key *key,
208 struct fl_flow_key *mkey)
209{
210 __be16 min_mask, max_mask, min_val, max_val;
211
212 min_mask = htons(filter->mask->key.tp_range.tp_min.dst);
213 max_mask = htons(filter->mask->key.tp_range.tp_max.dst);
214 min_val = htons(filter->key.tp_range.tp_min.dst);
215 max_val = htons(filter->key.tp_range.tp_max.dst);
216
217 if (min_mask && max_mask) {
218 if (htons(key->tp_range.tp.dst) < min_val ||
219 htons(key->tp_range.tp.dst) > max_val)
220 return false;
221
222
223 mkey->tp_range.tp_min.dst = filter->mkey.tp_range.tp_min.dst;
224 mkey->tp_range.tp_max.dst = filter->mkey.tp_range.tp_max.dst;
225 }
226 return true;
227}
228
229static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
230 struct fl_flow_key *key,
231 struct fl_flow_key *mkey)
232{
233 __be16 min_mask, max_mask, min_val, max_val;
234
235 min_mask = htons(filter->mask->key.tp_range.tp_min.src);
236 max_mask = htons(filter->mask->key.tp_range.tp_max.src);
237 min_val = htons(filter->key.tp_range.tp_min.src);
238 max_val = htons(filter->key.tp_range.tp_max.src);
239
240 if (min_mask && max_mask) {
241 if (htons(key->tp_range.tp.src) < min_val ||
242 htons(key->tp_range.tp.src) > max_val)
243 return false;
244
245
246 mkey->tp_range.tp_min.src = filter->mkey.tp_range.tp_min.src;
247 mkey->tp_range.tp_max.src = filter->mkey.tp_range.tp_max.src;
248 }
249 return true;
250}
251
252static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
253 struct fl_flow_key *mkey)
254{
255 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
256 mask->filter_ht_params);
257}
258
259static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
260 struct fl_flow_key *mkey,
261 struct fl_flow_key *key)
262{
263 struct cls_fl_filter *filter, *f;
264
265 list_for_each_entry_rcu(filter, &mask->filters, list) {
266 if (!fl_range_port_dst_cmp(filter, key, mkey))
267 continue;
268
269 if (!fl_range_port_src_cmp(filter, key, mkey))
270 continue;
271
272 f = __fl_lookup(mask, mkey);
273 if (f)
274 return f;
275 }
276 return NULL;
277}
278
279static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
280 struct fl_flow_key *mkey,
281 struct fl_flow_key *key)
282{
283 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
284 return fl_lookup_range(mask, mkey, key);
285
286 return __fl_lookup(mask, mkey);
287}
288
289static u16 fl_ct_info_to_flower_map[] = {
290 [IP_CT_ESTABLISHED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
291 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED,
292 [IP_CT_RELATED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
293 TCA_FLOWER_KEY_CT_FLAGS_RELATED,
294 [IP_CT_ESTABLISHED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
295 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED,
296 [IP_CT_RELATED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
297 TCA_FLOWER_KEY_CT_FLAGS_RELATED,
298 [IP_CT_NEW] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
299 TCA_FLOWER_KEY_CT_FLAGS_NEW,
300};
301
302static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
303 struct tcf_result *res)
304{
305 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
306 struct fl_flow_key skb_mkey;
307 struct fl_flow_key skb_key;
308 struct fl_flow_mask *mask;
309 struct cls_fl_filter *f;
310
311 list_for_each_entry_rcu(mask, &head->masks, list) {
312 flow_dissector_init_keys(&skb_key.control, &skb_key.basic);
313 fl_clear_masked_range(&skb_key, mask);
314
315 skb_flow_dissect_meta(skb, &mask->dissector, &skb_key);
316
317
318
319 skb_key.basic.n_proto = skb->protocol;
320 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
321 skb_flow_dissect_ct(skb, &mask->dissector, &skb_key,
322 fl_ct_info_to_flower_map,
323 ARRAY_SIZE(fl_ct_info_to_flower_map));
324 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
325
326 fl_set_masked_key(&skb_mkey, &skb_key, mask);
327
328 f = fl_lookup(mask, &skb_mkey, &skb_key);
329 if (f && !tc_skip_sw(f->flags)) {
330 *res = f->res;
331 return tcf_exts_exec(skb, &f->exts, res);
332 }
333 }
334 return -1;
335}
336
337static int fl_init(struct tcf_proto *tp)
338{
339 struct cls_fl_head *head;
340
341 head = kzalloc(sizeof(*head), GFP_KERNEL);
342 if (!head)
343 return -ENOBUFS;
344
345 spin_lock_init(&head->masks_lock);
346 INIT_LIST_HEAD_RCU(&head->masks);
347 INIT_LIST_HEAD(&head->hw_filters);
348 rcu_assign_pointer(tp->root, head);
349 idr_init(&head->handle_idr);
350
351 return rhashtable_init(&head->ht, &mask_ht_params);
352}
353
354static void fl_mask_free(struct fl_flow_mask *mask, bool mask_init_done)
355{
356
357 if (mask_init_done) {
358 WARN_ON(!list_empty(&mask->filters));
359 rhashtable_destroy(&mask->ht);
360 }
361 kfree(mask);
362}
363
364static void fl_mask_free_work(struct work_struct *work)
365{
366 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
367 struct fl_flow_mask, rwork);
368
369 fl_mask_free(mask, true);
370}
371
372static void fl_uninit_mask_free_work(struct work_struct *work)
373{
374 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
375 struct fl_flow_mask, rwork);
376
377 fl_mask_free(mask, false);
378}
379
380static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask)
381{
382 if (!refcount_dec_and_test(&mask->refcnt))
383 return false;
384
385 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
386
387 spin_lock(&head->masks_lock);
388 list_del_rcu(&mask->list);
389 spin_unlock(&head->masks_lock);
390
391 tcf_queue_work(&mask->rwork, fl_mask_free_work);
392
393 return true;
394}
395
396static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp)
397{
398
399
400
401
402
403 return rcu_dereference_raw(tp->root);
404}
405
406static void __fl_destroy_filter(struct cls_fl_filter *f)
407{
408 tcf_exts_destroy(&f->exts);
409 tcf_exts_put_net(&f->exts);
410 kfree(f);
411}
412
413static void fl_destroy_filter_work(struct work_struct *work)
414{
415 struct cls_fl_filter *f = container_of(to_rcu_work(work),
416 struct cls_fl_filter, rwork);
417
418 __fl_destroy_filter(f);
419}
420
421static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
422 bool rtnl_held, struct netlink_ext_ack *extack)
423{
424 struct tcf_block *block = tp->chain->block;
425 struct flow_cls_offload cls_flower = {};
426
427 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
428 cls_flower.command = FLOW_CLS_DESTROY;
429 cls_flower.cookie = (unsigned long) f;
430
431 tc_setup_cb_destroy(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, false,
432 &f->flags, &f->in_hw_count, rtnl_held);
433
434}
435
436static int fl_hw_replace_filter(struct tcf_proto *tp,
437 struct cls_fl_filter *f, bool rtnl_held,
438 struct netlink_ext_ack *extack)
439{
440 struct tcf_block *block = tp->chain->block;
441 struct flow_cls_offload cls_flower = {};
442 bool skip_sw = tc_skip_sw(f->flags);
443 int err = 0;
444
445 cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts));
446 if (!cls_flower.rule)
447 return -ENOMEM;
448
449 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
450 cls_flower.command = FLOW_CLS_REPLACE;
451 cls_flower.cookie = (unsigned long) f;
452 cls_flower.rule->match.dissector = &f->mask->dissector;
453 cls_flower.rule->match.mask = &f->mask->key;
454 cls_flower.rule->match.key = &f->mkey;
455 cls_flower.classid = f->res.classid;
456
457 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts);
458 if (err) {
459 kfree(cls_flower.rule);
460 if (skip_sw) {
461 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
462 return err;
463 }
464 return 0;
465 }
466
467 err = tc_setup_cb_add(block, tp, TC_SETUP_CLSFLOWER, &cls_flower,
468 skip_sw, &f->flags, &f->in_hw_count, rtnl_held);
469 tc_cleanup_flow_action(&cls_flower.rule->action);
470 kfree(cls_flower.rule);
471
472 if (err) {
473 fl_hw_destroy_filter(tp, f, rtnl_held, NULL);
474 return err;
475 }
476
477 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
478 return -EINVAL;
479
480 return 0;
481}
482
483static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f,
484 bool rtnl_held)
485{
486 struct tcf_block *block = tp->chain->block;
487 struct flow_cls_offload cls_flower = {};
488
489 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
490 cls_flower.command = FLOW_CLS_STATS;
491 cls_flower.cookie = (unsigned long) f;
492 cls_flower.classid = f->res.classid;
493
494 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false,
495 rtnl_held);
496
497 tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes,
498 cls_flower.stats.pkts,
499 cls_flower.stats.lastused,
500 cls_flower.stats.used_hw_stats,
501 cls_flower.stats.used_hw_stats_valid);
502}
503
504static void __fl_put(struct cls_fl_filter *f)
505{
506 if (!refcount_dec_and_test(&f->refcnt))
507 return;
508
509 if (tcf_exts_get_net(&f->exts))
510 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
511 else
512 __fl_destroy_filter(f);
513}
514
515static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle)
516{
517 struct cls_fl_filter *f;
518
519 rcu_read_lock();
520 f = idr_find(&head->handle_idr, handle);
521 if (f && !refcount_inc_not_zero(&f->refcnt))
522 f = NULL;
523 rcu_read_unlock();
524
525 return f;
526}
527
528static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
529 bool *last, bool rtnl_held,
530 struct netlink_ext_ack *extack)
531{
532 struct cls_fl_head *head = fl_head_dereference(tp);
533
534 *last = false;
535
536 spin_lock(&tp->lock);
537 if (f->deleted) {
538 spin_unlock(&tp->lock);
539 return -ENOENT;
540 }
541
542 f->deleted = true;
543 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
544 f->mask->filter_ht_params);
545 idr_remove(&head->handle_idr, f->handle);
546 list_del_rcu(&f->list);
547 spin_unlock(&tp->lock);
548
549 *last = fl_mask_put(head, f->mask);
550 if (!tc_skip_hw(f->flags))
551 fl_hw_destroy_filter(tp, f, rtnl_held, extack);
552 tcf_unbind_filter(tp, &f->res);
553 __fl_put(f);
554
555 return 0;
556}
557
558static void fl_destroy_sleepable(struct work_struct *work)
559{
560 struct cls_fl_head *head = container_of(to_rcu_work(work),
561 struct cls_fl_head,
562 rwork);
563
564 rhashtable_destroy(&head->ht);
565 kfree(head);
566 module_put(THIS_MODULE);
567}
568
569static void fl_destroy(struct tcf_proto *tp, bool rtnl_held,
570 struct netlink_ext_ack *extack)
571{
572 struct cls_fl_head *head = fl_head_dereference(tp);
573 struct fl_flow_mask *mask, *next_mask;
574 struct cls_fl_filter *f, *next;
575 bool last;
576
577 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
578 list_for_each_entry_safe(f, next, &mask->filters, list) {
