1
2#ifndef __NET_FIB_RULES_H
3#define __NET_FIB_RULES_H
4
5#include <linux/types.h>
6#include <linux/slab.h>
7#include <linux/netdevice.h>
8#include <linux/fib_rules.h>
9#include <linux/refcount.h>
10#include <net/flow.h>
11#include <net/rtnetlink.h>
12#include <net/fib_notifier.h>
13
14struct fib_kuid_range {
15 kuid_t start;
16 kuid_t end;
17};
18
19struct fib_rule {
20 struct list_head list;
21 int iifindex;
22 int oifindex;
23 u32 mark;
24 u32 mark_mask;
25 u32 flags;
26 u32 table;
27 u8 action;
28 u8 l3mdev;
29 u8 proto;
30 u8 ip_proto;
31 u32 target;
32 __be64 tun_id;
33 struct fib_rule __rcu *ctarget;
34 struct net *fr_net;
35
36 refcount_t refcnt;
37 u32 pref;
38 int suppress_ifgroup;
39 int suppress_prefixlen;
40 char iifname[IFNAMSIZ];
41 char oifname[IFNAMSIZ];
42 struct fib_kuid_range uid_range;
43 struct fib_rule_port_range sport_range;
44 struct fib_rule_port_range dport_range;
45 struct rcu_head rcu;
46};
47
48struct fib_lookup_arg {
49 void *lookup_ptr;
50 const void *lookup_data;
51 void *result;
52 struct fib_rule *rule;
53 u32 table;
54 int flags;
55#define FIB_LOOKUP_NOREF 1
56#define FIB_LOOKUP_IGNORE_LINKSTATE 2
57};
58
59struct fib_rules_ops {
60 int family;
61 struct list_head list;
62 int rule_size;
63 int addr_size;
64 int unresolved_rules;
65 int nr_goto_rules;
66 unsigned int fib_rules_seq;
67
68 int (*action)(struct fib_rule *,
69 struct flowi *, int,
70 struct fib_lookup_arg *);
71 bool (*suppress)(struct fib_rule *,
72 struct fib_lookup_arg *);
73 int (*match)(struct fib_rule *,
74 struct flowi *, int);
75 int (*configure)(struct fib_rule *,
76 struct sk_buff *,
77 struct fib_rule_hdr *,
78 struct nlattr **,
79 struct netlink_ext_ack *);
80 int (*delete)(struct fib_rule *);
81 int (*compare)(struct fib_rule *,
82 struct fib_rule_hdr *,
83 struct nlattr **);
84 int (*fill)(struct fib_rule *, struct sk_buff *,
85 struct fib_rule_hdr *);
86 size_t (*nlmsg_payload)(struct fib_rule *);
87
88
89
90 void (*flush_cache)(struct fib_rules_ops *ops);
91
92 int nlgroup;
93 const struct nla_policy *policy;
94 struct list_head rules_list;
95 struct module *owner;
96 struct net *fro_net;
97 struct rcu_head rcu;
98};
99
100struct fib_rule_notifier_info {
101 struct fib_notifier_info info;
102 struct fib_rule *rule;
103};
104
105#define FRA_GENERIC_POLICY \
106 [FRA_UNSPEC] = { .strict_start_type = FRA_DPORT_RANGE + 1 }, \
107 [FRA_IIFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
108 [FRA_OIFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
109 [FRA_PRIORITY] = { .type = NLA_U32 }, \
110 [FRA_FWMARK] = { .type = NLA_U32 }, \
111 [FRA_FWMASK] = { .type = NLA_U32 }, \
112 [FRA_TABLE] = { .type = NLA_U32 }, \
113 [FRA_SUPPRESS_PREFIXLEN] = { .type = NLA_U32 }, \
114 [FRA_SUPPRESS_IFGROUP] = { .type = NLA_U32 }, \
115 [FRA_GOTO] = { .type = NLA_U32 }, \
116 [FRA_L3MDEV] = { .type = NLA_U8 }, \
117 [FRA_UID_RANGE] = { .len = sizeof(struct fib_rule_uid_range) }, \
118 [FRA_PROTOCOL] = { .type = NLA_U8 }, \
119 [FRA_IP_PROTO] = { .type = NLA_U8 }, \
120 [FRA_SPORT_RANGE] = { .len = sizeof(struct fib_rule_port_range) }, \
121 [FRA_DPORT_RANGE] = { .len = sizeof(struct fib_rule_port_range) }
122
123
124static inline void fib_rule_get(struct fib_rule *rule)
125{
126 refcount_inc(&rule->refcnt);
127}
128
129static inline void fib_rule_put(struct fib_rule *rule)
130{
131 if (refcount_dec_and_test(&rule->refcnt))
132 kfree_rcu(rule, rcu);
133}
134
135#ifdef CONFIG_NET_L3_MASTER_DEV
136static inline u32 fib_rule_get_table(struct fib_rule *rule,
137 struct fib_lookup_arg *arg)
138{
139 return rule->l3mdev ? arg->table : rule->table;
140}
141#else
142static inline u32 fib_rule_get_table(struct fib_rule *rule,
143 struct fib_lookup_arg *arg)
144{
145 return rule->table;
146}
147#endif
148
149static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
150{
151 if (nla[FRA_TABLE])
152 return nla_get_u32(nla[FRA_TABLE]);
153 return frh->table;
154}
155
156static inline bool fib_rule_port_range_set(const struct fib_rule_port_range *range)
157{
158 return range->start != 0 && range->end != 0;
159}
160
161static inline bool fib_rule_port_inrange(const struct fib_rule_port_range *a,
162 __be16 port)
163{
164 return ntohs(port) >= a->start &&
165 ntohs(port) <= a->end;
166}
167
168static inline bool fib_rule_port_range_valid(const struct fib_rule_port_range *a)
169{
170 return a->start != 0 && a->end != 0 && a->end < 0xffff &&
171 a->start <= a->end;
172}
173
174static inline bool fib_rule_port_range_compare(struct fib_rule_port_range *a,
175 struct fib_rule_port_range *b)
176{
177 return a->start == b->start &&
178 a->end == b->end;
179}
180
181static inline bool fib_rule_requires_fldissect(struct fib_rule *rule)
182{
183 return rule->iifindex != LOOPBACK_IFINDEX && (rule->ip_proto ||
184 fib_rule_port_range_set(&rule->sport_range) ||
185 fib_rule_port_range_set(&rule->dport_range));
186}
187
188struct fib_rules_ops *fib_rules_register(const struct fib_rules_ops *,
189 struct net *);
190void fib_rules_unregister(struct fib_rules_ops *);
191
192int fib_rules_lookup(struct fib_rules_ops *, struct flowi *, int flags,
193 struct fib_lookup_arg *);
194int fib_default_rule_add(struct fib_rules_ops *, u32 pref, u32 table,
195 u32 flags);
196bool fib_rule_matchall(const struct fib_rule *rule);
197int fib_rules_dump(struct net *net, struct notifier_block *nb, int family);
198unsigned int fib_rules_seq_read(struct net *net, int family);
199
200int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr *nlh,
201 struct netlink_ext_ack *extack);
202int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr *nlh,
203 struct netlink_ext_ack *extack);
204#endif
205
