1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17#include <linux/module.h>
18#include <linux/types.h>
19#include <linux/kernel.h>
20#include <linux/string.h>
21#include <linux/errno.h>
22#include <linux/err.h>
23#include <linux/skbuff.h>
24#include <linux/init.h>
25#include <linux/kmod.h>
26#include <linux/slab.h>
27#include <linux/idr.h>
28#include <net/net_namespace.h>
29#include <net/sock.h>
30#include <net/netlink.h>
31#include <net/pkt_sched.h>
32#include <net/pkt_cls.h>
33
34extern const struct nla_policy rtm_tca_policy[TCA_MAX + 1];
35
36
37static LIST_HEAD(tcf_proto_base);
38
39
40static DEFINE_RWLOCK(cls_mod_lock);
41
42
43
44static const struct tcf_proto_ops *__tcf_proto_lookup_ops(const char *kind)
45{
46 const struct tcf_proto_ops *t, *res = NULL;
47
48 if (kind) {
49 read_lock(&cls_mod_lock);
50 list_for_each_entry(t, &tcf_proto_base, head) {
51 if (strcmp(kind, t->kind) == 0) {
52 if (try_module_get(t->owner))
53 res = t;
54 break;
55 }
56 }
57 read_unlock(&cls_mod_lock);
58 }
59 return res;
60}
61
62static const struct tcf_proto_ops *
63tcf_proto_lookup_ops(const char *kind, struct netlink_ext_ack *extack)
64{
65 const struct tcf_proto_ops *ops;
66
67 ops = __tcf_proto_lookup_ops(kind);
68 if (ops)
69 return ops;
70#ifdef CONFIG_MODULES
71 rtnl_unlock();
72 request_module("cls_%s", kind);
73 rtnl_lock();
74 ops = __tcf_proto_lookup_ops(kind);
75
76
77
78
79
80 if (ops) {
81 module_put(ops->owner);
82 return ERR_PTR(-EAGAIN);
83 }
84#endif
85 NL_SET_ERR_MSG(extack, "TC classifier not found");
86 return ERR_PTR(-ENOENT);
87}
88
89
90
91int register_tcf_proto_ops(struct tcf_proto_ops *ops)
92{
93 struct tcf_proto_ops *t;
94 int rc = -EEXIST;
95
96 write_lock(&cls_mod_lock);
97 list_for_each_entry(t, &tcf_proto_base, head)
98 if (!strcmp(ops->kind, t->kind))
99 goto out;
100
101 list_add_tail(&ops->head, &tcf_proto_base);
102 rc = 0;
103out:
104 write_unlock(&cls_mod_lock);
105 return rc;
106}
107EXPORT_SYMBOL(register_tcf_proto_ops);
108
109static struct workqueue_struct *tc_filter_wq;
110
111int unregister_tcf_proto_ops(struct tcf_proto_ops *ops)
112{
113 struct tcf_proto_ops *t;
114 int rc = -ENOENT;
115
116
117
118
119 rcu_barrier();
120 flush_workqueue(tc_filter_wq);
121
122 write_lock(&cls_mod_lock);
123 list_for_each_entry(t, &tcf_proto_base, head) {
124 if (t == ops) {
125 list_del(&t->head);
126 rc = 0;
127 break;
128 }
129 }
130 write_unlock(&cls_mod_lock);
131 return rc;
132}
133EXPORT_SYMBOL(unregister_tcf_proto_ops);
134
135bool tcf_queue_work(struct rcu_work *rwork, work_func_t func)
136{
137 INIT_RCU_WORK(rwork, func);
138 return queue_rcu_work(tc_filter_wq, rwork);
139}
140EXPORT_SYMBOL(tcf_queue_work);
141
142
143
144static inline u32 tcf_auto_prio(struct tcf_proto *tp)
145{
146 u32 first = TC_H_MAKE(0xC0000000U, 0U);
147
148 if (tp)
149 first = tp->prio - 1;
150
151 return TC_H_MAJ(first);
152}
153
154static struct tcf_proto *tcf_proto_create(const char *kind, u32 protocol,
155 u32 prio, struct tcf_chain *chain,
156 struct netlink_ext_ack *extack)
157{
158 struct tcf_proto *tp;
159 int err;
160
161 tp = kzalloc(sizeof(*tp), GFP_KERNEL);
162 if (!tp)
163 return ERR_PTR(-ENOBUFS);
164
165 tp->ops = tcf_proto_lookup_ops(kind, extack);
166 if (IS_ERR(tp->ops)) {
167 err = PTR_ERR(tp->ops);
168 goto errout;
169 }
170 tp->classify = tp->ops->classify;
171 tp->protocol = protocol;
172 tp->prio = prio;
173 tp->chain = chain;
174
175 err = tp->ops->init(tp);
176 if (err) {
177 module_put(tp->ops->owner);
178 goto errout;
179 }
180 return tp;
181
182errout:
183 kfree(tp);
184 return ERR_PTR(err);
185}
186
187static void tcf_proto_destroy(struct tcf_proto *tp,
188 struct netlink_ext_ack *extack)
189{
190 tp->ops->destroy(tp, extack);
191 module_put(tp->ops->owner);
192 kfree_rcu(tp, rcu);
193}
194
195struct tcf_filter_chain_list_item {
196 struct list_head list;
197 tcf_chain_head_change_t *chain_head_change;
198 void *chain_head_change_priv;
199};
200
201static struct tcf_chain *tcf_chain_create(struct tcf_block *block,
202 u32 chain_index)
203{
204 struct tcf_chain *chain;
205
206 chain = kzalloc(sizeof(*chain), GFP_KERNEL);
207 if (!chain)
208 return NULL;
209 list_add_tail(&chain->list, &block->chain_list);
210 chain->block = block;
211 chain->index = chain_index;
212 chain->refcnt = 1;
213 if (!chain->index)
214 block->chain0.chain = chain;
215 return chain;
216}
217
218static void tcf_chain_head_change_item(struct tcf_filter_chain_list_item *item,
219 struct tcf_proto *tp_head)
220{
221 if (item->chain_head_change)
222 item->chain_head_change(tp_head, item->chain_head_change_priv);
223}
224
225static void tcf_chain0_head_change(struct tcf_chain *chain,
226 struct tcf_proto *tp_head)
227{
228 struct tcf_filter_chain_list_item *item;
229 struct tcf_block *block = chain->block;
230
231 if (chain->index)
232 return;
233 list_for_each_entry(item, &block->chain0.filter_chain_list, list)
234 tcf_chain_head_change_item(item, tp_head);
235}
236
237static void tcf_chain_destroy(struct tcf_chain *chain)
238{
239 struct tcf_block *block = chain->block;
240
241 list_del(&chain->list);
242 if (!chain->index)
243 block->chain0.chain = NULL;
244 kfree(chain);
245 if (list_empty(&block->chain_list) && block->refcnt == 0)
246 kfree(block);
247}
248
249static void tcf_chain_hold(struct tcf_chain *chain)
250{
251 ++chain->refcnt;
252}
253
254static bool tcf_chain_held_by_acts_only(struct tcf_chain *chain)
255{
256
257
258
259 return chain->refcnt == chain->action_refcnt;
260}
261
262static struct tcf_chain *tcf_chain_lookup(struct tcf_block *block,
263 u32 chain_index)
264{
265 struct tcf_chain *chain;
266
267 list_for_each_entry(chain, &block->chain_list, list) {
268 if (chain->index == chain_index)
269 return chain;
270 }
271 return NULL;
272}
273
274static int tc_chain_notify(struct tcf_chain *chain, struct sk_buff *oskb,
275 u32 seq, u16 flags, int event, bool unicast);
276
277static struct tcf_chain *__tcf_chain_get(struct tcf_block *block,
278 u32 chain_index, bool create,
279 bool by_act)
280{
281 struct tcf_chain *chain = tcf_chain_lookup(block, chain_index);
282
283 if (chain) {
284 tcf_chain_hold(chain);
285 } else {
286 if (!create)
287 return NULL;
288 chain = tcf_chain_create(block, chain_index);
289 if (!chain)
290 return NULL;
291 }
292
293 if (by_act)
294 ++chain->action_refcnt;
295
296
297
298
299
300
301 if (chain->refcnt - chain->action_refcnt == 1 && !by_act)
302 tc_chain_notify(chain, NULL, 0, NLM_F_CREATE | NLM_F_EXCL,
303 RTM_NEWCHAIN, false);
304
305 return chain;
306}
307
308static struct tcf_chain *tcf_chain_get(struct tcf_block *block, u32 chain_index,
309 bool create)
310{
311 return __tcf_chain_get(block, chain_index, create, false);
312}
313
314struct tcf_chain *tcf_chain_get_by_act(struct tcf_block *block, u32 chain_index)
315{
316 return __tcf_chain_get(block, chain_index, true, true);
317}
318EXPORT_SYMBOL(tcf_chain_get_by_act);
319
320static void tc_chain_tmplt_del(struct tcf_chain *chain);
321
322static void __tcf_chain_put(struct tcf_chain *chain, bool by_act)
323{
324 if (by_act)
325 chain->action_refcnt--;
326 chain->refcnt--;
327
328
329 if (chain->refcnt - chain->action_refcnt == 0 && !by_act)
330 tc_chain_notify(chain, NULL, 0, 0, RTM_DELCHAIN, false);