579 __fl_delete(tp, f, &last, rtnl_held, extack);
580 if (last)
581 break;
582 }
583 }
584 idr_destroy(&head->handle_idr);
585
586 __module_get(THIS_MODULE);
587 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
588}
589
590static void fl_put(struct tcf_proto *tp, void *arg)
591{
592 struct cls_fl_filter *f = arg;
593
594 __fl_put(f);
595}
596
597static void *fl_get(struct tcf_proto *tp, u32 handle)
598{
599 struct cls_fl_head *head = fl_head_dereference(tp);
600
601 return __fl_get(head, handle);
602}
603
604static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
605 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
606 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
607 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
608 .len = IFNAMSIZ },
609 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
610 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
611 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
612 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
613 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
614 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
615 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
616 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
617 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
618 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
619 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
620 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
621 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
622 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
623 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
624 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
625 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
626 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
627 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
628 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
629 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
630 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
631 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
632 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
633 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
634 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
635 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
636 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
637 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
638 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
639 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
640 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
641 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
642 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
643 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
644 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
645 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
646 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
647 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
648 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
649 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
650 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
651 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
652 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
653 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
654 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
655 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
656 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
657 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
658 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
659 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
660 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
661 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
662 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
663 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
664 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
665 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
666 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
667 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
668 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
669 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
670 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
671 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
672 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
673 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
674 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
675 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
676 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
677 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
678 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
679 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
680 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
681 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
682 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
683 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
684 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
685 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
686 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
687 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
688 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
689 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
690 [TCA_FLOWER_KEY_CT_STATE] = { .type = NLA_U16 },
691 [TCA_FLOWER_KEY_CT_STATE_MASK] = { .type = NLA_U16 },
692 [TCA_FLOWER_KEY_CT_ZONE] = { .type = NLA_U16 },
693 [TCA_FLOWER_KEY_CT_ZONE_MASK] = { .type = NLA_U16 },
694 [TCA_FLOWER_KEY_CT_MARK] = { .type = NLA_U32 },
695 [TCA_FLOWER_KEY_CT_MARK_MASK] = { .type = NLA_U32 },
696 [TCA_FLOWER_KEY_CT_LABELS] = { .type = NLA_BINARY,
697 .len = 128 / BITS_PER_BYTE },
698 [TCA_FLOWER_KEY_CT_LABELS_MASK] = { .type = NLA_BINARY,
699 .len = 128 / BITS_PER_BYTE },
700 [TCA_FLOWER_FLAGS] = { .type = NLA_U32 },
701};
702
703static const struct nla_policy
704enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
705 [TCA_FLOWER_KEY_ENC_OPTS_UNSPEC] = {
706 .strict_start_type = TCA_FLOWER_KEY_ENC_OPTS_VXLAN },
707 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
708 [TCA_FLOWER_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED },
709 [TCA_FLOWER_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED },
710};
711
712static const struct nla_policy
713geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
714 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
715 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
716 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
717 .len = 128 },
718};
719
720static const struct nla_policy
721vxlan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1] = {
722 [TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 },
723};
724
725static const struct nla_policy
726erspan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1] = {
727 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 },
728 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 },
729 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 },
730 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 },
731};
732
733static void fl_set_key_val(struct nlattr **tb,
734 void *val, int val_type,
735 void *mask, int mask_type, int len)
736{
737 if (!tb[val_type])
738 return;
739 nla_memcpy(val, tb[val_type], len);
740 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
741 memset(mask, 0xff, len);
742 else
743 nla_memcpy(mask, tb[mask_type], len);
744}
745
746static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
747 struct fl_flow_key *mask,
748 struct netlink_ext_ack *extack)
749{
750 fl_set_key_val(tb, &key->tp_range.tp_min.dst,
751 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_range.tp_min.dst,
752 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.dst));
753 fl_set_key_val(tb, &key->tp_range.tp_max.dst,
754 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_range.tp_max.dst,
755 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.dst));
756 fl_set_key_val(tb, &key->tp_range.tp_min.src,
757 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_range.tp_min.src,
758 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.src));
759 fl_set_key_val(tb, &key->tp_range.tp_max.src,
760 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_range.tp_max.src,
761 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.src));
762
763 if (mask->tp_range.tp_min.dst && mask->tp_range.tp_max.dst &&
764 htons(key->tp_range.tp_max.dst) <=
765 htons(key->tp_range.tp_min.dst)) {
766 NL_SET_ERR_MSG_ATTR(extack,
767 tb[TCA_FLOWER_KEY_PORT_DST_MIN],
768 "Invalid destination port range (min must be strictly smaller than max)");
769 return -EINVAL;
770 }
771 if (mask->tp_range.tp_min.src && mask->tp_range.tp_max.src &&
772 htons(key->tp_range.tp_max.src) <=
773 htons(key->tp_range.tp_min.src)) {
774 NL_SET_ERR_MSG_ATTR(extack,
775 tb[TCA_FLOWER_KEY_PORT_SRC_MIN],
776 "Invalid source port range (min must be strictly smaller than max)");
777 return -EINVAL;
778 }
779
780 return 0;
781}
782
783static int fl_set_key_mpls(struct nlattr **tb,
784 struct flow_dissector_key_mpls *key_val,
785 struct flow_dissector_key_mpls *key_mask,
786 struct netlink_ext_ack *extack)
787{
788 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
789 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
790 key_mask->mpls_ttl = MPLS_TTL_MASK;
791 }
792 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
793 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
794
795 if (bos & ~MPLS_BOS_MASK) {
796 NL_SET_ERR_MSG_ATTR(extack,
797 tb[TCA_FLOWER_KEY_MPLS_BOS],
798 "Bottom Of Stack (BOS) must be 0 or 1");
799 return -EINVAL;
800 }
801 key_val->mpls_bos = bos;
802 key_mask->mpls_bos = MPLS_BOS_MASK;
803 }
804 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
805 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
806
807 if (tc & ~MPLS_TC_MASK) {
808 NL_SET_ERR_MSG_ATTR(extack,
809 tb[TCA_FLOWER_KEY_MPLS_TC],
810 "Traffic Class (TC) must be between 0 and 7");
811 return -EINVAL;
812 }
813 key_val->mpls_tc = tc;
814 key_mask->mpls_tc = MPLS_TC_MASK;
815 }
816 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
817 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
818
819 if (label & ~MPLS_LABEL_MASK) {
