1
2
3
4
5
6
7
8#include <linux/kernel.h>
9#include <linux/init.h>
10#include <linux/module.h>
11#include <linux/rhashtable.h>
12#include <linux/workqueue.h>
13#include <linux/refcount.h>
14
15#include <linux/if_ether.h>
16#include <linux/in6.h>
17#include <linux/ip.h>
18#include <linux/mpls.h>
19
20#include <net/sch_generic.h>
21#include <net/pkt_cls.h>
22#include <net/ip.h>
23#include <net/flow_dissector.h>
24#include <net/geneve.h>
25#include <net/vxlan.h>
26#include <net/erspan.h>
27
28#include <net/dst.h>
29#include <net/dst_metadata.h>
30
31#include <uapi/linux/netfilter/nf_conntrack_common.h>
32
33struct fl_flow_key {
34 struct flow_dissector_key_meta meta;
35 struct flow_dissector_key_control control;
36 struct flow_dissector_key_control enc_control;
37 struct flow_dissector_key_basic basic;
38 struct flow_dissector_key_eth_addrs eth;
39 struct flow_dissector_key_vlan vlan;
40 struct flow_dissector_key_vlan cvlan;
41 union {
42 struct flow_dissector_key_ipv4_addrs ipv4;
43 struct flow_dissector_key_ipv6_addrs ipv6;
44 };
45 struct flow_dissector_key_ports tp;
46 struct flow_dissector_key_icmp icmp;
47 struct flow_dissector_key_arp arp;
48 struct flow_dissector_key_keyid enc_key_id;
49 union {
50 struct flow_dissector_key_ipv4_addrs enc_ipv4;
51 struct flow_dissector_key_ipv6_addrs enc_ipv6;
52 };
53 struct flow_dissector_key_ports enc_tp;
54 struct flow_dissector_key_mpls mpls;
55 struct flow_dissector_key_tcp tcp;
56 struct flow_dissector_key_ip ip;
57 struct flow_dissector_key_ip enc_ip;
58 struct flow_dissector_key_enc_opts enc_opts;
59 union {
60 struct flow_dissector_key_ports tp;
61 struct {
62 struct flow_dissector_key_ports tp_min;
63 struct flow_dissector_key_ports tp_max;
64 };
65 } tp_range;
66 struct flow_dissector_key_ct ct;
67} __aligned(BITS_PER_LONG / 8);
68
69struct fl_flow_mask_range {
70 unsigned short int start;
71 unsigned short int end;
72};
73
74struct fl_flow_mask {
75 struct fl_flow_key key;
76 struct fl_flow_mask_range range;
77 u32 flags;
78 struct rhash_head ht_node;
79 struct rhashtable ht;
80 struct rhashtable_params filter_ht_params;
81 struct flow_dissector dissector;
82 struct list_head filters;
83 struct rcu_work rwork;
84 struct list_head list;
85 refcount_t refcnt;
86};
87
88struct fl_flow_tmplt {
89 struct fl_flow_key dummy_key;
90 struct fl_flow_key mask;
91 struct flow_dissector dissector;
92 struct tcf_chain *chain;
93};
94
95struct cls_fl_head {
96 struct rhashtable ht;
97 spinlock_t masks_lock;
98 struct list_head masks;
99 struct list_head hw_filters;
100 struct rcu_work rwork;
101 struct idr handle_idr;
102};
103
104struct cls_fl_filter {
105 struct fl_flow_mask *mask;
106 struct rhash_head ht_node;
107 struct fl_flow_key mkey;
108 struct tcf_exts exts;
109 struct tcf_result res;
110 struct fl_flow_key key;
111 struct list_head list;
112 struct list_head hw_list;
113 u32 handle;
114 u32 flags;
115 u32 in_hw_count;
116 struct rcu_work rwork;
117 struct net_device *hw_dev;
118
119
120
121
122 refcount_t refcnt;
123 bool deleted;
124};
125
126static const struct rhashtable_params mask_ht_params = {
127 .key_offset = offsetof(struct fl_flow_mask, key),
128 .key_len = sizeof(struct fl_flow_key),
129 .head_offset = offsetof(struct fl_flow_mask, ht_node),
130 .automatic_shrinking = true,
131};
132
133static unsigned short int fl_mask_range(const struct fl_flow_mask *mask)
134{
135 return mask->range.end - mask->range.start;
136}
137
138static void fl_mask_update_range(struct fl_flow_mask *mask)
139{
140 const u8 *bytes = (const u8 *) &mask->key;
141 size_t size = sizeof(mask->key);
142 size_t i, first = 0, last;
143
144 for (i = 0; i < size; i++) {
145 if (bytes[i]) {
146 first = i;
147 break;
148 }
149 }
150 last = first;
151 for (i = size - 1; i != first; i--) {
152 if (bytes[i]) {
153 last = i;
154 break;
155 }
156 }