331
332 if (chain->refcnt == 0) {
333 tc_chain_tmplt_del(chain);
334 tcf_chain_destroy(chain);
335 }
336}
337
338static void tcf_chain_put(struct tcf_chain *chain)
339{
340 __tcf_chain_put(chain, false);
341}
342
343void tcf_chain_put_by_act(struct tcf_chain *chain)
344{
345 __tcf_chain_put(chain, true);
346}
347EXPORT_SYMBOL(tcf_chain_put_by_act);
348
349static void tcf_chain_put_explicitly_created(struct tcf_chain *chain)
350{
351 if (chain->explicitly_created)
352 tcf_chain_put(chain);
353}
354
355static void tcf_chain_flush(struct tcf_chain *chain)
356{
357 struct tcf_proto *tp = rtnl_dereference(chain->filter_chain);
358
359 tcf_chain0_head_change(chain, NULL);
360 while (tp) {
361 RCU_INIT_POINTER(chain->filter_chain, tp->next);
362 tcf_proto_destroy(tp, NULL);
363 tp = rtnl_dereference(chain->filter_chain);
364 tcf_chain_put(chain);
365 }
366}
367
368static bool tcf_block_offload_in_use(struct tcf_block *block)
369{
370 return block->offloadcnt;
371}
372
373static int tcf_block_offload_cmd(struct tcf_block *block,
374 struct net_device *dev,
375 struct tcf_block_ext_info *ei,
376 enum tc_block_command command,
377 struct netlink_ext_ack *extack)
378{
379 struct tc_block_offload bo = {};
380
381 bo.command = command;
382 bo.binder_type = ei->binder_type;
383 bo.block = block;
384 bo.extack = extack;
385 return dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_BLOCK, &bo);
386}
387
388static int tcf_block_offload_bind(struct tcf_block *block, struct Qdisc *q,
389 struct tcf_block_ext_info *ei,
390 struct netlink_ext_ack *extack)
391{
392 struct net_device *dev = q->dev_queue->dev;
393 int err;
394
395 if (!dev->netdev_ops->ndo_setup_tc)
396 goto no_offload_dev_inc;
397
398
399
400
401 if (!tc_can_offload(dev) && tcf_block_offload_in_use(block)) {
402 NL_SET_ERR_MSG(extack, "Bind to offloaded block failed as dev has offload disabled");
403 return -EOPNOTSUPP;
404 }
405
406 err = tcf_block_offload_cmd(block, dev, ei, TC_BLOCK_BIND, extack);
407 if (err == -EOPNOTSUPP)
408 goto no_offload_dev_inc;
409 return err;
410
411no_offload_dev_inc:
412 if (tcf_block_offload_in_use(block))
413 return -EOPNOTSUPP;
414 block->nooffloaddevcnt++;
415 return 0;
416}
417
418static void tcf_block_offload_unbind(struct tcf_block *block, struct Qdisc *q,
419 struct tcf_block_ext_info *ei)
420{
421 struct net_device *dev = q->dev_queue->dev;
422 int err;
423
424 if (!dev->netdev_ops->ndo_setup_tc)
425 goto no_offload_dev_dec;
426 err = tcf_block_offload_cmd(block, dev, ei, TC_BLOCK_UNBIND, NULL);
427 if (err == -EOPNOTSUPP)
428 goto no_offload_dev_dec;
429 return;
430
431no_offload_dev_dec:
432 WARN_ON(block->nooffloaddevcnt-- == 0);
433}
434
435static int
436tcf_chain0_head_change_cb_add(struct tcf_block *block,
437 struct tcf_block_ext_info *ei,
438 struct netlink_ext_ack *extack)
439{
440 struct tcf_chain *chain0 = block->chain0.chain;
441 struct tcf_filter_chain_list_item *item;
442
443 item = kmalloc(sizeof(*item), GFP_KERNEL);
444 if (!item) {
445 NL_SET_ERR_MSG(extack, "Memory allocation for head change callback item failed");
446 return -ENOMEM;
447 }
448 item->chain_head_change = ei->chain_head_change;
449 item->chain_head_change_priv = ei->chain_head_change_priv;
450 if (chain0 && chain0->filter_chain)
451 tcf_chain_head_change_item(item, chain0->filter_chain);
452 list_add(&item->list, &block->chain0.filter_chain_list);
453 return 0;
454}
455
456static void
457tcf_chain0_head_change_cb_del(struct tcf_block *block,
458 struct tcf_block_ext_info *ei)
459{
460 struct tcf_chain *chain0 = block->chain0.chain;
461 struct tcf_filter_chain_list_item *item;
462
463 list_for_each_entry(item, &block->chain0.filter_chain_list, list) {
464 if ((!ei->chain_head_change && !ei->chain_head_change_priv) ||
465 (item->chain_head_change == ei->chain_head_change &&
466 item->chain_head_change_priv == ei->chain_head_change_priv)) {
467 if (chain0)
468 tcf_chain_head_change_item(item, NULL);
469 list_del(&item->list);
470 kfree(item);
471 return;
472 }
473 }
474 WARN_ON(1);
475}
476
477struct tcf_net {
478 struct idr idr;
479};
480
481static unsigned int tcf_net_id;
482
483static int tcf_block_insert(struct tcf_block *block, struct net *net,
484 struct netlink_ext_ack *extack)
485{
486 struct tcf_net *tn = net_generic(net, tcf_net_id);
487
488 return idr_alloc_u32(&tn->idr, block, &block->index, block->index,
489 GFP_KERNEL);
490}
491
492static void tcf_block_remove(struct tcf_block *block, struct net *net)
493{
494 struct tcf_net *tn = net_generic(net, tcf_net_id);
495
496 idr_remove(&tn->idr, block->index);
497}
498
499static struct tcf_block *tcf_block_create(struct net *net, struct Qdisc *q,
500 u32 block_index,
501 struct netlink_ext_ack *extack)
502{
503 struct tcf_block *block;
504
505 block = kzalloc(sizeof(*block), GFP_KERNEL);
506 if (!block) {
507 NL_SET_ERR_MSG(extack, "Memory allocation for block failed");
508 return ERR_PTR(-ENOMEM);
509 }
510 INIT_LIST_HEAD(&block->chain_list);
511 INIT_LIST_HEAD(&block->cb_list);
512 INIT_LIST_HEAD(&block->owner_list);
513 INIT_LIST_HEAD(&block->chain0.filter_chain_list);
514
515 block->refcnt = 1;
516 block->net = net;
517 block->index = block_index;
518
519
520 if (!tcf_block_shared(block))
521 block->q = q;
522 return block;
523}
524
525static struct tcf_block *tcf_block_lookup(struct net *net, u32 block_index)
526{
527 struct tcf_net *tn = net_generic(net, tcf_net_id);
528
529 return idr_find(&tn->idr, block_index);
530}
531
532
533
534
535
536static struct tcf_block *tcf_block_find(struct net *net, struct Qdisc **q,
537 u32 *parent, unsigned long *cl,
538 int ifindex, u32 block_index,
539 struct netlink_ext_ack *extack)
540{
541 struct tcf_block *block;
542
543 if (ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
544 block = tcf_block_lookup(net, block_index);
545 if (!block) {
546 NL_SET_ERR_MSG(extack, "Block of given index was not found");
547 return ERR_PTR(-EINVAL);
548 }
549 } else {
550 const struct Qdisc_class_ops *cops;
551 struct net_device *dev;
552
553
554 dev = __dev_get_by_index(net, ifindex);
555 if (!dev)
556 return ERR_PTR(-ENODEV);
557
558
559 if (!*parent) {
560 *q = dev->qdisc;
561 *parent = (*q)->handle;
562 } else {
563 *q = qdisc_lookup(dev, TC_H_MAJ(*parent));
564 if (!*q) {
565 NL_SET_ERR_MSG(extack, "Parent Qdisc doesn't exists");
566 return ERR_PTR(-EINVAL);
567 }
568 }
569
570
571 cops = (*q)->ops->cl_ops;
572 if (!cops) {
573 NL_SET_ERR_MSG(extack, "Qdisc not classful");
574 return ERR_PTR(-EINVAL);
575 }
576
577 if (!cops->tcf_block) {
578 NL_SET_ERR_MSG(extack, "Class doesn't support blocks");
579 return ERR_PTR(-EOPNOTSUPP);
580 }
581
582
583 if (TC_H_MIN(*parent)) {
584 *cl = cops->find(*q, *parent);
585 if (*cl == 0) {
586 NL_SET_ERR_MSG(extack, "Specified class doesn't exist");
587 return ERR_PTR(-ENOENT);
588 }
589 }
590
591
592 block = cops->tcf_block(*q, *cl, extack);
593 if (!block)
594 return ERR_PTR(-EINVAL);
595 if (tcf_block_shared(block)) {
596 NL_SET_ERR_MSG(extack, "This filter block is shared. Please use the block index to manipulate the filters");
597 return ERR_PTR(-EOPNOTSUPP);
598 }
599 }
600
601 return block;
602}
603
604struct tcf_block_owner_item {
605 struct list_head list;
606 struct Qdisc *q;