820 NL_SET_ERR_MSG_ATTR(extack,
821 tb[TCA_FLOWER_KEY_MPLS_LABEL],
822 "Label must be between 0 and 1048575");
823 return -EINVAL;
824 }
825 key_val->mpls_label = label;
826 key_mask->mpls_label = MPLS_LABEL_MASK;
827 }
828 return 0;
829}
830
831static void fl_set_key_vlan(struct nlattr **tb,
832 __be16 ethertype,
833 int vlan_id_key, int vlan_prio_key,
834 struct flow_dissector_key_vlan *key_val,
835 struct flow_dissector_key_vlan *key_mask)
836{
837#define VLAN_PRIORITY_MASK 0x7
838
839 if (tb[vlan_id_key]) {
840 key_val->vlan_id =
841 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
842 key_mask->vlan_id = VLAN_VID_MASK;
843 }
844 if (tb[vlan_prio_key]) {
845 key_val->vlan_priority =
846 nla_get_u8(tb[vlan_prio_key]) &
847 VLAN_PRIORITY_MASK;
848 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
849 }
850 key_val->vlan_tpid = ethertype;
851 key_mask->vlan_tpid = cpu_to_be16(~0);
852}
853
854static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
855 u32 *dissector_key, u32 *dissector_mask,
856 u32 flower_flag_bit, u32 dissector_flag_bit)
857{
858 if (flower_mask & flower_flag_bit) {
859 *dissector_mask |= dissector_flag_bit;
860 if (flower_key & flower_flag_bit)
861 *dissector_key |= dissector_flag_bit;
862 }
863}
864
865static int fl_set_key_flags(struct nlattr **tb, u32 *flags_key,
866 u32 *flags_mask, struct netlink_ext_ack *extack)
867{
868 u32 key, mask;
869
870
871 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) {
872 NL_SET_ERR_MSG(extack, "Missing flags mask");
873 return -EINVAL;
874 }
875
876 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
877 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
878
879 *flags_key = 0;
880 *flags_mask = 0;
881
882 fl_set_key_flag(key, mask, flags_key, flags_mask,
883 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
884 fl_set_key_flag(key, mask, flags_key, flags_mask,
885 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
886 FLOW_DIS_FIRST_FRAG);
887
888 return 0;
889}
890
891static void fl_set_key_ip(struct nlattr **tb, bool encap,
892 struct flow_dissector_key_ip *key,
893 struct flow_dissector_key_ip *mask)
894{
895 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
896 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
897 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
898 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
899
900 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
901 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
902}
903
904static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
905 int depth, int option_len,
906 struct netlink_ext_ack *extack)
907{
908 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
909 struct nlattr *class = NULL, *type = NULL, *data = NULL;
910 struct geneve_opt *opt;
911 int err, data_len = 0;
912
913 if (option_len > sizeof(struct geneve_opt))
914 data_len = option_len - sizeof(struct geneve_opt);
915
916 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
917 memset(opt, 0xff, option_len);
918 opt->length = data_len / 4;
919 opt->r1 = 0;
920 opt->r2 = 0;
921 opt->r3 = 0;
922
923
924 if (!depth)
925 return sizeof(struct geneve_opt) + data_len;
926
927 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
928 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
929 return -EINVAL;
930 }
931
932 err = nla_parse_nested_deprecated(tb,
933 TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
934 nla, geneve_opt_policy, extack);
935 if (err < 0)
936 return err;
937
938
939
940
941 if (!option_len &&
942 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
943 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
944 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
945 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
946 return -EINVAL;
947 }
948
949
950
951
952 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
953 int new_len = key->enc_opts.len;
954
955 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
956 data_len = nla_len(data);
957 if (data_len < 4) {
958 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
959 return -ERANGE;
960 }
961 if (data_len % 4) {
962 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
963 return -ERANGE;
964 }
965
966 new_len += sizeof(struct geneve_opt) + data_len;
967 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
968 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
969 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
970 return -ERANGE;
971 }
972 opt->length = data_len / 4;
973 memcpy(opt->opt_data, nla_data(data), data_len);
974 }
975
976 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
977 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
978 opt->opt_class = nla_get_be16(class);
979 }
980
981 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
982 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
983 opt->type = nla_get_u8(type);
984 }
985
986 return sizeof(struct geneve_opt) + data_len;
987}
988
989static int fl_set_vxlan_opt(const struct nlattr *nla, struct fl_flow_key *key,
990 int depth, int option_len,
991 struct netlink_ext_ack *extack)
992{
993 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1];
994 struct vxlan_metadata *md;
995 int err;
996
997 md = (struct vxlan_metadata *)&key->enc_opts.data[key->enc_opts.len];
998 memset(md, 0xff, sizeof(*md));
999
1000 if (!depth)
1001 return sizeof(*md);
1002
1003 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_VXLAN) {
1004 NL_SET_ERR_MSG(extack, "Non-vxlan option type for mask");
1005 return -EINVAL;
1006 }
1007
1008 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX, nla,
1009 vxlan_opt_policy, extack);
1010 if (err < 0)
1011 return err;
1012
1013 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]) {
1014 NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp");
1015 return -EINVAL;
1016 }
1017
1018 if (tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP])
1019 md->gbp = nla_get_u32(tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]);
1020
1021 return sizeof(*md);
1022}
1023
1024static int fl_set_erspan_opt(const struct nlattr *nla, struct fl_flow_key *key,
1025 int depth, int option_len,
1026 struct netlink_ext_ack *extack)
1027{
1028 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1];
1029 struct erspan_metadata *md;
1030 int err;
1031
1032 md = (struct erspan_metadata *)&key->enc_opts.data[key->enc_opts.len];
1033 memset(md, 0xff, sizeof(*md));
1034 md->version = 1;
1035
1036 if (!depth)
1037 return sizeof(*md);
1038
1039 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_ERSPAN) {
1040 NL_SET_ERR_MSG(extack, "Non-erspan option type for mask");
1041 return -EINVAL;
1042 }
1043
1044 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX, nla,
1045 erspan_opt_policy, extack);
1046 if (err < 0)
1047 return err;
1048
1049 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]) {
1050 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver");
1051 return -EINVAL;
1052 }
1053
1054 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER])
1055 md->version = nla_get_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]);
1056
1057 if (md->version == 1) {
1058 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) {
1059 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index");
1060 return -EINVAL;
1061 }
1062 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) {
1063 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX];
1064 md->u.index = nla_get_be32(nla);
1065 }
1066 } else if (md->version == 2) {
1067 if (!option_len && (!tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] ||
1068 !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID])) {
1069 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid");
1070 return -EINVAL;
1071 }
1072 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR]) {
1073 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR];
1074 md->u.md2.dir = nla_get_u8(nla);
1075 }
1076 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID]) {
1077 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID];
1078 set_hwid(&md->u.md2, nla_get_u8(nla));
1079 }
1080 } else {
1081 NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect");
1082 return -EINVAL;
1083 }
1084
1085 return sizeof(*md);
1086}
1087
1088static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
1089 struct fl_flow_key *mask,
1090 struct netlink_ext_ack *extack)
1091{
1092 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
1093 int err, option_len, key_depth, msk_depth = 0;
1094
1095 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS],
1096 TCA_FLOWER_KEY_ENC_OPTS_MAX,
1097 enc_opts_policy, extack);
1098 if (err)
1099 return err;
1100
1101 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
1102
1103 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
1104 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
1105 TCA_FLOWER_KEY_ENC_OPTS_MAX,
1106 enc_opts_policy, extack);
1107 if (err)
1108 return err;
1109
1110 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
1111 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
1112 }
1113
1114 nla_for_each_attr(nla_opt_key, nla_enc_key,
1115 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
1116 switch (nla_type(nla_opt_key)) {
1117 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
1118 if (key->enc_opts.dst_opt_type &&
1119 key->enc_opts.dst_opt_type != TUNNEL_GENEVE_OPT) {
1120 NL_SET_ERR_MSG(extack, "Duplicate type for geneve options");
1121 return -EINVAL;
1122 }
1123 option_len = 0;
1124 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
1125 option_len = fl_set_geneve_opt(nla_opt_key, key,
1126 key_depth, option_len,
1127 extack);
1128 if (option_len < 0)
1129 return option_len;
1130
1131 key->enc_opts.len += option_len;
1132
1133
1134
1135 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
1136 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
1137 msk_depth, option_len,
1138 extack);
1139 if (option_len < 0)
1140 return option_len;
1141
1142 mask->enc_opts.len += option_len;
1143 if (key->enc_opts.len != mask->enc_opts.len) {
1144 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1145 return -EINVAL;
1146 }
1147
1148 if (msk_depth)
1149 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1150 break;
1151 case TCA_FLOWER_KEY_ENC_OPTS_VXLAN:
1152 if (key->enc_opts.dst_opt_type) {
1153 NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options");
1154 return -EINVAL;
1155 }
1156 option_len = 0;
