1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/types.h>
24#include <linux/kernel.h>
25#include <linux/string.h>
26#include <linux/errno.h>
27#include <linux/skbuff.h>
28#include <net/netlink.h>
29#include <net/act_api.h>
30#include <net/pkt_cls.h>
31
32#define HTSIZE 256
33
34struct fw_head {
35 u32 mask;
36 struct fw_filter __rcu *ht[HTSIZE];
37 struct rcu_head rcu;
38};
39
40struct fw_filter {
41 struct fw_filter __rcu *next;
42 u32 id;
43 struct tcf_result res;
44#ifdef CONFIG_NET_CLS_IND
45 int ifindex;
46#endif
47 struct tcf_exts exts;
48 struct tcf_proto *tp;
49 struct rcu_head rcu;
50};
51
52static u32 fw_hash(u32 handle)
53{
54 handle ^= (handle >> 16);
55 handle ^= (handle >> 8);
56 return handle % HTSIZE;
57}
58
59static int fw_classify(struct sk_buff *skb, const struct tcf_proto *tp,
60 struct tcf_result *res)
61{
62 struct fw_head *head = rcu_dereference_bh(tp->root);
63 struct fw_filter *f;
64 int r;
65 u32 id = skb->mark;
66
67 if (head != NULL) {
68 id &= head->mask;
69
70 for (f = rcu_dereference_bh(head->ht[fw_hash(id)]); f;
71 f = rcu_dereference_bh(f->next)) {
72 if (f->id == id) {
73 *res = f->res;
74#ifdef CONFIG_NET_CLS_IND
75 if (!tcf_match_indev(skb, f->ifindex))
76 continue;
77#endif
78 r = tcf_exts_exec(skb, &f->exts, res);
79 if (r < 0)
80 continue;
81
82 return r;
83 }
84 }
85 } else {
86
87 if (id && (TC_H_MAJ(id) == 0 ||
88 !(TC_H_MAJ(id ^ tp->q->handle)))) {
89 res->classid = id;
90 res->class = 0;
91 return 0;
92 }
93 }
94
95 return -1;
96}
97
98static unsigned long fw_get(struct tcf_proto *tp, u32 handle)
99{
100 struct fw_head *head = rtnl_dereference(tp->root);
101 struct fw_filter *f;
102
103 if (head == NULL)
104 return 0;
105
106 f = rtnl_dereference(head->ht[fw_hash(handle)]);
107 for (; f; f = rtnl_dereference(f->next)) {
108 if (f->id == handle)
109 return (unsigned long)f;
110 }
111 return 0;
112}
113
114static int fw_init(struct tcf_proto *tp)
115{
116
117
118
119 return 0;
120}
121
122static void fw_delete_filter(struct rcu_head *head)
123{
124 struct fw_filter *f = container_of(head, struct fw_filter, rcu);
125
126 tcf_exts_destroy(&f->exts);
127 kfree(f);
128}
129
130static bool fw_destroy(struct tcf_proto *tp, bool force)
131{
132 struct fw_head *head = rtnl_dereference(tp->root);
133 struct fw_filter *f;
134 int h;
135
136 if (head == NULL)
137 return true;
138
139 if (!force) {
140 for (h = 0; h < HTSIZE; h++)
141 if (rcu_access_pointer(head->ht[h]))
142 return false;
143 }
144
145 for (h = 0; h < HTSIZE; h++) {
146 while ((f = rtnl_dereference(head->ht[h])) != NULL) {
147 RCU_INIT_POINTER(head->ht[h],
148 rtnl_dereference(f->next));
149 tcf_unbind_filter(tp, &f->res);
150 call_rcu(&f->rcu, fw_delete_filter);
151 }
152 }
153 RCU_INIT_POINTER(tp->root, NULL);
154 kfree_rcu(head, rcu);
155 return true;
156}
157
158static int fw_delete(struct tcf_proto *tp, unsigned long arg)
159{
160 struct fw_head *head = rtnl_dereference(tp->root);
161 struct fw_filter *f = (struct fw_filter *)arg;
162 struct fw_filter __rcu **fp;
163 struct fw_filter *pfp;
164
165 if (head == NULL || f == NULL)
166 goto out;
167
168 fp = &head->ht[fw_hash(f->id)];
169
170 for (pfp = rtnl_dereference(*fp); pfp;
171 fp = &pfp->next, pfp = rtnl_dereference(*fp)) {