607 enum tcf_block_binder_type binder_type;
608};
609
610static void
611tcf_block_owner_netif_keep_dst(struct tcf_block *block,
612 struct Qdisc *q,
613 enum tcf_block_binder_type binder_type)
614{
615 if (block->keep_dst &&
616 binder_type != TCF_BLOCK_BINDER_TYPE_CLSACT_INGRESS &&
617 binder_type != TCF_BLOCK_BINDER_TYPE_CLSACT_EGRESS)
618 netif_keep_dst(qdisc_dev(q));
619}
620
621void tcf_block_netif_keep_dst(struct tcf_block *block)
622{
623 struct tcf_block_owner_item *item;
624
625 block->keep_dst = true;
626 list_for_each_entry(item, &block->owner_list, list)
627 tcf_block_owner_netif_keep_dst(block, item->q,
628 item->binder_type);
629}
630EXPORT_SYMBOL(tcf_block_netif_keep_dst);
631
632static int tcf_block_owner_add(struct tcf_block *block,
633 struct Qdisc *q,
634 enum tcf_block_binder_type binder_type)
635{
636 struct tcf_block_owner_item *item;
637
638 item = kmalloc(sizeof(*item), GFP_KERNEL);
639 if (!item)
640 return -ENOMEM;
641 item->q = q;
642 item->binder_type = binder_type;
643 list_add(&item->list, &block->owner_list);
644 return 0;
645}
646
647static void tcf_block_owner_del(struct tcf_block *block,
648 struct Qdisc *q,
649 enum tcf_block_binder_type binder_type)
650{
651 struct tcf_block_owner_item *item;
652
653 list_for_each_entry(item, &block->owner_list, list) {
654 if (item->q == q && item->binder_type == binder_type) {
655 list_del(&item->list);
656 kfree(item);
657 return;
658 }
659 }
660 WARN_ON(1);
661}
662
663int tcf_block_get_ext(struct tcf_block **p_block, struct Qdisc *q,
664 struct tcf_block_ext_info *ei,
665 struct netlink_ext_ack *extack)
666{
667 struct net *net = qdisc_net(q);
668 struct tcf_block *block = NULL;
669 bool created = false;
670 int err;
671
672 if (ei->block_index) {
673
674 block = tcf_block_lookup(net, ei->block_index);
675 if (block)
676 block->refcnt++;
677 }
678
679 if (!block) {
680 block = tcf_block_create(net, q, ei->block_index, extack);
681 if (IS_ERR(block))
682 return PTR_ERR(block);
683 created = true;
684 if (tcf_block_shared(block)) {
685 err = tcf_block_insert(block, net, extack);
686 if (err)
687 goto err_block_insert;
688 }
689 }
690
691 err = tcf_block_owner_add(block, q, ei->binder_type);
692 if (err)
693 goto err_block_owner_add;
694
695 tcf_block_owner_netif_keep_dst(block, q, ei->binder_type);
696
697 err = tcf_chain0_head_change_cb_add(block, ei, extack);
698 if (err)
699 goto err_chain0_head_change_cb_add;
700
701 err = tcf_block_offload_bind(block, q, ei, extack);
702 if (err)
703 goto err_block_offload_bind;
704
705 *p_block = block;
706 return 0;
707
708err_block_offload_bind:
709 tcf_chain0_head_change_cb_del(block, ei);
710err_chain0_head_change_cb_add:
711 tcf_block_owner_del(block, q, ei->binder_type);
712err_block_owner_add:
713 if (created) {
714 if (tcf_block_shared(block))
715 tcf_block_remove(block, net);
716err_block_insert:
717 kfree(block);
718 } else {
719 block->refcnt--;
720 }
721 return err;
722}
723EXPORT_SYMBOL(tcf_block_get_ext);
724
725static void tcf_chain_head_change_dflt(struct tcf_proto *tp_head, void *priv)
726{
727 struct tcf_proto __rcu **p_filter_chain = priv;
728
729 rcu_assign_pointer(*p_filter_chain, tp_head);
730}
731
732int tcf_block_get(struct tcf_block **p_block,
733 struct tcf_proto __rcu **p_filter_chain, struct Qdisc *q,
734 struct netlink_ext_ack *extack)
735{
736 struct tcf_block_ext_info ei = {
737 .chain_head_change = tcf_chain_head_change_dflt,
738 .chain_head_change_priv = p_filter_chain,
739 };
740
741 WARN_ON(!p_filter_chain);
742 return tcf_block_get_ext(p_block, q, &ei, extack);
743}
744EXPORT_SYMBOL(tcf_block_get);
745
746
747
748
749void tcf_block_put_ext(struct tcf_block *block, struct Qdisc *q,
750 struct tcf_block_ext_info *ei)
751{
752 struct tcf_chain *chain, *tmp;
753
754 if (!block)
755 return;
756 tcf_chain0_head_change_cb_del(block, ei);
757 tcf_block_owner_del(block, q, ei->binder_type);
758
759 if (block->refcnt == 1) {
760 if (tcf_block_shared(block))
761 tcf_block_remove(block, block->net);
762
763
764
765
766 list_for_each_entry(chain, &block->chain_list, list)
767 tcf_chain_hold(chain);
768
769 list_for_each_entry(chain, &block->chain_list, list)
770 tcf_chain_flush(chain);
771 }
772
773 tcf_block_offload_unbind(block, q, ei);
774
775 if (block->refcnt == 1) {
776
777 list_for_each_entry_safe(chain, tmp, &block->chain_list, list) {
778 tcf_chain_put_explicitly_created(chain);
779 tcf_chain_put(chain);
780 }
781
782 block->refcnt--;
783 if (list_empty(&block->chain_list))
784 kfree(block);
785 } else {
786 block->refcnt--;
787 }
788}
789EXPORT_SYMBOL(tcf_block_put_ext);
790
791void tcf_block_put(struct tcf_block *block)
792{
793 struct tcf_block_ext_info ei = {0, };
794
795 if (!block)
796 return;
797 tcf_block_put_ext(block, block->q, &ei);
798}
799
800EXPORT_SYMBOL(tcf_block_put);
801
802struct tcf_block_cb {
803 struct list_head list;
804 tc_setup_cb_t *cb;
805 void *cb_ident;
806 void *cb_priv;
807 unsigned int refcnt;
808};
809
810void *tcf_block_cb_priv(struct tcf_block_cb *block_cb)
811{
812 return block_cb->cb_priv;
813}
814EXPORT_SYMBOL(tcf_block_cb_priv);
815
816struct tcf_block_cb *tcf_block_cb_lookup(struct tcf_block *block,
817 tc_setup_cb_t *cb, void *cb_ident)
818{ struct tcf_block_cb *block_cb;
819
820 list_for_each_entry(block_cb, &block->cb_list, list)
821 if (block_cb->cb == cb && block_cb->cb_ident == cb_ident)
822 return block_cb;
823 return NULL;
824}
825EXPORT_SYMBOL(tcf_block_cb_lookup);
826
827void tcf_block_cb_incref(struct tcf_block_cb *block_cb)
828{
829 block_cb->refcnt++;
830}
831EXPORT_SYMBOL(tcf_block_cb_incref);
832
833unsigned int tcf_block_cb_decref(struct tcf_block_cb *block_cb)
834{
835 return --block_cb->refcnt;
836}
837EXPORT_SYMBOL(tcf_block_cb_decref);
838
839static int
840tcf_block_playback_offloads(struct tcf_block *block, tc_setup_cb_t *cb,
841 void *cb_priv, bool add, bool offload_in_use,
842 struct netlink_ext_ack *extack)
843{
844 struct tcf_chain *chain;
845 struct tcf_proto *tp;
846 int err;
847
848 list_for_each_entry(chain, &block->chain_list, list) {
849 for (tp = rtnl_dereference(chain->filter_chain); tp;
850 tp = rtnl_dereference(tp->next)) {
851 if (tp->ops->reoffload) {
852 err = tp->ops->reoffload(tp, add, cb, cb_priv,
853 extack);
854 if (err && add)
855 goto err_playback_remove;
856 } else if (add && offload_in_use) {
857 err = -EOPNOTSUPP;
858 NL_SET_ERR_MSG(extack, "Filter HW offload failed - classifier without re-offloading support");
859 goto err_playback_remove;
860 }
861 }
862 }
863
864 return 0;
865
866err_playback_remove:
867 tcf_block_playback_offloads(block, cb, cb_priv, false, offload_in_use,
868 extack);
869 return err;
870}
871
872struct tcf_block_cb *__tcf_block_cb_register(struct tcf_block *block,
873 tc_setup_cb_t *cb, void *cb_ident,
874 void *cb_priv,
875 struct netlink_ext_ack *extack)
876{
877 struct tcf_block_cb *block_cb;
878 int err;
879
880
881 err = tcf_block_playback_offloads(block, cb, cb_priv, true,
882 tcf_block_offload_in_use(block),
883 extack);
884 if (err)
885 return ERR_PTR(err);
886
887 block_cb = kzalloc(sizeof(*block_cb), GFP_KERNEL);
888 if (!block_cb)
889 return ERR_PTR(-ENOMEM);
890 block_cb->cb = cb;
891 block_cb->cb_ident = cb_ident;
892 block_cb->cb_priv = cb_priv;