1157 key->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT;
1158 option_len = fl_set_vxlan_opt(nla_opt_key, key,
1159 key_depth, option_len,
1160 extack);
1161 if (option_len < 0)
1162 return option_len;
1163
1164 key->enc_opts.len += option_len;
1165
1166
1167
1168 mask->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT;
1169 option_len = fl_set_vxlan_opt(nla_opt_msk, mask,
1170 msk_depth, option_len,
1171 extack);
1172 if (option_len < 0)
1173 return option_len;
1174
1175 mask->enc_opts.len += option_len;
1176 if (key->enc_opts.len != mask->enc_opts.len) {
1177 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1178 return -EINVAL;
1179 }
1180
1181 if (msk_depth)
1182 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1183 break;
1184 case TCA_FLOWER_KEY_ENC_OPTS_ERSPAN:
1185 if (key->enc_opts.dst_opt_type) {
1186 NL_SET_ERR_MSG(extack, "Duplicate type for erspan options");
1187 return -EINVAL;
1188 }
1189 option_len = 0;
1190 key->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT;
1191 option_len = fl_set_erspan_opt(nla_opt_key, key,
1192 key_depth, option_len,
1193 extack);
1194 if (option_len < 0)
1195 return option_len;
1196
1197 key->enc_opts.len += option_len;
1198
1199
1200
1201 mask->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT;
1202 option_len = fl_set_erspan_opt(nla_opt_msk, mask,
1203 msk_depth, option_len,
1204 extack);
1205 if (option_len < 0)
1206 return option_len;
1207
1208 mask->enc_opts.len += option_len;
1209 if (key->enc_opts.len != mask->enc_opts.len) {
1210 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1211 return -EINVAL;
1212 }
1213
1214 if (msk_depth)
1215 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1216 break;
1217 default:
1218 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
1219 return -EINVAL;
1220 }
1221 }
1222
1223 return 0;
1224}
1225
1226static int fl_set_key_ct(struct nlattr **tb,
1227 struct flow_dissector_key_ct *key,
1228 struct flow_dissector_key_ct *mask,
1229 struct netlink_ext_ack *extack)
1230{
1231 if (tb[TCA_FLOWER_KEY_CT_STATE]) {
1232 if (!IS_ENABLED(CONFIG_NF_CONNTRACK)) {
1233 NL_SET_ERR_MSG(extack, "Conntrack isn't enabled");
1234 return -EOPNOTSUPP;
1235 }
1236 fl_set_key_val(tb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
1237 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
1238 sizeof(key->ct_state));
1239 }
1240 if (tb[TCA_FLOWER_KEY_CT_ZONE]) {
1241 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)) {
1242 NL_SET_ERR_MSG(extack, "Conntrack zones isn't enabled");
1243 return -EOPNOTSUPP;
1244 }
1245 fl_set_key_val(tb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
1246 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
1247 sizeof(key->ct_zone));
1248 }
1249 if (tb[TCA_FLOWER_KEY_CT_MARK]) {
1250 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)) {
1251 NL_SET_ERR_MSG(extack, "Conntrack mark isn't enabled");
1252 return -EOPNOTSUPP;
1253 }
1254 fl_set_key_val(tb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
1255 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
1256 sizeof(key->ct_mark));
1257 }
1258 if (tb[TCA_FLOWER_KEY_CT_LABELS]) {
1259 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS)) {
1260 NL_SET_ERR_MSG(extack, "Conntrack labels aren't enabled");
1261 return -EOPNOTSUPP;
1262 }
1263 fl_set_key_val(tb, key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
1264 mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
1265 sizeof(key->ct_labels));
1266 }
1267
1268 return 0;
1269}
1270
1271static int fl_set_key(struct net *net, struct nlattr **tb,
1272 struct fl_flow_key *key, struct fl_flow_key *mask,
1273 struct netlink_ext_ack *extack)
1274{
1275 __be16 ethertype;
1276 int ret = 0;
1277
1278 if (tb[TCA_FLOWER_INDEV]) {
1279 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
1280 if (err < 0)
1281 return err;
1282 key->meta.ingress_ifindex = err;
1283 mask->meta.ingress_ifindex = 0xffffffff;
1284 }
1285
1286 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1287 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1288 sizeof(key->eth.dst));
1289 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1290 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1291 sizeof(key->eth.src));
1292
1293 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
1294 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
1295
1296 if (eth_type_vlan(ethertype)) {
1297 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
1298 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
1299 &mask->vlan);
1300
1301 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
1302 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
1303 if (eth_type_vlan(ethertype)) {
1304 fl_set_key_vlan(tb, ethertype,
1305 TCA_FLOWER_KEY_CVLAN_ID,
1306 TCA_FLOWER_KEY_CVLAN_PRIO,
1307 &key->cvlan, &mask->cvlan);
1308 fl_set_key_val(tb, &key->basic.n_proto,
1309 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1310 &mask->basic.n_proto,
1311 TCA_FLOWER_UNSPEC,
1312 sizeof(key->basic.n_proto));
1313 } else {
1314 key->basic.n_proto = ethertype;
1315 mask->basic.n_proto = cpu_to_be16(~0);
1316 }
1317 }
1318 } else {
1319 key->basic.n_proto = ethertype;
1320 mask->basic.n_proto = cpu_to_be16(~0);
1321 }
1322 }
1323
1324 if (key->basic.n_proto == htons(ETH_P_IP) ||
1325 key->basic.n_proto == htons(ETH_P_IPV6)) {
1326 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1327 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1328 sizeof(key->basic.ip_proto));
1329 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
1330 }
1331
1332 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
1333 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1334 mask->control.addr_type = ~0;
1335 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1336 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1337 sizeof(key->ipv4.src));
1338 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1339 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1340 sizeof(key->ipv4.dst));
1341 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
1342 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1343 mask->control.addr_type = ~0;
1344 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1345 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1346 sizeof(key->ipv6.src));
1347 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1348 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1349 sizeof(key->ipv6.dst));
1350 }
1351
1352 if (key->basic.ip_proto == IPPROTO_TCP) {
1353 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1354 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1355 sizeof(key->tp.src));
1356 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1357 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1358 sizeof(key->tp.dst));
1359 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1360 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1361 sizeof(key->tcp.flags));
1362 } else if (key->basic.ip_proto == IPPROTO_UDP) {
1363 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1364 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1365 sizeof(key->tp.src));
1366 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1367 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1368 sizeof(key->tp.dst));
1369 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
1370 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1371 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1372 sizeof(key->tp.src));
1373 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1374 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1375 sizeof(key->tp.dst));
1376 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
1377 key->basic.ip_proto == IPPROTO_ICMP) {
1378 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
1379 &mask->icmp.type,
1380 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1381 sizeof(key->icmp.type));
1382 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
1383 &mask->icmp.code,
1384 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1385 sizeof(key->icmp.code));
1386 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1387 key->basic.ip_proto == IPPROTO_ICMPV6) {
1388 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
1389 &mask->icmp.type,
1390 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1391 sizeof(key->icmp.type));
1392 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
1393 &mask->icmp.code,
1394 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1395 sizeof(key->icmp.code));
1396 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1397 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1398 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls, extack);
1399 if (ret)
1400 return ret;
1401 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1402 key->basic.n_proto == htons(ETH_P_RARP)) {
1403 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1404 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1405 sizeof(key->arp.sip));
1406 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1407 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1408 sizeof(key->arp.tip));
1409 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1410 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1411 sizeof(key->arp.op));
1412 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1413 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1414 sizeof(key->arp.sha));
1415 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1416 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1417 sizeof(key->arp.tha));
1418 }
1419
1420 if (key->basic.ip_proto == IPPROTO_TCP ||
1421 key->basic.ip_proto == IPPROTO_UDP ||
1422 key->basic.ip_proto == IPPROTO_SCTP) {
1423 ret = fl_set_key_port_range(tb, key, mask, extack);
1424 if (ret)
1425 return ret;
1426 }
1427
1428 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1429 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1430 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1431 mask->enc_control.addr_type = ~0;
1432 fl_set_key_val(tb, &key->enc_ipv4.src,
1433 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1434 &mask->enc_ipv4.src,
1435 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1436 sizeof(key->enc_ipv4.src));
1437 fl_set_key_val(tb, &key->enc_ipv4.dst,
1438 TCA_FLOWER_KEY_ENC_IPV4_DST,
1439 &mask->enc_ipv4.dst,
1440 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1441 sizeof(key->enc_ipv4.dst));
1442 }