172 if (pfp == f) {
173 RCU_INIT_POINTER(*fp, rtnl_dereference(f->next));
174 tcf_unbind_filter(tp, &f->res);
175 call_rcu(&f->rcu, fw_delete_filter);
176 return 0;
177 }
178 }
179out:
180 return -EINVAL;
181}
182
183static const struct nla_policy fw_policy[TCA_FW_MAX + 1] = {
184 [TCA_FW_CLASSID] = { .type = NLA_U32 },
185 [TCA_FW_INDEV] = { .type = NLA_STRING, .len = IFNAMSIZ },
186 [TCA_FW_MASK] = { .type = NLA_U32 },
187};
188
189static int
190fw_change_attrs(struct net *net, struct tcf_proto *tp, struct fw_filter *f,
191 struct nlattr **tb, struct nlattr **tca, unsigned long base,
192 bool ovr)
193{
194 struct fw_head *head = rtnl_dereference(tp->root);
195 struct tcf_exts e;
196 u32 mask;
197 int err;
198
199 err = tcf_exts_init(&e, TCA_FW_ACT, TCA_FW_POLICE);
200 if (err < 0)
201 return err;
202 err = tcf_exts_validate(net, tp, tb, tca[TCA_RATE], &e, ovr);
203 if (err < 0)
204 goto errout;
205
206 if (tb[TCA_FW_CLASSID]) {
207 f->res.classid = nla_get_u32(tb[TCA_FW_CLASSID]);
208 tcf_bind_filter(tp, &f->res, base);
209 }
210
211#ifdef CONFIG_NET_CLS_IND
212 if (tb[TCA_FW_INDEV]) {
213 int ret;
214 ret = tcf_change_indev(net, tb[TCA_FW_INDEV]);
215 if (ret < 0) {
216 err = ret;
217 goto errout;
218 }
219 f->ifindex = ret;
220 }
221#endif
222
223 err = -EINVAL;
224 if (tb[TCA_FW_MASK]) {
225 mask = nla_get_u32(tb[TCA_FW_MASK]);
226 if (mask != head->mask)
227 goto errout;
228 } else if (head->mask != 0xFFFFFFFF)
229 goto errout;
230
231 tcf_exts_change(tp, &f->exts, &e);
232
233 return 0;
234errout:
235 tcf_exts_destroy(&e);
236 return err;
237}
238
239static int fw_change(struct net *net, struct sk_buff *in_skb,
240 struct tcf_proto *tp, unsigned long base,
241 u32 handle, struct nlattr **tca, unsigned long *arg,
242 bool ovr)
243{
244 struct fw_head *head = rtnl_dereference(tp->root);
245 struct fw_filter *f = (struct fw_filter *) *arg;
246 struct nlattr *opt = tca[TCA_OPTIONS];
247 struct nlattr *tb[TCA_FW_MAX + 1];
248 int err;
249
250 if (!opt)
251 return handle ? -EINVAL : 0;
252
253 err = nla_parse_nested(tb, TCA_FW_MAX, opt, fw_policy);
254 if (err < 0)
255 return err;
256
257 if (f) {
258 struct fw_filter *pfp, *fnew;
259 struct fw_filter __rcu **fp;
260
261 if (f->id != handle && handle)
262 return -EINVAL;
263
264 fnew = kzalloc(sizeof(struct fw_filter), GFP_KERNEL);
265 if (!fnew)
266 return -ENOBUFS;
267
268 fnew->id = f->id;
269 fnew->res = f->res;
270#ifdef CONFIG_NET_CLS_IND
271 fnew->ifindex = f->ifindex;
272#endif
273 fnew->tp = f->tp;
274
275 err = tcf_exts_init(&fnew->exts, TCA_FW_ACT, TCA_FW_POLICE);
276 if (err < 0) {
277 kfree(fnew);
278 return err;
279 }
280
281 err = fw_change_attrs(net, tp, fnew, tb, tca, base, ovr);
282 if (err < 0) {
283 tcf_exts_destroy(&fnew->exts);
284 kfree(fnew);
285 return err;
286 }
287
288 fp = &head->ht[fw_hash(fnew->id)];
289 for (pfp = rtnl_dereference(*fp); pfp;
290 fp = &pfp->next, pfp = rtnl_dereference(*fp))
291 if (pfp == f)
292 break;
293
294 RCU_INIT_POINTER(fnew->next, rtnl_dereference(pfp->next));
295 rcu_assign_pointer(*fp, fnew);
296 tcf_unbind_filter(tp, &f->res);
297 call_rcu(&f->rcu, fw_delete_filter);
298
299 *arg = (unsigned long)fnew;
300 return err;
301 }
302
303 if (!handle)
304 return -EINVAL;
305