893 list_add(&block_cb->list, &block->cb_list);
894 return block_cb;
895}
896EXPORT_SYMBOL(__tcf_block_cb_register);
897
898int tcf_block_cb_register(struct tcf_block *block,
899 tc_setup_cb_t *cb, void *cb_ident,
900 void *cb_priv, struct netlink_ext_ack *extack)
901{
902 struct tcf_block_cb *block_cb;
903
904 block_cb = __tcf_block_cb_register(block, cb, cb_ident, cb_priv,
905 extack);
906 return PTR_ERR_OR_ZERO(block_cb);
907}
908EXPORT_SYMBOL(tcf_block_cb_register);
909
910void __tcf_block_cb_unregister(struct tcf_block *block,
911 struct tcf_block_cb *block_cb)
912{
913 tcf_block_playback_offloads(block, block_cb->cb, block_cb->cb_priv,
914 false, tcf_block_offload_in_use(block),
915 NULL);
916 list_del(&block_cb->list);
917 kfree(block_cb);
918}
919EXPORT_SYMBOL(__tcf_block_cb_unregister);
920
921void tcf_block_cb_unregister(struct tcf_block *block,
922 tc_setup_cb_t *cb, void *cb_ident)
923{
924 struct tcf_block_cb *block_cb;
925
926 block_cb = tcf_block_cb_lookup(block, cb, cb_ident);
927 if (!block_cb)
928 return;
929 __tcf_block_cb_unregister(block, block_cb);
930}
931EXPORT_SYMBOL(tcf_block_cb_unregister);
932
933static int tcf_block_cb_call(struct tcf_block *block, enum tc_setup_type type,
934 void *type_data, bool err_stop)
935{
936 struct tcf_block_cb *block_cb;
937 int ok_count = 0;
938 int err;
939
940
941 if (block->nooffloaddevcnt && err_stop)
942 return -EOPNOTSUPP;
943
944 list_for_each_entry(block_cb, &block->cb_list, list) {
945 err = block_cb->cb(type, type_data, block_cb->cb_priv);
946 if (err) {
947 if (err_stop)
948 return err;
949 } else {
950 ok_count++;
951 }
952 }
953 return ok_count;
954}
955
956
957
958
959
960int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp,
961 struct tcf_result *res, bool compat_mode)
962{
963 __be16 protocol = tc_skb_protocol(skb);
964#ifdef CONFIG_NET_CLS_ACT
965 const int max_reclassify_loop = 4;
966 const struct tcf_proto *orig_tp = tp;
967 const struct tcf_proto *first_tp;
968 int limit = 0;
969
970reclassify:
971#endif
972 for (; tp; tp = rcu_dereference_bh(tp->next)) {
973 int err;
974
975 if (tp->protocol != protocol &&
976 tp->protocol != htons(ETH_P_ALL))
977 continue;
978
979 err = tp->classify(skb, tp, res);
980#ifdef CONFIG_NET_CLS_ACT
981 if (unlikely(err == TC_ACT_RECLASSIFY && !compat_mode)) {
982 first_tp = orig_tp;
983 goto reset;
984 } else if (unlikely(TC_ACT_EXT_CMP(err, TC_ACT_GOTO_CHAIN))) {
985 first_tp = res->goto_tp;
986 goto reset;
987 }
988#endif
989 if (err >= 0)
990 return err;
991 }
992
993 return TC_ACT_UNSPEC;
994#ifdef CONFIG_NET_CLS_ACT
995reset:
996 if (unlikely(limit++ >= max_reclassify_loop)) {
997 net_notice_ratelimited("%u: reclassify loop, rule prio %u, protocol %02x\n",
998 tp->chain->block->index,
999 tp->prio & 0xffff,
1000 ntohs(tp->protocol));
1001 return TC_ACT_SHOT;
1002 }
1003
1004 tp = first_tp;
1005 protocol = tc_skb_protocol(skb);
1006 goto reclassify;
1007#endif
1008}
1009EXPORT_SYMBOL(tcf_classify);
1010
1011struct tcf_chain_info {
1012 struct tcf_proto __rcu **pprev;
1013 struct tcf_proto __rcu *next;
1014};
1015
1016static struct tcf_proto *tcf_chain_tp_prev(struct tcf_chain_info *chain_info)
1017{
1018 return rtnl_dereference(*chain_info->pprev);
1019}
1020
1021static void tcf_chain_tp_insert(struct tcf_chain *chain,
1022 struct tcf_chain_info *chain_info,
1023 struct tcf_proto *tp)
1024{
1025 if (*chain_info->pprev == chain->filter_chain)
1026 tcf_chain0_head_change(chain, tp);
1027 RCU_INIT_POINTER(tp->next, tcf_chain_tp_prev(chain_info));
1028 rcu_assign_pointer(*chain_info->pprev, tp);
1029 tcf_chain_hold(chain);
1030}
1031
1032static void tcf_chain_tp_remove(struct tcf_chain *chain,
1033 struct tcf_chain_info *chain_info,
1034 struct tcf_proto *tp)
1035{
1036 struct tcf_proto *next = rtnl_dereference(chain_info->next);
1037
1038 if (tp == chain->filter_chain)
1039 tcf_chain0_head_change(chain, next);
1040 RCU_INIT_POINTER(*chain_info->pprev, next);
1041 tcf_chain_put(chain);
1042}
1043
1044static struct tcf_proto *tcf_chain_tp_find(struct tcf_chain *chain,
1045 struct tcf_chain_info *chain_info,
1046 u32 protocol, u32 prio,
1047 bool prio_allocate)
1048{
1049 struct tcf_proto **pprev;
1050 struct tcf_proto *tp;
1051
1052
1053 for (pprev = &chain->filter_chain;
1054 (tp = rtnl_dereference(*pprev)); pprev = &tp->next) {
1055 if (tp->prio >= prio) {
1056 if (tp->prio == prio) {
1057 if (prio_allocate ||
1058 (tp->protocol != protocol && protocol))
1059 return ERR_PTR(-EINVAL);
1060 } else {
1061 tp = NULL;
1062 }
1063 break;
1064 }
1065 }
1066 chain_info->pprev = pprev;
1067 chain_info->next = tp ? tp->next : NULL;
1068 return tp;
1069}
1070
1071static int tcf_fill_node(struct net *net, struct sk_buff *skb,
1072 struct tcf_proto *tp, struct tcf_block *block,
1073 struct Qdisc *q, u32 parent, void *fh,
1074 u32 portid, u32 seq, u16 flags, int event)
1075{
1076 struct tcmsg *tcm;
1077 struct nlmsghdr *nlh;
1078 unsigned char *b = skb_tail_pointer(skb);
1079
1080 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*tcm), flags);
1081 if (!nlh)
1082 goto out_nlmsg_trim;
1083 tcm = nlmsg_data(nlh);
1084 tcm->tcm_family = AF_UNSPEC;
1085 tcm->tcm__pad1 = 0;
1086 tcm->tcm__pad2 = 0;
1087 if (q) {
1088 tcm->tcm_ifindex = qdisc_dev(q)->ifindex;
1089 tcm->tcm_parent = parent;
1090 } else {
1091 tcm->tcm_ifindex = TCM_IFINDEX_MAGIC_BLOCK;
1092 tcm->tcm_block_index = block->index;
1093 }
1094 tcm->tcm_info = TC_H_MAKE(tp->prio, tp->protocol);
1095 if (nla_put_string(skb, TCA_KIND, tp->ops->kind))
1096 goto nla_put_failure;
1097 if (nla_put_u32(skb, TCA_CHAIN, tp->chain->index))
1098 goto nla_put_failure;
1099 if (!fh) {
1100 tcm->tcm_handle = 0;
1101 } else {
1102 if (tp->ops->dump && tp->ops->dump(net, tp, fh, skb, tcm) < 0)
1103 goto nla_put_failure;
1104 }
1105 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1106 return skb->len;
1107
1108out_nlmsg_trim:
1109nla_put_failure:
1110 nlmsg_trim(skb, b);
1111 return -1;
1112}
1113
1114static int tfilter_notify(struct net *net, struct sk_buff *oskb,
1115 struct nlmsghdr *n, struct tcf_proto *tp,
1116 struct tcf_block *block, struct Qdisc *q,
1117 u32 parent, void *fh, int event, bool unicast)
1118{
1119 struct sk_buff *skb;
1120 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1121
1122 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1123 if (!skb)
1124 return -ENOBUFS;
1125
1126 if (tcf_fill_node(net, skb, tp, block, q, parent, fh, portid,
1127 n->nlmsg_seq, n->nlmsg_flags, event) <= 0) {
1128 kfree_skb(skb);
1129 return -EINVAL;
1130 }
1131
1132 if (unicast)
1133 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1134
1135 return rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1136 n->nlmsg_flags & NLM_F_ECHO);
1137}
1138
1139static int tfilter_del_notify(struct net *net, struct sk_buff *oskb,
1140 struct nlmsghdr *n, struct tcf_proto *tp,
1141 struct tcf_block *block, struct Qdisc *q,
1142 u32 parent, void *fh, bool unicast, bool *last,
1143 struct netlink_ext_ack *extack)
1144{
1145 struct sk_buff *skb;
1146 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1147 int err;
1148
1149 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1150 if (!skb)
1151 return -ENOBUFS;
1152
1153 if (tcf_fill_node(net, skb, tp, block, q, parent, fh, portid,