1443
1444 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1445 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1446 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1447 mask->enc_control.addr_type = ~0;
1448 fl_set_key_val(tb, &key->enc_ipv6.src,
1449 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1450 &mask->enc_ipv6.src,
1451 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1452 sizeof(key->enc_ipv6.src));
1453 fl_set_key_val(tb, &key->enc_ipv6.dst,
1454 TCA_FLOWER_KEY_ENC_IPV6_DST,
1455 &mask->enc_ipv6.dst,
1456 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1457 sizeof(key->enc_ipv6.dst));
1458 }
1459
1460 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
1461 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
1462 sizeof(key->enc_key_id.keyid));
1463
1464 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1465 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1466 sizeof(key->enc_tp.src));
1467
1468 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1469 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1470 sizeof(key->enc_tp.dst));
1471
1472 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1473
1474 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1475 ret = fl_set_enc_opt(tb, key, mask, extack);
1476 if (ret)
1477 return ret;
1478 }
1479
1480 ret = fl_set_key_ct(tb, &key->ct, &mask->ct, extack);
1481 if (ret)
1482 return ret;
1483
1484 if (tb[TCA_FLOWER_KEY_FLAGS])
1485 ret = fl_set_key_flags(tb, &key->control.flags,
1486 &mask->control.flags, extack);
1487
1488 return ret;
1489}
1490
1491static void fl_mask_copy(struct fl_flow_mask *dst,
1492 struct fl_flow_mask *src)
1493{
1494 const void *psrc = fl_key_get_start(&src->key, src);
1495 void *pdst = fl_key_get_start(&dst->key, src);
1496
1497 memcpy(pdst, psrc, fl_mask_range(src));
1498 dst->range = src->range;
1499}
1500
1501static const struct rhashtable_params fl_ht_params = {
1502 .key_offset = offsetof(struct cls_fl_filter, mkey),
1503 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1504 .automatic_shrinking = true,
1505};
1506
1507static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1508{
1509 mask->filter_ht_params = fl_ht_params;
1510 mask->filter_ht_params.key_len = fl_mask_range(mask);
1511 mask->filter_ht_params.key_offset += mask->range.start;
1512
1513 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1514}
1515
1516#define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1517#define FL_KEY_MEMBER_SIZE(member) sizeof_field(struct fl_flow_key, member)
1518
1519#define FL_KEY_IS_MASKED(mask, member) \
1520 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1521 0, FL_KEY_MEMBER_SIZE(member)) \
1522
1523#define FL_KEY_SET(keys, cnt, id, member) \
1524 do { \
1525 keys[cnt].key_id = id; \
1526 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1527 cnt++; \
1528 } while(0);
1529
1530#define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1531 do { \
1532 if (FL_KEY_IS_MASKED(mask, member)) \
1533 FL_KEY_SET(keys, cnt, id, member); \
1534 } while(0);
1535
1536static void fl_init_dissector(struct flow_dissector *dissector,
1537 struct fl_flow_key *mask)
1538{
1539 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1540 size_t cnt = 0;
1541
1542 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1543 FLOW_DISSECTOR_KEY_META, meta);
1544 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1545 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1546 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1547 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1548 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1549 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1550 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1551 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1552 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1553 FLOW_DISSECTOR_KEY_PORTS, tp);
1554 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1555 FLOW_DISSECTOR_KEY_PORTS_RANGE, tp_range);
1556 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1557 FLOW_DISSECTOR_KEY_IP, ip);
1558 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1559 FLOW_DISSECTOR_KEY_TCP, tcp);
1560 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1561 FLOW_DISSECTOR_KEY_ICMP, icmp);
1562 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1563 FLOW_DISSECTOR_KEY_ARP, arp);
1564 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1565 FLOW_DISSECTOR_KEY_MPLS, mpls);
1566 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1567 FLOW_DISSECTOR_KEY_VLAN, vlan);
1568 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1569 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1570 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1571 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1572 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1573 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1574 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1575 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1576 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1577 FL_KEY_IS_MASKED(mask, enc_ipv6))
1578 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1579 enc_control);
1580 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1581 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1582 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1583 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1584 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1585 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1586 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1587 FLOW_DISSECTOR_KEY_CT, ct);
1588
1589 skb_flow_dissector_init(dissector, keys, cnt);
1590}
1591
1592static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1593 struct fl_flow_mask *mask)
1594{
1595 struct fl_flow_mask *newmask;
1596 int err;
1597
1598 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1599 if (!newmask)
1600 return ERR_PTR(-ENOMEM);
1601
1602 fl_mask_copy(newmask, mask);
1603
1604 if ((newmask->key.tp_range.tp_min.dst &&
1605 newmask->key.tp_range.tp_max.dst) ||
1606 (newmask->key.tp_range.tp_min.src &&
1607 newmask->key.tp_range.tp_max.src))
1608 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
1609
1610 err = fl_init_mask_hashtable(newmask);
1611 if (err)
1612 goto errout_free;
1613
1614 fl_init_dissector(&newmask->dissector, &newmask->key);
1615
1616 INIT_LIST_HEAD_RCU(&newmask->filters);
1617
1618 refcount_set(&newmask->refcnt, 1);
1619 err = rhashtable_replace_fast(&head->ht, &mask->ht_node,
1620 &newmask->ht_node, mask_ht_params);
1621 if (err)
1622 goto errout_destroy;
1623
1624 spin_lock(&head->masks_lock);
1625 list_add_tail_rcu(&newmask->list, &head->masks);
1626 spin_unlock(&head->masks_lock);
1627
1628 return newmask;
1629
1630errout_destroy:
1631 rhashtable_destroy(&newmask->ht);
1632errout_free:
1633 kfree(newmask);
1634
1635 return ERR_PTR(err);
1636}
1637
1638static int fl_check_assign_mask(struct cls_fl_head *head,
1639 struct cls_fl_filter *fnew,
1640 struct cls_fl_filter *fold,
1641 struct fl_flow_mask *mask)
1642{
1643 struct fl_flow_mask *newmask;
1644 int ret = 0;
1645
1646 rcu_read_lock();
1647
1648
1649
1650
1651
1652 fnew->mask = rhashtable_lookup_get_insert_fast(&head->ht,
1653 &mask->ht_node,
1654 mask_ht_params);
1655 if (!fnew->mask) {
1656 rcu_read_unlock();
1657
1658 if (fold) {
1659 ret = -EINVAL;
1660 goto errout_cleanup;
1661 }
1662
1663 newmask = fl_create_new_mask(head, mask);
1664 if (IS_ERR(newmask)) {
1665 ret = PTR_ERR(newmask);
1666 goto errout_cleanup;
1667 }
1668
1669 fnew->mask = newmask;
1670 return 0;
1671 } else if (IS_ERR(fnew->mask)) {
1672 ret = PTR_ERR(fnew->mask);
1673 } else if (fold && fold->mask != fnew->mask) {
1674 ret = -EINVAL;
1675 } else if (!refcount_inc_not_zero(&fnew->mask->refcnt)) {
1676
1677 ret = -EAGAIN;
1678 }
1679 rcu_read_unlock();
1680 return ret;
1681
1682errout_cleanup:
1683 rhashtable_remove_fast(&head->ht, &mask->ht_node,
1684 mask_ht_params);
1685 return ret;
1686}
1687
1688static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1689 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1690 unsigned long base, struct nlattr **tb,
1691 struct nlattr *est, bool ovr,
1692 struct fl_flow_tmplt *tmplt, bool rtnl_held,
1693 struct netlink_ext_ack *extack)
1694{
1695 int err;
1696
1697 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, rtnl_held,
1698 extack);
1699 if (err < 0)
1700 return err;
1701
1702 if (tb[TCA_FLOWER_CLASSID]) {
1703 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1704 if (!rtnl_held)
1705 rtnl_lock();
1706 tcf_bind_filter(tp, &f->res, base);
1707 if (!rtnl_held)
1708 rtnl_unlock();
1709 }
1710
1711 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1712 if (err)
1713 return err;
1714
1715 fl_mask_update_range(mask);
1716 fl_set_masked_key(&f->mkey, &f->key, mask);
1717
1718 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1719 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1720 return -EINVAL;
1721 }
1722
1723 return 0;
1724}
1725
1726static int fl_ht_insert_unique(struct cls_fl_filter *fnew,
1727 struct cls_fl_filter *fold,
1728 bool *in_ht)
1729{
1730 struct fl_flow_mask *mask = fnew->mask;
1731 int err;
1732
1733 err = rhashtable_lookup_insert_fast(&mask->ht,
1734 &fnew->ht_node,
1735 mask->filter_ht_params);
1736 if (err) {
1737 *in_ht = false;
1738
1739
1740
1741 return fold && err == -EEXIST ? 0 : err;
1742 }
1743
1744 *in_ht = true;
1745 return 0;
1746}
1747
1748static int fl_change(struct net *net, struct sk_buff *in_skb,
1749 struct tcf_proto *tp, unsigned long base,
1750 u32 handle, struct nlattr **tca,
1751 void **arg, bool ovr, bool rtnl_held,
1752 struct netlink_ext_ack *extack)
1753{
1754 struct cls_fl_head *head = fl_head_dereference(tp);
1755 struct cls_fl_filter *fold = *arg;
1756 struct cls_fl_filter *fnew;
1757 struct fl_flow_mask *mask;
1758 struct nlattr **tb;
1759 bool in_ht;
1760 int err;
1761
1762 if (!tca[TCA_OPTIONS]) {
1763 err = -EINVAL;
1764 goto errout_fold;
1765 }
1766
1767 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
1768 if (!mask) {
1769 err = -ENOBUFS;
1770 goto errout_fold;
1771 }
1772
1773 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1774 if (!tb) {
1775 err = -ENOBUFS;
1776 goto errout_mask_alloc;
1777 }
1778
1779 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
1780 tca[TCA_OPTIONS], fl_policy, NULL);