157 mask->range.start = rounddown(first, sizeof(long));
158 mask->range.end = roundup(last + 1, sizeof(long));
159}
160
161static void *fl_key_get_start(struct fl_flow_key *key,
162 const struct fl_flow_mask *mask)
163{
164 return (u8 *) key + mask->range.start;
165}
166
167static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key,
168 struct fl_flow_mask *mask)
169{
170 const long *lkey = fl_key_get_start(key, mask);
171 const long *lmask = fl_key_get_start(&mask->key, mask);
172 long *lmkey = fl_key_get_start(mkey, mask);
173 int i;
174
175 for (i = 0; i < fl_mask_range(mask); i += sizeof(long))
176 *lmkey++ = *lkey++ & *lmask++;
177}
178
179static bool fl_mask_fits_tmplt(struct fl_flow_tmplt *tmplt,
180 struct fl_flow_mask *mask)
181{
182 const long *lmask = fl_key_get_start(&mask->key, mask);
183 const long *ltmplt;
184 int i;
185
186 if (!tmplt)
187 return true;
188 ltmplt = fl_key_get_start(&tmplt->mask, mask);
189 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) {
190 if (~*ltmplt++ & *lmask++)
191 return false;
192 }
193 return true;
194}
195
196static void fl_clear_masked_range(struct fl_flow_key *key,
197 struct fl_flow_mask *mask)
198{
199 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask));
200}
201
202static bool fl_range_port_dst_cmp(struct cls_fl_filter *filter,
203 struct fl_flow_key *key,
204 struct fl_flow_key *mkey)
205{
206 __be16 min_mask, max_mask, min_val, max_val;
207
208 min_mask = htons(filter->mask->key.tp_range.tp_min.dst);
209 max_mask = htons(filter->mask->key.tp_range.tp_max.dst);
210 min_val = htons(filter->key.tp_range.tp_min.dst);
211 max_val = htons(filter->key.tp_range.tp_max.dst);
212
213 if (min_mask && max_mask) {
214 if (htons(key->tp_range.tp.dst) < min_val ||
215 htons(key->tp_range.tp.dst) > max_val)
216 return false;
217
218
219 mkey->tp_range.tp_min.dst = filter->mkey.tp_range.tp_min.dst;
220 mkey->tp_range.tp_max.dst = filter->mkey.tp_range.tp_max.dst;
221 }
222 return true;
223}
224
225static bool fl_range_port_src_cmp(struct cls_fl_filter *filter,
226 struct fl_flow_key *key,
227 struct fl_flow_key *mkey)
228{
229 __be16 min_mask, max_mask, min_val, max_val;
230
231 min_mask = htons(filter->mask->key.tp_range.tp_min.src);
232 max_mask = htons(filter->mask->key.tp_range.tp_max.src);
233 min_val = htons(filter->key.tp_range.tp_min.src);
234 max_val = htons(filter->key.tp_range.tp_max.src);
235
236 if (min_mask && max_mask) {
237 if (htons(key->tp_range.tp.src) < min_val ||
238 htons(key->tp_range.tp.src) > max_val)
239 return false;
240
241
242 mkey->tp_range.tp_min.src = filter->mkey.tp_range.tp_min.src;
243 mkey->tp_range.tp_max.src = filter->mkey.tp_range.tp_max.src;
244 }
245 return true;
246}
247
248static struct cls_fl_filter *__fl_lookup(struct fl_flow_mask *mask,
249 struct fl_flow_key *mkey)
250{
251 return rhashtable_lookup_fast(&mask->ht, fl_key_get_start(mkey, mask),
252 mask->filter_ht_params);
253}
254
255static struct cls_fl_filter *fl_lookup_range(struct fl_flow_mask *mask,
256 struct fl_flow_key *mkey,
257 struct fl_flow_key *key)
258{
259 struct cls_fl_filter *filter, *f;
260
261 list_for_each_entry_rcu(filter, &mask->filters, list) {
262 if (!fl_range_port_dst_cmp(filter, key, mkey))
263 continue;
264
265 if (!fl_range_port_src_cmp(filter, key, mkey))
266 continue;
267
268 f = __fl_lookup(mask, mkey);
269 if (f)
270 return f;
271 }
272 return NULL;
273}
274
275static struct cls_fl_filter *fl_lookup(struct fl_flow_mask *mask,
276 struct fl_flow_key *mkey,
277 struct fl_flow_key *key)
278{
279 if ((mask->flags & TCA_FLOWER_MASK_FLAGS_RANGE))
280 return fl_lookup_range(mask, mkey, key);
281
282 return __fl_lookup(mask, mkey);
283}
284
285static u16 fl_ct_info_to_flower_map[] = {
286 [IP_CT_ESTABLISHED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
287 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED,