1154 n->nlmsg_seq, n->nlmsg_flags, RTM_DELTFILTER) <= 0) {
1155 NL_SET_ERR_MSG(extack, "Failed to build del event notification");
1156 kfree_skb(skb);
1157 return -EINVAL;
1158 }
1159
1160 err = tp->ops->delete(tp, fh, last, extack);
1161 if (err) {
1162 kfree_skb(skb);
1163 return err;
1164 }
1165
1166 if (unicast)
1167 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1168
1169 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1170 n->nlmsg_flags & NLM_F_ECHO);
1171 if (err < 0)
1172 NL_SET_ERR_MSG(extack, "Failed to send filter delete notification");
1173 return err;
1174}
1175
1176static void tfilter_notify_chain(struct net *net, struct sk_buff *oskb,
1177 struct tcf_block *block, struct Qdisc *q,
1178 u32 parent, struct nlmsghdr *n,
1179 struct tcf_chain *chain, int event)
1180{
1181 struct tcf_proto *tp;
1182
1183 for (tp = rtnl_dereference(chain->filter_chain);
1184 tp; tp = rtnl_dereference(tp->next))
1185 tfilter_notify(net, oskb, n, tp, block,
1186 q, parent, NULL, event, false);
1187}
1188
1189static int tc_new_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1190 struct netlink_ext_ack *extack)
1191{
1192 struct net *net = sock_net(skb->sk);
1193 struct nlattr *tca[TCA_MAX + 1];
1194 struct tcmsg *t;
1195 u32 protocol;
1196 u32 prio;
1197 bool prio_allocate;
1198 u32 parent;
1199 u32 chain_index;
1200 struct Qdisc *q = NULL;
1201 struct tcf_chain_info chain_info;
1202 struct tcf_chain *chain = NULL;
1203 struct tcf_block *block;
1204 struct tcf_proto *tp;
1205 unsigned long cl;
1206 void *fh;
1207 int err;
1208 int tp_created;
1209
1210 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1211 return -EPERM;
1212
1213replay:
1214 tp_created = 0;
1215
1216 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1217 if (err < 0)
1218 return err;
1219
1220 t = nlmsg_data(n);
1221 protocol = TC_H_MIN(t->tcm_info);
1222 prio = TC_H_MAJ(t->tcm_info);
1223 prio_allocate = false;
1224 parent = t->tcm_parent;
1225 cl = 0;
1226
1227 if (prio == 0) {
1228
1229
1230
1231 if (n->nlmsg_flags & NLM_F_CREATE) {
1232 prio = TC_H_MAKE(0x80000000U, 0U);
1233 prio_allocate = true;
1234 } else {
1235 NL_SET_ERR_MSG(extack, "Invalid filter command with priority of zero");
1236 return -ENOENT;
1237 }
1238 }
1239
1240
1241
1242 block = tcf_block_find(net, &q, &parent, &cl,
1243 t->tcm_ifindex, t->tcm_block_index, extack);
1244 if (IS_ERR(block)) {
1245 err = PTR_ERR(block);
1246 goto errout;
1247 }
1248
1249 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1250 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1251 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1252 err = -EINVAL;
1253 goto errout;
1254 }
1255 chain = tcf_chain_get(block, chain_index, true);
1256 if (!chain) {
1257 NL_SET_ERR_MSG(extack, "Cannot create specified filter chain");
1258 err = -ENOMEM;
1259 goto errout;
1260 }
1261
1262 tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1263 prio, prio_allocate);
1264 if (IS_ERR(tp)) {
1265 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1266 err = PTR_ERR(tp);
1267 goto errout;
1268 }
1269
1270 if (tp == NULL) {
1271
1272
1273 if (tca[TCA_KIND] == NULL || !protocol) {
1274 NL_SET_ERR_MSG(extack, "Filter kind and protocol must be specified");
1275 err = -EINVAL;
1276 goto errout;
1277 }
1278
1279 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1280 NL_SET_ERR_MSG(extack, "Need both RTM_NEWTFILTER and NLM_F_CREATE to create a new filter");
1281 err = -ENOENT;
1282 goto errout;
1283 }
1284
1285 if (prio_allocate)
1286 prio = tcf_auto_prio(tcf_chain_tp_prev(&chain_info));
1287
1288 tp = tcf_proto_create(nla_data(tca[TCA_KIND]),
1289 protocol, prio, chain, extack);
1290 if (IS_ERR(tp)) {
1291 err = PTR_ERR(tp);
1292 goto errout;
1293 }
1294 tp_created = 1;
1295 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1296 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1297 err = -EINVAL;
1298 goto errout;
1299 }
1300
1301 fh = tp->ops->get(tp, t->tcm_handle);
1302
1303 if (!fh) {
1304 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1305 NL_SET_ERR_MSG(extack, "Need both RTM_NEWTFILTER and NLM_F_CREATE to create a new filter");
1306 err = -ENOENT;
1307 goto errout;
1308 }
1309 } else if (n->nlmsg_flags & NLM_F_EXCL) {
1310 NL_SET_ERR_MSG(extack, "Filter already exists");
1311 err = -EEXIST;
1312 goto errout;
1313 }
1314
1315 if (chain->tmplt_ops && chain->tmplt_ops != tp->ops) {
1316 NL_SET_ERR_MSG(extack, "Chain template is set to a different filter kind");
1317 err = -EINVAL;
1318 goto errout;
1319 }
1320
1321 err = tp->ops->change(net, skb, tp, cl, t->tcm_handle, tca, &fh,
1322 n->nlmsg_flags & NLM_F_CREATE ? TCA_ACT_NOREPLACE : TCA_ACT_REPLACE,
1323 extack);
1324 if (err == 0) {
1325 if (tp_created)
1326 tcf_chain_tp_insert(chain, &chain_info, tp);
1327 tfilter_notify(net, skb, n, tp, block, q, parent, fh,
1328 RTM_NEWTFILTER, false);
1329 } else {
1330 if (tp_created)
1331 tcf_proto_destroy(tp, NULL);
1332 }
1333
1334errout:
1335 if (chain)
1336 tcf_chain_put(chain);
1337 if (err == -EAGAIN)
1338
1339 goto replay;
1340 return err;
1341}
1342
1343static int tc_del_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1344 struct netlink_ext_ack *extack)
1345{
1346 struct net *net = sock_net(skb->sk);
1347 struct nlattr *tca[TCA_MAX + 1];
1348 struct tcmsg *t;
1349 u32 protocol;
1350 u32 prio;
1351 u32 parent;
1352 u32 chain_index;
1353 struct Qdisc *q = NULL;
1354 struct tcf_chain_info chain_info;
1355 struct tcf_chain *chain = NULL;
1356 struct tcf_block *block;
1357 struct tcf_proto *tp = NULL;
1358 unsigned long cl = 0;
1359 void *fh = NULL;
1360 int err;
1361
1362 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1363 return -EPERM;
1364
1365 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1366 if (err < 0)
1367 return err;
1368
1369 t = nlmsg_data(n);
1370 protocol = TC_H_MIN(t->tcm_info);
1371 prio = TC_H_MAJ(t->tcm_info);
1372 parent = t->tcm_parent;
1373
1374 if (prio == 0 && (protocol || t->tcm_handle || tca[TCA_KIND])) {
1375 NL_SET_ERR_MSG(extack, "Cannot flush filters with protocol, handle or kind set");
1376 return -ENOENT;
1377 }
1378
1379
1380
1381 block = tcf_block_find(net, &q, &parent, &cl,
1382 t->tcm_ifindex, t->tcm_block_index, extack);
1383 if (IS_ERR(block)) {
1384 err = PTR_ERR(block);
1385 goto errout;
1386 }
1387
1388 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1389 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1390 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1391 err = -EINVAL;
1392 goto errout;
1393 }
1394 chain = tcf_chain_get(block, chain_index, false);
1395 if (!chain) {
1396
1397
1398
1399 if (prio == 0) {
1400 err = 0;
1401 goto errout;
1402 }
1403 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1404 err = -ENOENT;
1405 goto errout;
1406 }
1407
1408 if (prio == 0) {
1409 tfilter_notify_chain(net, skb, block, q, parent, n,
1410 chain, RTM_DELTFILTER);
1411 tcf_chain_flush(chain);
1412 err = 0;
1413 goto errout;
1414 }
1415
1416 tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1417 prio, false);
1418 if (!tp || IS_ERR(tp)) {
1419 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1420 err = tp ? PTR_ERR(tp) : -ENOENT;
1421 goto errout;