1781 if (err < 0)
1782 goto errout_tb;
1783
1784 if (fold && handle && fold->handle != handle) {
1785 err = -EINVAL;
1786 goto errout_tb;
1787 }
1788
1789 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1790 if (!fnew) {
1791 err = -ENOBUFS;
1792 goto errout_tb;
1793 }
1794 INIT_LIST_HEAD(&fnew->hw_list);
1795 refcount_set(&fnew->refcnt, 1);
1796
1797 err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0);
1798 if (err < 0)
1799 goto errout;
1800
1801 if (tb[TCA_FLOWER_FLAGS]) {
1802 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1803
1804 if (!tc_flags_valid(fnew->flags)) {
1805 err = -EINVAL;
1806 goto errout;
1807 }
1808 }
1809
1810 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
1811 tp->chain->tmplt_priv, rtnl_held, extack);
1812 if (err)
1813 goto errout;
1814
1815 err = fl_check_assign_mask(head, fnew, fold, mask);
1816 if (err)
1817 goto errout;
1818
1819 err = fl_ht_insert_unique(fnew, fold, &in_ht);
1820 if (err)
1821 goto errout_mask;
1822
1823 if (!tc_skip_hw(fnew->flags)) {
1824 err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack);
1825 if (err)
1826 goto errout_ht;
1827 }
1828
1829 if (!tc_in_hw(fnew->flags))
1830 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1831
1832 spin_lock(&tp->lock);
1833
1834
1835
1836
1837 if (tp->deleting) {
1838 err = -EAGAIN;
1839 goto errout_hw;
1840 }
1841
1842 if (fold) {
1843
1844 if (fold->deleted) {
1845 err = -EAGAIN;
1846 goto errout_hw;
1847 }
1848
1849 fnew->handle = handle;
1850
1851 if (!in_ht) {
1852 struct rhashtable_params params =
1853 fnew->mask->filter_ht_params;
1854
1855 err = rhashtable_insert_fast(&fnew->mask->ht,
1856 &fnew->ht_node,
1857 params);
1858 if (err)
1859 goto errout_hw;
1860 in_ht = true;
1861 }
1862
1863 refcount_inc(&fnew->refcnt);
1864 rhashtable_remove_fast(&fold->mask->ht,
1865 &fold->ht_node,
1866 fold->mask->filter_ht_params);
1867 idr_replace(&head->handle_idr, fnew, fnew->handle);
1868 list_replace_rcu(&fold->list, &fnew->list);
1869 fold->deleted = true;
1870
1871 spin_unlock(&tp->lock);
1872
1873 fl_mask_put(head, fold->mask);
1874 if (!tc_skip_hw(fold->flags))
1875 fl_hw_destroy_filter(tp, fold, rtnl_held, NULL);
1876 tcf_unbind_filter(tp, &fold->res);
1877
1878
1879
1880 refcount_dec(&fold->refcnt);
1881 __fl_put(fold);
1882 } else {
1883 if (handle) {
1884
1885 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1886 handle, GFP_ATOMIC);
1887
1888
1889
1890
1891
1892
1893
1894 if (err == -ENOSPC)
1895 err = -EAGAIN;
1896 } else {
1897 handle = 1;
1898 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1899 INT_MAX, GFP_ATOMIC);
1900 }
1901 if (err)
1902 goto errout_hw;
1903
1904 refcount_inc(&fnew->refcnt);
1905 fnew->handle = handle;
1906 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1907 spin_unlock(&tp->lock);
1908 }
1909
1910 *arg = fnew;
1911
1912 kfree(tb);
1913 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1914 return 0;
1915
1916errout_ht:
1917 spin_lock(&tp->lock);
1918errout_hw:
1919 fnew->deleted = true;
1920 spin_unlock(&tp->lock);
1921 if (!tc_skip_hw(fnew->flags))
1922 fl_hw_destroy_filter(tp, fnew, rtnl_held, NULL);
1923 if (in_ht)
1924 rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node,
1925 fnew->mask->filter_ht_params);
1926errout_mask:
1927 fl_mask_put(head, fnew->mask);
1928errout:
1929 __fl_put(fnew);
1930errout_tb:
1931 kfree(tb);
1932errout_mask_alloc:
1933 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1934errout_fold:
1935 if (fold)
1936 __fl_put(fold);
1937 return err;
1938}
1939
1940static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1941 bool rtnl_held, struct netlink_ext_ack *extack)
1942{
1943 struct cls_fl_head *head = fl_head_dereference(tp);
1944 struct cls_fl_filter *f = arg;
1945 bool last_on_mask;
1946 int err = 0;
1947
1948 err = __fl_delete(tp, f, &last_on_mask, rtnl_held, extack);
1949 *last = list_empty(&head->masks);
1950 __fl_put(f);
1951
1952 return err;
1953}
1954
1955static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg,
1956 bool rtnl_held)
1957{
1958 struct cls_fl_head *head = fl_head_dereference(tp);
1959 unsigned long id = arg->cookie, tmp;
1960 struct cls_fl_filter *f;
1961
1962 arg->count = arg->skip;
1963
1964 idr_for_each_entry_continue_ul(&head->handle_idr, f, tmp, id) {
1965
1966 if (!refcount_inc_not_zero(&f->refcnt))
1967 continue;
1968 if (arg->fn(tp, f, arg) < 0) {
1969 __fl_put(f);
1970 arg->stop = 1;
1971 break;
1972 }
1973 __fl_put(f);
1974 arg->count++;
1975 }
1976 arg->cookie = id;
1977}
1978
1979static struct cls_fl_filter *
1980fl_get_next_hw_filter(struct tcf_proto *tp, struct cls_fl_filter *f, bool add)
1981{
1982 struct cls_fl_head *head = fl_head_dereference(tp);
1983
1984 spin_lock(&tp->lock);
1985 if (list_empty(&head->hw_filters)) {
1986 spin_unlock(&tp->lock);
1987 return NULL;
1988 }
1989
1990 if (!f)
1991 f = list_entry(&head->hw_filters, struct cls_fl_filter,
1992 hw_list);
1993 list_for_each_entry_continue(f, &head->hw_filters, hw_list) {
1994 if (!(add && f->deleted) && refcount_inc_not_zero(&f->refcnt)) {
1995 spin_unlock(&tp->lock);
1996 return f;
1997 }
1998 }
1999
2000 spin_unlock(&tp->lock);
2001 return NULL;
2002}
2003
2004static int fl_reoffload(struct tcf_proto *tp, bool add, flow_setup_cb_t *cb,
2005 void *cb_priv, struct netlink_ext_ack *extack)
2006{
2007 struct tcf_block *block = tp->chain->block;
2008 struct flow_cls_offload cls_flower = {};
2009 struct cls_fl_filter *f = NULL;
2010 int err;
2011
2012
2013
2014
2015
2016 ASSERT_RTNL();
2017
2018 while ((f = fl_get_next_hw_filter(tp, f, add))) {
2019 cls_flower.rule =
2020 flow_rule_alloc(tcf_exts_num_actions(&f->exts));
2021 if (!cls_flower.rule) {
2022 __fl_put(f);
2023 return -ENOMEM;
2024 }
2025
2026 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags,
2027 extack);
2028 cls_flower.command = add ?
2029 FLOW_CLS_REPLACE : FLOW_CLS_DESTROY;
2030 cls_flower.cookie = (unsigned long)f;
2031 cls_flower.rule->match.dissector = &f->mask->dissector;
2032 cls_flower.rule->match.mask = &f->mask->key;
2033 cls_flower.rule->match.key = &f->mkey;
2034
2035 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts);
2036 if (err) {
2037 kfree(cls_flower.rule);
2038 if (tc_skip_sw(f->flags)) {
2039 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
2040 __fl_put(f);
2041 return err;
2042 }
2043 goto next_flow;
2044 }
2045
2046 cls_flower.classid = f->res.classid;
2047
2048 err = tc_setup_cb_reoffload(block, tp, add, cb,
2049 TC_SETUP_CLSFLOWER, &cls_flower,
2050 cb_priv, &f->flags,
2051 &f->in_hw_count);
2052 tc_cleanup_flow_action(&cls_flower.rule->action);
2053 kfree(cls_flower.rule);
2054
2055 if (err) {
2056 __fl_put(f);
2057 return err;
2058 }
2059next_flow:
2060 __fl_put(f);
2061 }
2062
2063 return 0;
2064}
2065
2066static void fl_hw_add(struct tcf_proto *tp, void *type_data)
2067{
2068 struct flow_cls_offload *cls_flower = type_data;
2069 struct cls_fl_filter *f =
2070 (struct cls_fl_filter *) cls_flower->cookie;
2071 struct cls_fl_head *head = fl_head_dereference(tp);
2072
2073 spin_lock(&tp->lock);
2074 list_add(&f->hw_list, &head->hw_filters);
2075 spin_unlock(&tp->lock);
2076}
2077
2078static void fl_hw_del(struct tcf_proto *tp, void *type_data)
2079{
2080 struct flow_cls_offload *cls_flower = type_data;
2081 struct cls_fl_filter *f =
2082 (struct cls_fl_filter *) cls_flower->cookie;
2083
2084 spin_lock(&tp->lock);
2085 if (!list_empty(&f->hw_list))
2086 list_del_init(&f->hw_list);
2087 spin_unlock(&tp->lock);
2088}
2089
2090static int fl_hw_create_tmplt(struct tcf_chain *chain,
2091 struct fl_flow_tmplt *tmplt)
2092{
2093 struct flow_cls_offload cls_flower = {};
2094 struct tcf_block *block = chain->block;
2095
2096 cls_flower.rule = flow_rule_alloc(0);
2097 if (!cls_flower.rule)
2098 return -ENOMEM;
2099
2100 cls_flower.common.chain_index = chain->index;
2101 cls_flower.command = FLOW_CLS_TMPLT_CREATE;
2102 cls_flower.cookie = (unsigned long) tmplt;
2103 cls_flower.rule->match.dissector = &tmplt->dissector;
2104 cls_flower.rule->match.mask = &tmplt->mask;
2105 cls_flower.rule->match.key = &tmplt->dummy_key;
2106
2107
2108
2109
2110 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
2111 kfree(cls_flower.rule);
2112
2113 return 0;
2114}
2115
2116static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
2117 struct fl_flow_tmplt *tmplt)
2118{
2119 struct flow_cls_offload cls_flower = {};
2120 struct tcf_block *block = chain->block;
2121
2122 cls_flower.common.chain_index = chain->index;
2123 cls_flower.command = FLOW_CLS_TMPLT_DESTROY;
2124 cls_flower.cookie = (unsigned long) tmplt;
2125
2126 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
2127}
2128
2129static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
2130 struct nlattr **tca,
2131 struct netlink_ext_ack *extack)
2132{
2133 struct fl_flow_tmplt *tmplt;
2134 struct nlattr **tb;
2135 int err;
2136
2137 if (!tca[TCA_OPTIONS])
2138 return ERR_PTR(-EINVAL);
2139
2140 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
2141 if (!tb)
2142 return ERR_PTR(-ENOBUFS);
2143 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
2144 tca[TCA_OPTIONS], fl_policy, NULL);
2145 if (err)
2146 goto errout_tb;
2147
2148 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
2149 if (!tmplt) {
2150 err = -ENOMEM;
2151 goto errout_tb;
2152 }
2153 tmplt->chain = chain;
2154 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
2155 if (err)
2156 goto errout_tmplt;
2157
2158 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
2159
2160 err = fl_hw_create_tmplt(chain, tmplt);
2161 if (err)
2162 goto errout_tmplt;
2163
2164 kfree(tb);
2165 return tmplt;
2166
2167errout_tmplt:
2168 kfree(tmplt);
2169errout_tb:
2170 kfree(tb);
2171 return ERR_PTR(err);
2172}
2173
2174static void fl_tmplt_destroy(void *tmplt_priv)
2175{
2176 struct fl_flow_tmplt *tmplt = tmplt_priv;
2177
2178 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
2179 kfree(tmplt);
2180}
2181
2182static int fl_dump_key_val(struct sk_buff *skb,
2183 void *val, int val_type,
2184 void *mask, int mask_type, int len)
2185{
2186 int err;
2187
2188 if (!memchr_inv(mask, 0, len))
2189 return 0;
2190 err = nla_put(skb, val_type, len, val);
2191 if (err)
2192 return err;
2193 if (mask_type != TCA_FLOWER_UNSPEC) {
2194 err = nla_put(skb, mask_type, len, mask);
2195 if (err)
2196 return err;
2197 }
2198 return 0;
2199}
2200
2201static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
2202 struct fl_flow_key *mask)