306 if (!head) {
307 u32 mask = 0xFFFFFFFF;
308 if (tb[TCA_FW_MASK])
309 mask = nla_get_u32(tb[TCA_FW_MASK]);
310
311 head = kzalloc(sizeof(*head), GFP_KERNEL);
312 if (!head)
313 return -ENOBUFS;
314 head->mask = mask;
315
316 rcu_assign_pointer(tp->root, head);
317 }
318
319 f = kzalloc(sizeof(struct fw_filter), GFP_KERNEL);
320 if (f == NULL)
321 return -ENOBUFS;
322
323 err = tcf_exts_init(&f->exts, TCA_FW_ACT, TCA_FW_POLICE);
324 if (err < 0)
325 goto errout;
326 f->id = handle;
327 f->tp = tp;
328
329 err = fw_change_attrs(net, tp, f, tb, tca, base, ovr);
330 if (err < 0)
331 goto errout;
332
333 RCU_INIT_POINTER(f->next, head->ht[fw_hash(handle)]);
334 rcu_assign_pointer(head->ht[fw_hash(handle)], f);
335
336 *arg = (unsigned long)f;
337 return 0;
338
339errout:
340 tcf_exts_destroy(&f->exts);
341 kfree(f);
342 return err;
343}
344
345static void fw_walk(struct tcf_proto *tp, struct tcf_walker *arg)
346{
347 struct fw_head *head = rtnl_dereference(tp->root);
348 int h;
349
350 if (head == NULL)
351 arg->stop = 1;
352
353 if (arg->stop)
354 return;
355
356 for (h = 0; h < HTSIZE; h++) {
357 struct fw_filter *f;
358
359 for (f = rtnl_dereference(head->ht[h]); f;
360 f = rtnl_dereference(f->next)) {
361 if (arg->count < arg->skip) {
362 arg->count++;
363 continue;
364 }
365 if (arg->fn(tp, (unsigned long)f, arg) < 0) {
366 arg->stop = 1;
367 return;
368 }
369 arg->count++;
370 }
371 }
372}
373
374static int fw_dump(struct net *net, struct tcf_proto *tp, unsigned long fh,
375 struct sk_buff *skb, struct tcmsg *t)
376{
377 struct fw_head *head = rtnl_dereference(tp->root);
378 struct fw_filter *f = (struct fw_filter *)fh;
379 struct nlattr *nest;
380
381 if (f == NULL)
382 return skb->len;
383
384 t->tcm_handle = f->id;
385
386 if (!f->res.classid && !tcf_exts_is_available(&f->exts))
387 return skb->len;
388
389 nest = nla_nest_start(skb, TCA_OPTIONS);
390 if (nest == NULL)
391 goto nla_put_failure;
392
393 if (f->res.classid &&
394 nla_put_u32(skb, TCA_FW_CLASSID, f->res.classid))
395 goto nla_put_failure;
396#ifdef CONFIG_NET_CLS_IND
397 if (f->ifindex) {
398 struct net_device *dev;
399 dev = __dev_get_by_index(net, f->ifindex);
400 if (dev && nla_put_string(skb, TCA_FW_INDEV, dev->name))
401 goto nla_put_failure;
402 }
403#endif
404 if (head->mask != 0xFFFFFFFF &&
405 nla_put_u32(skb, TCA_FW_MASK, head->mask))
406 goto nla_put_failure;
407
408 if (tcf_exts_dump(skb, &f->exts) < 0)
409 goto nla_put_failure;
410
411 nla_nest_end(skb, nest);
412
413 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
414 goto nla_put_failure;
415
416 return skb->len;
417
418nla_put_failure:
419 nla_nest_cancel(skb, nest);
420 return -1;
421}
422
423static struct tcf_proto_ops cls_fw_ops __read_mostly = {
424 .kind = "fw",
425 .classify = fw_classify,
426 .init = fw_init,
427 .destroy = fw_destroy,
428 .get = fw_get,
429 .change = fw_change,
430 .delete = fw_delete,
431 .walk = fw_walk,
432 .dump = fw_dump,
433 .owner = THIS_MODULE,
434};
435
436static int __init init_fw(void)
437{
438 return register_tcf_proto_ops(&cls_fw_ops);
439}
440
441static void __exit exit_fw(void)
442{
443 unregister_tcf_proto_ops(&cls_fw_ops);
444}
445
446module_init(init_fw)
447module_exit(exit_fw)
448MODULE_LICENSE("GPL");
449