1422 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1423 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1424 err = -EINVAL;
1425 goto errout;
1426 }
1427
1428 fh = tp->ops->get(tp, t->tcm_handle);
1429
1430 if (!fh) {
1431 if (t->tcm_handle == 0) {
1432 tcf_chain_tp_remove(chain, &chain_info, tp);
1433 tfilter_notify(net, skb, n, tp, block, q, parent, fh,
1434 RTM_DELTFILTER, false);
1435 tcf_proto_destroy(tp, extack);
1436 err = 0;
1437 } else {
1438 NL_SET_ERR_MSG(extack, "Specified filter handle not found");
1439 err = -ENOENT;
1440 }
1441 } else {
1442 bool last;
1443
1444 err = tfilter_del_notify(net, skb, n, tp, block,
1445 q, parent, fh, false, &last,
1446 extack);
1447 if (err)
1448 goto errout;
1449 if (last) {
1450 tcf_chain_tp_remove(chain, &chain_info, tp);
1451 tcf_proto_destroy(tp, extack);
1452 }
1453 }
1454
1455errout:
1456 if (chain)
1457 tcf_chain_put(chain);
1458 return err;
1459}
1460
1461static int tc_get_tfilter(struct sk_buff *skb, struct nlmsghdr *n,
1462 struct netlink_ext_ack *extack)
1463{
1464 struct net *net = sock_net(skb->sk);
1465 struct nlattr *tca[TCA_MAX + 1];
1466 struct tcmsg *t;
1467 u32 protocol;
1468 u32 prio;
1469 u32 parent;
1470 u32 chain_index;
1471 struct Qdisc *q = NULL;
1472 struct tcf_chain_info chain_info;
1473 struct tcf_chain *chain = NULL;
1474 struct tcf_block *block;
1475 struct tcf_proto *tp = NULL;
1476 unsigned long cl = 0;
1477 void *fh = NULL;
1478 int err;
1479
1480 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1481 if (err < 0)
1482 return err;
1483
1484 t = nlmsg_data(n);
1485 protocol = TC_H_MIN(t->tcm_info);
1486 prio = TC_H_MAJ(t->tcm_info);
1487 parent = t->tcm_parent;
1488
1489 if (prio == 0) {
1490 NL_SET_ERR_MSG(extack, "Invalid filter command with priority of zero");
1491 return -ENOENT;
1492 }
1493
1494
1495
1496 block = tcf_block_find(net, &q, &parent, &cl,
1497 t->tcm_ifindex, t->tcm_block_index, extack);
1498 if (IS_ERR(block)) {
1499 err = PTR_ERR(block);
1500 goto errout;
1501 }
1502
1503 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1504 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1505 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1506 err = -EINVAL;
1507 goto errout;
1508 }
1509 chain = tcf_chain_get(block, chain_index, false);
1510 if (!chain) {
1511 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1512 err = -EINVAL;
1513 goto errout;
1514 }
1515
1516 tp = tcf_chain_tp_find(chain, &chain_info, protocol,
1517 prio, false);
1518 if (!tp || IS_ERR(tp)) {
1519 NL_SET_ERR_MSG(extack, "Filter with specified priority/protocol not found");
1520 err = tp ? PTR_ERR(tp) : -ENOENT;
1521 goto errout;
1522 } else if (tca[TCA_KIND] && nla_strcmp(tca[TCA_KIND], tp->ops->kind)) {
1523 NL_SET_ERR_MSG(extack, "Specified filter kind does not match existing one");
1524 err = -EINVAL;
1525 goto errout;
1526 }
1527
1528 fh = tp->ops->get(tp, t->tcm_handle);
1529
1530 if (!fh) {
1531 NL_SET_ERR_MSG(extack, "Specified filter handle not found");
1532 err = -ENOENT;
1533 } else {
1534 err = tfilter_notify(net, skb, n, tp, block, q, parent,
1535 fh, RTM_NEWTFILTER, true);
1536 if (err < 0)
1537 NL_SET_ERR_MSG(extack, "Failed to send filter notify message");
1538 }
1539
1540errout:
1541 if (chain)
1542 tcf_chain_put(chain);
1543 return err;
1544}
1545
1546struct tcf_dump_args {
1547 struct tcf_walker w;
1548 struct sk_buff *skb;
1549 struct netlink_callback *cb;
1550 struct tcf_block *block;
1551 struct Qdisc *q;
1552 u32 parent;
1553};
1554
1555static int tcf_node_dump(struct tcf_proto *tp, void *n, struct tcf_walker *arg)
1556{
1557 struct tcf_dump_args *a = (void *)arg;
1558 struct net *net = sock_net(a->skb->sk);
1559
1560 return tcf_fill_node(net, a->skb, tp, a->block, a->q, a->parent,
1561 n, NETLINK_CB(a->cb->skb).portid,
1562 a->cb->nlh->nlmsg_seq, NLM_F_MULTI,
1563 RTM_NEWTFILTER);
1564}
1565
1566static bool tcf_chain_dump(struct tcf_chain *chain, struct Qdisc *q, u32 parent,
1567 struct sk_buff *skb, struct netlink_callback *cb,
1568 long index_start, long *p_index)
1569{
1570 struct net *net = sock_net(skb->sk);
1571 struct tcf_block *block = chain->block;
1572 struct tcmsg *tcm = nlmsg_data(cb->nlh);
1573 struct tcf_dump_args arg;
1574 struct tcf_proto *tp;
1575
1576 for (tp = rtnl_dereference(chain->filter_chain);
1577 tp; tp = rtnl_dereference(tp->next), (*p_index)++) {
1578 if (*p_index < index_start)
1579 continue;
1580 if (TC_H_MAJ(tcm->tcm_info) &&
1581 TC_H_MAJ(tcm->tcm_info) != tp->prio)
1582 continue;
1583 if (TC_H_MIN(tcm->tcm_info) &&
1584 TC_H_MIN(tcm->tcm_info) != tp->protocol)
1585 continue;
1586 if (*p_index > index_start)
1587 memset(&cb->args[1], 0,
1588 sizeof(cb->args) - sizeof(cb->args[0]));
1589 if (cb->args[1] == 0) {
1590 if (tcf_fill_node(net, skb, tp, block, q, parent, NULL,
1591 NETLINK_CB(cb->skb).portid,
1592 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1593 RTM_NEWTFILTER) <= 0)
1594 return false;
1595
1596 cb->args[1] = 1;
1597 }
1598 if (!tp->ops->walk)
1599 continue;
1600 arg.w.fn = tcf_node_dump;
1601 arg.skb = skb;
1602 arg.cb = cb;
1603 arg.block = block;
1604 arg.q = q;
1605 arg.parent = parent;
1606 arg.w.stop = 0;
1607 arg.w.skip = cb->args[1] - 1;
1608 arg.w.count = 0;
1609 arg.w.cookie = cb->args[2];
1610 tp->ops->walk(tp, &arg.w);
1611 cb->args[2] = arg.w.cookie;
1612 cb->args[1] = arg.w.count + 1;
1613 if (arg.w.stop)
1614 return false;
1615 }
1616 return true;
1617}
1618
1619
1620static int tc_dump_tfilter(struct sk_buff *skb, struct netlink_callback *cb)
1621{
1622 struct net *net = sock_net(skb->sk);
1623 struct nlattr *tca[TCA_MAX + 1];
1624 struct Qdisc *q = NULL;
1625 struct tcf_block *block;
1626 struct tcf_chain *chain;
1627 struct tcmsg *tcm = nlmsg_data(cb->nlh);
1628 long index_start;
1629 long index;
1630 u32 parent;
1631 int err;
1632
1633 if (nlmsg_len(cb->nlh) < sizeof(*tcm))
1634 return skb->len;
1635
1636 err = nlmsg_parse(cb->nlh, sizeof(*tcm), tca, TCA_MAX, NULL, NULL);
1637 if (err)
1638 return err;
1639
1640 if (tcm->tcm_ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
1641 block = tcf_block_lookup(net, tcm->tcm_block_index);
1642 if (!block)
1643 goto out;
1644
1645
1646
1647
1648
1649
1650 parent = 0;
1651 } else {
1652 const struct Qdisc_class_ops *cops;
1653 struct net_device *dev;
1654 unsigned long cl = 0;
1655
1656 dev = __dev_get_by_index(net, tcm->tcm_ifindex);
1657 if (!dev)
1658 return skb->len;
1659
1660 parent = tcm->tcm_parent;
1661 if (!parent) {
1662 q = dev->qdisc;
1663 parent = q->handle;
1664 } else {
1665 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
1666 }
1667 if (!q)
1668 goto out;
1669 cops = q->ops->cl_ops;
1670 if (!cops)
1671 goto out;
1672 if (!cops->tcf_block)
1673 goto out;
1674 if (TC_H_MIN(tcm->tcm_parent)) {
1675 cl = cops->find(q, tcm->tcm_parent);
1676 if (cl == 0)
1677 goto out;
1678 }
1679 block = cops->tcf_block(q, cl, NULL);
1680 if (!block)
1681 goto out;
1682 if (tcf_block_shared(block))
1683 q = NULL;
1684 }
1685
1686 index_start = cb->args[0];
1687 index = 0;
1688
1689 list_for_each_entry(chain, &block->chain_list, list) {
1690 if (tca[TCA_CHAIN] &&
1691 nla_get_u32(tca[TCA_CHAIN]) != chain->index)
1692 continue;
1693 if (!tcf_chain_dump(chain, q, parent, skb, cb,
1694 index_start, &index)) {
1695 err = -EMSGSIZE;
1696 break;