2203{
2204 if (fl_dump_key_val(skb, &key->tp_range.tp_min.dst,
2205 TCA_FLOWER_KEY_PORT_DST_MIN,
2206 &mask->tp_range.tp_min.dst, TCA_FLOWER_UNSPEC,
2207 sizeof(key->tp_range.tp_min.dst)) ||
2208 fl_dump_key_val(skb, &key->tp_range.tp_max.dst,
2209 TCA_FLOWER_KEY_PORT_DST_MAX,
2210 &mask->tp_range.tp_max.dst, TCA_FLOWER_UNSPEC,
2211 sizeof(key->tp_range.tp_max.dst)) ||
2212 fl_dump_key_val(skb, &key->tp_range.tp_min.src,
2213 TCA_FLOWER_KEY_PORT_SRC_MIN,
2214 &mask->tp_range.tp_min.src, TCA_FLOWER_UNSPEC,
2215 sizeof(key->tp_range.tp_min.src)) ||
2216 fl_dump_key_val(skb, &key->tp_range.tp_max.src,
2217 TCA_FLOWER_KEY_PORT_SRC_MAX,
2218 &mask->tp_range.tp_max.src, TCA_FLOWER_UNSPEC,
2219 sizeof(key->tp_range.tp_max.src)))
2220 return -1;
2221
2222 return 0;
2223}
2224
2225static int fl_dump_key_mpls(struct sk_buff *skb,
2226 struct flow_dissector_key_mpls *mpls_key,
2227 struct flow_dissector_key_mpls *mpls_mask)
2228{
2229 int err;
2230
2231 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
2232 return 0;
2233 if (mpls_mask->mpls_ttl) {
2234 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
2235 mpls_key->mpls_ttl);
2236 if (err)
2237 return err;
2238 }
2239 if (mpls_mask->mpls_tc) {
2240 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
2241 mpls_key->mpls_tc);
2242 if (err)
2243 return err;
2244 }
2245 if (mpls_mask->mpls_label) {
2246 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
2247 mpls_key->mpls_label);
2248 if (err)
2249 return err;
2250 }
2251 if (mpls_mask->mpls_bos) {
2252 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
2253 mpls_key->mpls_bos);
2254 if (err)
2255 return err;
2256 }
2257 return 0;
2258}
2259
2260static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
2261 struct flow_dissector_key_ip *key,
2262 struct flow_dissector_key_ip *mask)
2263{
2264 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
2265 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
2266 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
2267 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
2268
2269 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
2270 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
2271 return -1;
2272
2273 return 0;
2274}
2275
2276static int fl_dump_key_vlan(struct sk_buff *skb,
2277 int vlan_id_key, int vlan_prio_key,
2278 struct flow_dissector_key_vlan *vlan_key,
2279 struct flow_dissector_key_vlan *vlan_mask)
2280{
2281 int err;
2282
2283 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
2284 return 0;
2285 if (vlan_mask->vlan_id) {
2286 err = nla_put_u16(skb, vlan_id_key,
2287 vlan_key->vlan_id);
2288 if (err)
2289 return err;
2290 }
2291 if (vlan_mask->vlan_priority) {
2292 err = nla_put_u8(skb, vlan_prio_key,
2293 vlan_key->vlan_priority);
2294 if (err)
2295 return err;
2296 }
2297 return 0;
2298}
2299
2300static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
2301 u32 *flower_key, u32 *flower_mask,
2302 u32 flower_flag_bit, u32 dissector_flag_bit)
2303{
2304 if (dissector_mask & dissector_flag_bit) {
2305 *flower_mask |= flower_flag_bit;
2306 if (dissector_key & dissector_flag_bit)
2307 *flower_key |= flower_flag_bit;
2308 }
2309}
2310
2311static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
2312{
2313 u32 key, mask;
2314 __be32 _key, _mask;
2315 int err;
2316
2317 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
2318 return 0;
2319
2320 key = 0;
2321 mask = 0;
2322
2323 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2324 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
2325 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2326 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
2327 FLOW_DIS_FIRST_FRAG);
2328
2329 _key = cpu_to_be32(key);
2330 _mask = cpu_to_be32(mask);
2331
2332 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
2333 if (err)
2334 return err;
2335
2336 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
2337}
2338
2339static int fl_dump_key_geneve_opt(struct sk_buff *skb,
2340 struct flow_dissector_key_enc_opts *enc_opts)
2341{
2342 struct geneve_opt *opt;
2343 struct nlattr *nest;
2344 int opt_off = 0;
2345
2346 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
2347 if (!nest)
2348 goto nla_put_failure;
2349
2350 while (enc_opts->len > opt_off) {
2351 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
2352
2353 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
2354 opt->opt_class))
2355 goto nla_put_failure;
2356 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
2357 opt->type))
2358 goto nla_put_failure;
2359 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
2360 opt->length * 4, opt->opt_data))
2361 goto nla_put_failure;
2362
2363 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
2364 }
2365 nla_nest_end(skb, nest);
2366 return 0;
2367
2368nla_put_failure:
2369 nla_nest_cancel(skb, nest);
2370 return -EMSGSIZE;
2371}
2372
2373static int fl_dump_key_vxlan_opt(struct sk_buff *skb,
2374 struct flow_dissector_key_enc_opts *enc_opts)
2375{
2376 struct vxlan_metadata *md;
2377 struct nlattr *nest;
2378
2379 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_VXLAN);
2380 if (!nest)
2381 goto nla_put_failure;
2382
2383 md = (struct vxlan_metadata *)&enc_opts->data[0];
2384 if (nla_put_u32(skb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP, md->gbp))
2385 goto nla_put_failure;
2386
2387 nla_nest_end(skb, nest);
2388 return 0;
2389
2390nla_put_failure:
2391 nla_nest_cancel(skb, nest);
2392 return -EMSGSIZE;
2393}
2394
2395static int fl_dump_key_erspan_opt(struct sk_buff *skb,
2396 struct flow_dissector_key_enc_opts *enc_opts)
2397{
2398 struct erspan_metadata *md;
2399 struct nlattr *nest;
2400
2401 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_ERSPAN);
2402 if (!nest)
2403 goto nla_put_failure;
2404
2405 md = (struct erspan_metadata *)&enc_opts->data[0];
2406 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER, md->version))
2407 goto nla_put_failure;
2408
2409 if (md->version == 1 &&
2410 nla_put_be32(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index))
2411 goto nla_put_failure;
2412
2413 if (md->version == 2 &&
2414 (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR,
2415 md->u.md2.dir) ||
2416 nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID,
2417 get_hwid(&md->u.md2))))
2418 goto nla_put_failure;
2419
2420 nla_nest_end(skb, nest);
2421 return 0;
2422
2423nla_put_failure:
2424 nla_nest_cancel(skb, nest);
2425 return -EMSGSIZE;
2426}
2427
2428static int fl_dump_key_ct(struct sk_buff *skb,
2429 struct flow_dissector_key_ct *key,
2430 struct flow_dissector_key_ct *mask)
2431{
2432 if (IS_ENABLED(CONFIG_NF_CONNTRACK) &&
2433 fl_dump_key_val(skb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
2434 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
2435 sizeof(key->ct_state)))
2436 goto nla_put_failure;
2437
2438 if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) &&
2439 fl_dump_key_val(skb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
2440 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
2441 sizeof(key->ct_zone)))
2442 goto nla_put_failure;
2443
2444 if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) &&
2445 fl_dump_key_val(skb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
2446 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
2447 sizeof(key->ct_mark)))
2448 goto nla_put_failure;
2449
2450 if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) &&
2451 fl_dump_key_val(skb, &key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
2452 &mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
2453 sizeof(key->ct_labels)))
2454 goto nla_put_failure;
2455
2456 return 0;
2457
2458nla_put_failure:
2459 return -EMSGSIZE;
2460}
2461
2462static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
2463 struct flow_dissector_key_enc_opts *enc_opts)
2464{
2465 struct nlattr *nest;
2466 int err;
2467
2468 if (!enc_opts->len)
2469 return 0;
2470
2471 nest = nla_nest_start_noflag(skb, enc_opt_type);
2472 if (!nest)
2473 goto nla_put_failure;
2474
2475 switch (enc_opts->dst_opt_type) {
2476 case TUNNEL_GENEVE_OPT:
2477 err = fl_dump_key_geneve_opt(skb, enc_opts);
2478 if (err)
2479 goto nla_put_failure;
2480 break;
2481 case TUNNEL_VXLAN_OPT:
2482 err = fl_dump_key_vxlan_opt(skb, enc_opts);
2483 if (err)
2484 goto nla_put_failure;
2485 break;
2486 case TUNNEL_ERSPAN_OPT:
2487 err = fl_dump_key_erspan_opt(skb, enc_opts);
2488 if (err)
2489 goto nla_put_failure;
2490 break;
2491 default:
2492 goto nla_put_failure;
2493 }
2494 nla_nest_end(skb, nest);
2495 return 0;
2496
2497nla_put_failure:
2498 nla_nest_cancel(skb, nest);
2499 return -EMSGSIZE;
2500}
2501
2502static int fl_dump_key_enc_opt(struct sk_buff *skb,
2503 struct flow_dissector_key_enc_opts *key_opts,
2504 struct flow_dissector_key_enc_opts *msk_opts)
2505{
2506 int err;
2507
2508 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
2509 if (err)
2510 return err;
2511
2512 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
2513}
2514
2515static int fl_dump_key(struct sk_buff *skb, struct net *net,
2516 struct fl_flow_key *key, struct fl_flow_key *mask)
2517{
2518 if (mask->meta.ingress_ifindex) {
2519 struct net_device *dev;
2520
2521 dev = __dev_get_by_index(net, key->meta.ingress_ifindex);
2522 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
2523 goto nla_put_failure;
2524 }
2525
2526 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
2527 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
2528 sizeof(key->eth.dst)) ||
2529 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
2530 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
2531 sizeof(key->eth.src)) ||
2532 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
2533 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
2534 sizeof(key->basic.n_proto)))
2535 goto nla_put_failure;
2536
2537 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
2538 goto nla_put_failure;
2539
2540 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
2541 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
2542 goto nla_put_failure;
2543
2544 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
2545 TCA_FLOWER_KEY_CVLAN_PRIO,
2546 &key->cvlan, &mask->cvlan) ||
2547 (mask->cvlan.vlan_tpid &&
2548 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2549 key->cvlan.vlan_tpid)))
2550 goto nla_put_failure;
2551
2552 if (mask->basic.n_proto) {
2553 if (mask->cvlan.vlan_tpid) {