1697 }
1698 }
1699
1700 cb->args[0] = index;
1701
1702out:
1703
1704 if (skb->len == 0 && err)
1705 return err;
1706 return skb->len;
1707}
1708
1709static int tc_chain_fill_node(struct tcf_chain *chain, struct net *net,
1710 struct sk_buff *skb, struct tcf_block *block,
1711 u32 portid, u32 seq, u16 flags, int event)
1712{
1713 unsigned char *b = skb_tail_pointer(skb);
1714 const struct tcf_proto_ops *ops;
1715 struct nlmsghdr *nlh;
1716 struct tcmsg *tcm;
1717 void *priv;
1718
1719 ops = chain->tmplt_ops;
1720 priv = chain->tmplt_priv;
1721
1722 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*tcm), flags);
1723 if (!nlh)
1724 goto out_nlmsg_trim;
1725 tcm = nlmsg_data(nlh);
1726 tcm->tcm_family = AF_UNSPEC;
1727 tcm->tcm__pad1 = 0;
1728 tcm->tcm__pad2 = 0;
1729 tcm->tcm_handle = 0;
1730 if (block->q) {
1731 tcm->tcm_ifindex = qdisc_dev(block->q)->ifindex;
1732 tcm->tcm_parent = block->q->handle;
1733 } else {
1734 tcm->tcm_ifindex = TCM_IFINDEX_MAGIC_BLOCK;
1735 tcm->tcm_block_index = block->index;
1736 }
1737
1738 if (nla_put_u32(skb, TCA_CHAIN, chain->index))
1739 goto nla_put_failure;
1740
1741 if (ops) {
1742 if (nla_put_string(skb, TCA_KIND, ops->kind))
1743 goto nla_put_failure;
1744 if (ops->tmplt_dump(skb, net, priv) < 0)
1745 goto nla_put_failure;
1746 }
1747
1748 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1749 return skb->len;
1750
1751out_nlmsg_trim:
1752nla_put_failure:
1753 nlmsg_trim(skb, b);
1754 return -EMSGSIZE;
1755}
1756
1757static int tc_chain_notify(struct tcf_chain *chain, struct sk_buff *oskb,
1758 u32 seq, u16 flags, int event, bool unicast)
1759{
1760 u32 portid = oskb ? NETLINK_CB(oskb).portid : 0;
1761 struct tcf_block *block = chain->block;
1762 struct net *net = block->net;
1763 struct sk_buff *skb;
1764
1765 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1766 if (!skb)
1767 return -ENOBUFS;
1768
1769 if (tc_chain_fill_node(chain, net, skb, block, portid,
1770 seq, flags, event) <= 0) {
1771 kfree_skb(skb);
1772 return -EINVAL;
1773 }
1774
1775 if (unicast)
1776 return netlink_unicast(net->rtnl, skb, portid, MSG_DONTWAIT);
1777
1778 return rtnetlink_send(skb, net, portid, RTNLGRP_TC, flags & NLM_F_ECHO);
1779}
1780
1781static int tc_chain_tmplt_add(struct tcf_chain *chain, struct net *net,
1782 struct nlattr **tca,
1783 struct netlink_ext_ack *extack)
1784{
1785 const struct tcf_proto_ops *ops;
1786 void *tmplt_priv;
1787
1788
1789 if (!tca[TCA_KIND])
1790 return 0;
1791
1792 ops = tcf_proto_lookup_ops(nla_data(tca[TCA_KIND]), extack);
1793 if (IS_ERR(ops))
1794 return PTR_ERR(ops);
1795 if (!ops->tmplt_create || !ops->tmplt_destroy || !ops->tmplt_dump) {
1796 NL_SET_ERR_MSG(extack, "Chain templates are not supported with specified classifier");
1797 return -EOPNOTSUPP;
1798 }
1799
1800 tmplt_priv = ops->tmplt_create(net, chain, tca, extack);
1801 if (IS_ERR(tmplt_priv)) {
1802 module_put(ops->owner);
1803 return PTR_ERR(tmplt_priv);
1804 }
1805 chain->tmplt_ops = ops;
1806 chain->tmplt_priv = tmplt_priv;
1807 return 0;
1808}
1809
1810static void tc_chain_tmplt_del(struct tcf_chain *chain)
1811{
1812 const struct tcf_proto_ops *ops = chain->tmplt_ops;
1813
1814
1815 if (!ops)
1816 return;
1817
1818 ops->tmplt_destroy(chain->tmplt_priv);
1819 module_put(ops->owner);
1820}
1821
1822
1823
1824static int tc_ctl_chain(struct sk_buff *skb, struct nlmsghdr *n,
1825 struct netlink_ext_ack *extack)
1826{
1827 struct net *net = sock_net(skb->sk);
1828 struct nlattr *tca[TCA_MAX + 1];
1829 struct tcmsg *t;
1830 u32 parent;
1831 u32 chain_index;
1832 struct Qdisc *q = NULL;
1833 struct tcf_chain *chain = NULL;
1834 struct tcf_block *block;
1835 unsigned long cl;
1836 int err;
1837
1838 if (n->nlmsg_type != RTM_GETCHAIN &&
1839 !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
1840 return -EPERM;
1841
1842replay:
1843 err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, rtm_tca_policy, extack);
1844 if (err < 0)
1845 return err;
1846
1847 t = nlmsg_data(n);
1848 parent = t->tcm_parent;
1849 cl = 0;
1850
1851 block = tcf_block_find(net, &q, &parent, &cl,
1852 t->tcm_ifindex, t->tcm_block_index, extack);
1853 if (IS_ERR(block))
1854 return PTR_ERR(block);
1855
1856 chain_index = tca[TCA_CHAIN] ? nla_get_u32(tca[TCA_CHAIN]) : 0;
1857 if (chain_index > TC_ACT_EXT_VAL_MASK) {
1858 NL_SET_ERR_MSG(extack, "Specified chain index exceeds upper limit");
1859 return -EINVAL;
1860 }
1861 chain = tcf_chain_lookup(block, chain_index);
1862 if (n->nlmsg_type == RTM_NEWCHAIN) {
1863 if (chain) {
1864 if (tcf_chain_held_by_acts_only(chain)) {
1865
1866
1867
1868 tcf_chain_hold(chain);
1869 } else {
1870 NL_SET_ERR_MSG(extack, "Filter chain already exists");
1871 return -EEXIST;
1872 }
1873 } else {
1874 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
1875 NL_SET_ERR_MSG(extack, "Need both RTM_NEWCHAIN and NLM_F_CREATE to create a new chain");
1876 return -ENOENT;
1877 }
1878 chain = tcf_chain_create(block, chain_index);
1879 if (!chain) {
1880 NL_SET_ERR_MSG(extack, "Failed to create filter chain");
1881 return -ENOMEM;
1882 }
1883 }
1884 } else {
1885 if (!chain || tcf_chain_held_by_acts_only(chain)) {
1886 NL_SET_ERR_MSG(extack, "Cannot find specified filter chain");
1887 return -EINVAL;
1888 }
1889 tcf_chain_hold(chain);
1890 }
1891
1892 switch (n->nlmsg_type) {
1893 case RTM_NEWCHAIN:
1894 err = tc_chain_tmplt_add(chain, net, tca, extack);
1895 if (err)
1896 goto errout;
1897
1898
1899
1900
1901 tcf_chain_hold(chain);
1902 chain->explicitly_created = true;
1903 tc_chain_notify(chain, NULL, 0, NLM_F_CREATE | NLM_F_EXCL,
1904 RTM_NEWCHAIN, false);
1905 break;
1906 case RTM_DELCHAIN:
1907 tfilter_notify_chain(net, skb, block, q, parent, n,
1908 chain, RTM_DELTFILTER);
1909
1910 tcf_chain_flush(chain);
1911
1912
1913
1914 tcf_chain_put_explicitly_created(chain);
1915 chain->explicitly_created = false;
1916 break;
1917 case RTM_GETCHAIN:
1918 err = tc_chain_notify(chain, skb, n->nlmsg_seq,
1919 n->nlmsg_seq, n->nlmsg_type, true);
1920 if (err < 0)
1921 NL_SET_ERR_MSG(extack, "Failed to send chain notify message");
1922 break;
1923 default:
1924 err = -EOPNOTSUPP;
1925 NL_SET_ERR_MSG(extack, "Unsupported message type");
1926 goto errout;
1927 }
1928
1929errout:
1930 tcf_chain_put(chain);
1931 if (err == -EAGAIN)
1932
1933 goto replay;
1934 return err;
1935}
1936
1937
1938static int tc_dump_chain(struct sk_buff *skb, struct netlink_callback *cb)
1939{
1940 struct net *net = sock_net(skb->sk);
1941 struct nlattr *tca[TCA_MAX + 1];
1942 struct Qdisc *q = NULL;
1943 struct tcf_block *block;
1944 struct tcf_chain *chain;
1945 struct tcmsg *tcm = nlmsg_data(cb->nlh);
1946 long index_start;
1947 long index;
1948 u32 parent;
1949 int err;
1950
1951 if (nlmsg_len(cb->nlh) < sizeof(*tcm))
1952 return skb->len;
1953
1954 err = nlmsg_parse(cb->nlh, sizeof(*tcm), tca, TCA_MAX, rtm_tca_policy,
1955 NULL);
1956 if (err)
1957 return err;
1958
1959 if (tcm->tcm_ifindex == TCM_IFINDEX_MAGIC_BLOCK) {
1960 block = tcf_block_lookup(net, tcm->tcm_block_index);
1961 if (!block)
1962 goto out;
1963
1964
1965
1966
1967
1968
1969 parent = 0;
1970 } else {
1971 const struct Qdisc_class_ops *cops;
1972 struct net_device *dev;
1973 unsigned long cl = 0;
1974
1975 dev = __dev_get_by_index(net, tcm->tcm_ifindex);
1976 if (!dev)
1977 return skb->len;
1978
1979 parent = tcm->tcm_parent;
1980 if (!parent) {
1981 q = dev->qdisc;
1982 parent = q->handle;
1983 } else {
1984 q = qdisc_lookup(dev, TC_H_MAJ(tcm->tcm_parent));
1985 }
1986 if (!q)
1987 goto out;
1988 cops = q->ops->cl_ops;
1989 if (!cops)
1990 goto out;
1991 if (!cops->tcf_block)
1992 goto out;
1993 if (TC_H_MIN(tcm->tcm_parent)) {
1994 cl = cops->find(q, tcm->tcm_parent);
1995 if (cl == 0)
1996 goto out;
1997 }
1998 block = cops->tcf_block(q, cl, NULL);
1999 if (!block)
2000 goto out;
2001 if (tcf_block_shared(block))
2002 q = NULL;
2003 }
2004
2005 index_start = cb->args[0];
2006 index = 0;
2007
2008 list_for_each_entry(chain, &block->chain_list, list) {
2009 if ((tca[TCA_CHAIN] &&
2010 nla_get_u32(tca[TCA_CHAIN]) != chain->index))
2011 continue;
2012 if (index < index_start) {
2013 index++;
2014 continue;
2015 }
2016 if (tcf_chain_held_by_acts_only(chain))
2017 continue;
2018 err = tc_chain_fill_node(chain, net, skb, block,
2019 NETLINK_CB(cb->skb).portid,
2020 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2021 RTM_NEWCHAIN);
2022 if (err <= 0)
2023 break;
2024 index++;
2025 }
2026
2027 cb->args[0] = index;
2028
2029out:
2030
2031 if (skb->len == 0 && err)
2032 return err;
2033 return skb->len;
2034}
2035
2036void tcf_exts_destroy(struct tcf_exts *exts)
2037{
2038#ifdef CONFIG_NET_CLS_ACT
2039 tcf_action_destroy(exts->actions, TCA_ACT_UNBIND);
2040 kfree(exts->actions);
2041 exts->nr_actions = 0;
2042#endif
2043}
2044EXPORT_SYMBOL(tcf_exts_destroy);
2045
2046int tcf_exts_validate(struct net *net, struct tcf_proto *tp, struct nlattr **tb,
2047 struct nlattr *rate_tlv, struct tcf_exts *exts, bool ovr,
2048 struct netlink_ext_ack *extack)
2049{
2050#ifdef CONFIG_NET_CLS_ACT
2051 {
2052 struct tc_action *act;
2053 size_t attr_size = 0;
2054
2055 if (exts->police && tb[exts->police]) {
2056 act = tcf_action_init_1(net, tp, tb[exts->police],
2057 rate_tlv, "police", ovr,
2058 TCA_ACT_BIND, true, extack);
2059 if (IS_ERR(act))
2060 return PTR_ERR(act);
2061
2062 act->type = exts->type = TCA_OLD_COMPAT;
2063 exts->actions[0] = act;
2064 exts->nr_actions = 1;
2065 } else if (exts->action && tb[exts->action]) {
2066 int err;
2067
2068 err = tcf_action_init(net, tp, tb[exts->action],
2069 rate_tlv, NULL, ovr, TCA_ACT_BIND,
2070 exts->actions, &attr_size, true,
2071 extack);
2072 if (err < 0)
2073 return err;
2074 exts->nr_actions = err;
2075 }
2076 exts->net = net;
2077 }
2078#else
2079 if ((exts->action && tb[exts->action]) ||
2080 (exts->police && tb[exts->police])) {
2081 NL_SET_ERR_MSG(extack, "Classifier actions are not supported per compile options (CONFIG_NET_CLS_ACT)");
2082 return -EOPNOTSUPP;
2083 }
2084#endif
2085
2086 return 0;
2087}
2088EXPORT_SYMBOL(tcf_exts_validate);
2089
2090void tcf_exts_change(struct tcf_exts *dst, struct tcf_exts *src)
2091{
2092#ifdef CONFIG_NET_CLS_ACT
2093 struct tcf_exts old = *dst;
2094
2095 *dst = *src;
2096 tcf_exts_destroy(&old);
2097#endif
2098}
2099EXPORT_SYMBOL(tcf_exts_change);
2100
2101#ifdef CONFIG_NET_CLS_ACT
2102static struct tc_action *tcf_exts_first_act(struct tcf_exts *exts)
2103{
2104 if (exts->nr_actions == 0)
2105 return NULL;
2106 else
2107 return exts->actions[0];
2108}
2109#endif
2110
2111int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts)
2112{
2113#ifdef CONFIG_NET_CLS_ACT
2114 struct nlattr *nest;
2115
2116 if (exts->action && tcf_exts_has_actions(exts)) {
2117
2118
2119
2120
2121
2122 if (exts->type != TCA_OLD_COMPAT) {
2123 nest = nla_nest_start(skb, exts->action);
2124 if (nest == NULL)
2125 goto nla_put_failure;
2126
2127 if (tcf_action_dump(skb, exts->actions, 0, 0) < 0)
2128 goto nla_put_failure;
2129 nla_nest_end(skb, nest);
2130 } else if (exts->police) {
2131 struct tc_action *act = tcf_exts_first_act(exts);
2132 nest = nla_nest_start(skb, exts->police);
2133 if (nest == NULL || !act)
2134 goto nla_put_failure;
2135 if (tcf_action_dump_old(skb, act, 0, 0) < 0)
2136 goto nla_put_failure;
2137 nla_nest_end(skb, nest);
2138 }
2139 }
2140 return 0;
2141
2142nla_put_failure:
2143 nla_nest_cancel(skb, nest);
2144 return -1;
2145#else
2146 return 0;
2147#endif
2148}
2149EXPORT_SYMBOL(tcf_exts_dump);
2150
2151
2152int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts)
2153{
2154#ifdef CONFIG_NET_CLS_ACT
2155 struct tc_action *a = tcf_exts_first_act(exts);
2156 if (a != NULL && tcf_action_copy_stats(skb, a, 1) < 0)
2157 return -1;
2158#endif
2159 return 0;
2160}
2161EXPORT_SYMBOL(tcf_exts_dump_stats);
2162
2163static int tc_exts_setup_cb_egdev_call(struct tcf_exts *exts,
2164 enum tc_setup_type type,
2165 void *type_data, bool err_stop)
2166{
2167 int ok_count = 0;
2168#ifdef CONFIG_NET_CLS_ACT
2169 const struct tc_action *a;
2170 struct net_device *dev;
2171 int i, ret;
2172
2173 if (!tcf_exts_has_actions(exts))
2174 return 0;
2175
2176 for (i = 0; i < exts->nr_actions; i++) {
2177 a = exts->actions[i];
2178 if (!a->ops->get_dev)
2179 continue;
2180 dev = a->ops->get_dev(a);
2181 if (!dev)
2182 continue;
2183 ret = tc_setup_cb_egdev_call(dev, type, type_data, err_stop);
2184 a->ops->put_dev(dev);
2185 if (ret < 0)
2186 return ret;
2187 ok_count += ret;
2188 }
2189#endif
2190 return ok_count;
2191}
2192
2193int tc_setup_cb_call(struct tcf_block *block, struct tcf_exts *exts,
2194 enum tc_setup_type type, void *type_data, bool err_stop)
2195{
2196 int ok_count;
2197 int ret;
2198
2199 ret = tcf_block_cb_call(block, type, type_data, err_stop);
2200 if (ret < 0)
2201 return ret;
2202 ok_count = ret;
2203
2204 if (!exts || ok_count)
2205 return ok_count;
2206 ret = tc_exts_setup_cb_egdev_call(exts, type, type_data, err_stop);
2207 if (ret < 0)
2208 return ret;
2209 ok_count += ret;
2210
2211 return ok_count;
2212}
2213EXPORT_SYMBOL(tc_setup_cb_call);
2214
2215static __net_init int tcf_net_init(struct net *net)
2216{
2217 struct tcf_net *tn = net_generic(net, tcf_net_id);
2218
2219 idr_init(&tn->idr);
2220 return 0;
2221}
2222
2223static void __net_exit tcf_net_exit(struct net *net)
2224{
2225 struct tcf_net *tn = net_generic(net, tcf_net_id);
2226
2227 idr_destroy(&tn->idr);
2228}
2229
2230static struct pernet_operations tcf_net_ops = {
2231 .init = tcf_net_init,
2232 .exit = tcf_net_exit,
2233 .id = &tcf_net_id,
2234 .size = sizeof(struct tcf_net),
2235};
2236
2237static int __init tc_filter_init(void)
2238{
2239 int err;
2240
2241 tc_filter_wq = alloc_ordered_workqueue("tc_filter_workqueue", 0);
2242 if (!tc_filter_wq)
2243 return -ENOMEM;
2244
2245 err = register_pernet_subsys(&tcf_net_ops);
2246 if (err)
2247 goto err_register_pernet_subsys;
2248
2249 rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_new_tfilter, NULL, 0);
2250 rtnl_register(PF_UNSPEC, RTM_DELTFILTER, tc_del_tfilter, NULL, 0);
2251 rtnl_register(PF_UNSPEC, RTM_GETTFILTER, tc_get_tfilter,
2252 tc_dump_tfilter, 0);
2253 rtnl_register(PF_UNSPEC, RTM_NEWCHAIN, tc_ctl_chain, NULL, 0);
2254 rtnl_register(PF_UNSPEC, RTM_DELCHAIN, tc_ctl_chain, NULL, 0);
2255 rtnl_register(PF_UNSPEC, RTM_GETCHAIN, tc_ctl_chain,
2256 tc_dump_chain, 0);
2257
2258 return 0;
2259
2260err_register_pernet_subsys:
2261 destroy_workqueue(tc_filter_wq);
2262 return err;
2263}
2264
2265subsys_initcall(tc_filter_init);
2266