2554 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
2555 key->basic.n_proto))
2556 goto nla_put_failure;
2557 } else if (mask->vlan.vlan_tpid) {
2558 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2559 key->basic.n_proto))
2560 goto nla_put_failure;
2561 }
2562 }
2563
2564 if ((key->basic.n_proto == htons(ETH_P_IP) ||
2565 key->basic.n_proto == htons(ETH_P_IPV6)) &&
2566 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
2567 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
2568 sizeof(key->basic.ip_proto)) ||
2569 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
2570 goto nla_put_failure;
2571
2572 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2573 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
2574 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
2575 sizeof(key->ipv4.src)) ||
2576 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
2577 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
2578 sizeof(key->ipv4.dst))))
2579 goto nla_put_failure;
2580 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2581 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
2582 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
2583 sizeof(key->ipv6.src)) ||
2584 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
2585 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
2586 sizeof(key->ipv6.dst))))
2587 goto nla_put_failure;
2588
2589 if (key->basic.ip_proto == IPPROTO_TCP &&
2590 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
2591 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
2592 sizeof(key->tp.src)) ||
2593 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
2594 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
2595 sizeof(key->tp.dst)) ||
2596 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
2597 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
2598 sizeof(key->tcp.flags))))
2599 goto nla_put_failure;
2600 else if (key->basic.ip_proto == IPPROTO_UDP &&
2601 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
2602 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
2603 sizeof(key->tp.src)) ||
2604 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
2605 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
2606 sizeof(key->tp.dst))))
2607 goto nla_put_failure;
2608 else if (key->basic.ip_proto == IPPROTO_SCTP &&
2609 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
2610 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
2611 sizeof(key->tp.src)) ||
2612 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
2613 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
2614 sizeof(key->tp.dst))))
2615 goto nla_put_failure;
2616 else if (key->basic.n_proto == htons(ETH_P_IP) &&
2617 key->basic.ip_proto == IPPROTO_ICMP &&
2618 (fl_dump_key_val(skb, &key->icmp.type,
2619 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
2620 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
2621 sizeof(key->icmp.type)) ||
2622 fl_dump_key_val(skb, &key->icmp.code,
2623 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
2624 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
2625 sizeof(key->icmp.code))))
2626 goto nla_put_failure;
2627 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
2628 key->basic.ip_proto == IPPROTO_ICMPV6 &&
2629 (fl_dump_key_val(skb, &key->icmp.type,
2630 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
2631 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
2632 sizeof(key->icmp.type)) ||
2633 fl_dump_key_val(skb, &key->icmp.code,
2634 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
2635 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
2636 sizeof(key->icmp.code))))
2637 goto nla_put_failure;
2638 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
2639 key->basic.n_proto == htons(ETH_P_RARP)) &&
2640 (fl_dump_key_val(skb, &key->arp.sip,
2641 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
2642 TCA_FLOWER_KEY_ARP_SIP_MASK,
2643 sizeof(key->arp.sip)) ||
2644 fl_dump_key_val(skb, &key->arp.tip,
2645 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
2646 TCA_FLOWER_KEY_ARP_TIP_MASK,
2647 sizeof(key->arp.tip)) ||
2648 fl_dump_key_val(skb, &key->arp.op,
2649 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
2650 TCA_FLOWER_KEY_ARP_OP_MASK,
2651 sizeof(key->arp.op)) ||
2652 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
2653 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
2654 sizeof(key->arp.sha)) ||
2655 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
2656 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
2657 sizeof(key->arp.tha))))
2658 goto nla_put_failure;
2659
2660 if ((key->basic.ip_proto == IPPROTO_TCP ||
2661 key->basic.ip_proto == IPPROTO_UDP ||
2662 key->basic.ip_proto == IPPROTO_SCTP) &&
2663 fl_dump_key_port_range(skb, key, mask))
2664 goto nla_put_failure;
2665
2666 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2667 (fl_dump_key_val(skb, &key->enc_ipv4.src,
2668 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
2669 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
2670 sizeof(key->enc_ipv4.src)) ||
2671 fl_dump_key_val(skb, &key->enc_ipv4.dst,
2672 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
2673 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
2674 sizeof(key->enc_ipv4.dst))))
2675 goto nla_put_failure;
2676 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2677 (fl_dump_key_val(skb, &key->enc_ipv6.src,
2678 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
2679 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
2680 sizeof(key->enc_ipv6.src)) ||
2681 fl_dump_key_val(skb, &key->enc_ipv6.dst,
2682 TCA_FLOWER_KEY_ENC_IPV6_DST,
2683 &mask->enc_ipv6.dst,
2684 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
2685 sizeof(key->enc_ipv6.dst))))
2686 goto nla_put_failure;
2687
2688 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
2689 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
2690 sizeof(key->enc_key_id)) ||
2691 fl_dump_key_val(skb, &key->enc_tp.src,
2692 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
2693 &mask->enc_tp.src,
2694 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
2695 sizeof(key->enc_tp.src)) ||
2696 fl_dump_key_val(skb, &key->enc_tp.dst,
2697 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
2698 &mask->enc_tp.dst,
2699 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
2700 sizeof(key->enc_tp.dst)) ||
2701 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
2702 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
2703 goto nla_put_failure;
2704
2705 if (fl_dump_key_ct(skb, &key->ct, &mask->ct))
2706 goto nla_put_failure;
2707
2708 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
2709 goto nla_put_failure;
2710
2711 return 0;
2712
2713nla_put_failure:
2714 return -EMSGSIZE;
2715}
2716
2717static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
2718 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
2719{
2720 struct cls_fl_filter *f = fh;
2721 struct nlattr *nest;
2722 struct fl_flow_key *key, *mask;
2723 bool skip_hw;
2724
2725 if (!f)
2726 return skb->len;
2727
2728 t->tcm_handle = f->handle;
2729
2730 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2731 if (!nest)
2732 goto nla_put_failure;
2733
2734 spin_lock(&tp->lock);
2735
2736 if (f->res.classid &&
2737 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
2738 goto nla_put_failure_locked;
2739
2740 key = &f->key;
2741 mask = &f->mask->key;
2742 skip_hw = tc_skip_hw(f->flags);
2743
2744 if (fl_dump_key(skb, net, key, mask))
2745 goto nla_put_failure_locked;
2746
2747 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
2748 goto nla_put_failure_locked;
2749
2750 spin_unlock(&tp->lock);
2751
2752 if (!skip_hw)
2753 fl_hw_update_stats(tp, f, rtnl_held);
2754
2755 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
2756 goto nla_put_failure;
2757
2758 if (tcf_exts_dump(skb, &f->exts))
2759 goto nla_put_failure;
2760
2761 nla_nest_end(skb, nest);
2762
2763 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
2764 goto nla_put_failure;
2765
2766 return skb->len;
2767
2768nla_put_failure_locked:
2769 spin_unlock(&tp->lock);
2770nla_put_failure:
2771 nla_nest_cancel(skb, nest);
2772 return -1;
2773}
2774
2775static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
2776{
2777 struct fl_flow_tmplt *tmplt = tmplt_priv;
2778 struct fl_flow_key *key, *mask;
2779 struct nlattr *nest;
2780
2781 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2782 if (!nest)
2783 goto nla_put_failure;
2784
2785 key = &tmplt->dummy_key;
2786 mask = &tmplt->mask;
2787
2788 if (fl_dump_key(skb, net, key, mask))
2789 goto nla_put_failure;
2790
2791 nla_nest_end(skb, nest);
2792
2793 return skb->len;
2794
2795nla_put_failure:
2796 nla_nest_cancel(skb, nest);
2797 return -EMSGSIZE;
2798}
2799
2800static void fl_bind_class(void *fh, u32 classid, unsigned long cl, void *q,
2801 unsigned long base)
2802{
2803 struct cls_fl_filter *f = fh;
2804
2805 if (f && f->res.classid == classid) {
2806 if (cl)
2807 __tcf_bind_filter(q, &f->res, base);
2808 else
2809 __tcf_unbind_filter(q, &f->res);
2810 }
2811}
2812
2813static bool fl_delete_empty(struct tcf_proto *tp)
2814{
2815 struct cls_fl_head *head = fl_head_dereference(tp);
2816
2817 spin_lock(&tp->lock);
2818 tp->deleting = idr_is_empty(&head->handle_idr);
2819 spin_unlock(&tp->lock);
2820
2821 return tp->deleting;
2822}
2823
2824static struct tcf_proto_ops cls_fl_ops __read_mostly = {
2825 .kind = "flower",
2826 .classify = fl_classify,
2827 .init = fl_init,
2828 .destroy = fl_destroy,
2829 .get = fl_get,
2830 .put = fl_put,
2831 .change = fl_change,
2832 .delete = fl_delete,
2833 .delete_empty = fl_delete_empty,
2834 .walk = fl_walk,
2835 .reoffload = fl_reoffload,
2836 .hw_add = fl_hw_add,
2837 .hw_del = fl_hw_del,
2838 .dump = fl_dump,
2839 .bind_class = fl_bind_class,
2840 .tmplt_create = fl_tmplt_create,
2841 .tmplt_destroy = fl_tmplt_destroy,
2842 .tmplt_dump = fl_tmplt_dump,
2843 .owner = THIS_MODULE,
2844 .flags = TCF_PROTO_OPS_DOIT_UNLOCKED,
2845};
2846
2847static int __init cls_fl_init(void)
2848{
2849 return register_tcf_proto_ops(&cls_fl_ops);
2850}
2851
2852static void __exit cls_fl_exit(void)
2853{
2854 unregister_tcf_proto_ops(&cls_fl_ops);
2855}
2856
2857module_init(cls_fl_init);
2858module_exit(cls_fl_exit);
2859
2860MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2861MODULE_DESCRIPTION("Flower classifier");
2862MODULE_LICENSE("GPL v2");
2863