288 [IP_CT_RELATED] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
289 TCA_FLOWER_KEY_CT_FLAGS_RELATED,
290 [IP_CT_ESTABLISHED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
291 TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED,
292 [IP_CT_RELATED_REPLY] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
293 TCA_FLOWER_KEY_CT_FLAGS_RELATED,
294 [IP_CT_NEW] = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
295 TCA_FLOWER_KEY_CT_FLAGS_NEW,
296};
297
298static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp,
299 struct tcf_result *res)
300{
301 struct cls_fl_head *head = rcu_dereference_bh(tp->root);
302 struct fl_flow_key skb_mkey;
303 struct fl_flow_key skb_key;
304 struct fl_flow_mask *mask;
305 struct cls_fl_filter *f;
306
307 list_for_each_entry_rcu(mask, &head->masks, list) {
308 fl_clear_masked_range(&skb_key, mask);
309
310 skb_flow_dissect_meta(skb, &mask->dissector, &skb_key);
311
312
313
314 skb_key.basic.n_proto = skb->protocol;
315 skb_flow_dissect_tunnel_info(skb, &mask->dissector, &skb_key);
316 skb_flow_dissect_ct(skb, &mask->dissector, &skb_key,
317 fl_ct_info_to_flower_map,
318 ARRAY_SIZE(fl_ct_info_to_flower_map));
319 skb_flow_dissect(skb, &mask->dissector, &skb_key, 0);
320
321 fl_set_masked_key(&skb_mkey, &skb_key, mask);
322
323 f = fl_lookup(mask, &skb_mkey, &skb_key);
324 if (f && !tc_skip_sw(f->flags)) {
325 *res = f->res;
326 return tcf_exts_exec(skb, &f->exts, res);
327 }
328 }
329 return -1;
330}
331
332static int fl_init(struct tcf_proto *tp)
333{
334 struct cls_fl_head *head;
335
336 head = kzalloc(sizeof(*head), GFP_KERNEL);
337 if (!head)
338 return -ENOBUFS;
339
340 spin_lock_init(&head->masks_lock);
341 INIT_LIST_HEAD_RCU(&head->masks);
342 INIT_LIST_HEAD(&head->hw_filters);
343 rcu_assign_pointer(tp->root, head);
344 idr_init(&head->handle_idr);
345
346 return rhashtable_init(&head->ht, &mask_ht_params);
347}
348
349static void fl_mask_free(struct fl_flow_mask *mask, bool mask_init_done)
350{
351
352 if (mask_init_done) {
353 WARN_ON(!list_empty(&mask->filters));
354 rhashtable_destroy(&mask->ht);
355 }
356 kfree(mask);
357}
358
359static void fl_mask_free_work(struct work_struct *work)
360{
361 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
362 struct fl_flow_mask, rwork);
363
364 fl_mask_free(mask, true);
365}
366
367static void fl_uninit_mask_free_work(struct work_struct *work)
368{
369 struct fl_flow_mask *mask = container_of(to_rcu_work(work),
370 struct fl_flow_mask, rwork);
371
372 fl_mask_free(mask, false);
373}
374
375static bool fl_mask_put(struct cls_fl_head *head, struct fl_flow_mask *mask)
376{
377 if (!refcount_dec_and_test(&mask->refcnt))
378 return false;
379
380 rhashtable_remove_fast(&head->ht, &mask->ht_node, mask_ht_params);
381
382 spin_lock(&head->masks_lock);
383 list_del_rcu(&mask->list);
384 spin_unlock(&head->masks_lock);
385
386 tcf_queue_work(&mask->rwork, fl_mask_free_work);
387
388 return true;
389}
390
391static struct cls_fl_head *fl_head_dereference(struct tcf_proto *tp)
392{
393
394
395
396
397
398 return rcu_dereference_raw(tp->root);
399}
400
401static void __fl_destroy_filter(struct cls_fl_filter *f)
402{
403 tcf_exts_destroy(&f->exts);
404 tcf_exts_put_net(&f->exts);
405 kfree(f);
406}
407
408static void fl_destroy_filter_work(struct work_struct *work)
409{
410 struct cls_fl_filter *f = container_of(to_rcu_work(work),
411 struct cls_fl_filter, rwork);
412
413 __fl_destroy_filter(f);
414}
415
416static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f,
417 bool rtnl_held, struct netlink_ext_ack *extack)
418{
419 struct tcf_block *block = tp->chain->block;
420 struct flow_cls_offload cls_flower = {};
421
422 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
423 cls_flower.command = FLOW_CLS_DESTROY;
424 cls_flower.cookie = (unsigned long) f;
425
426 tc_setup_cb_destroy(block, tp, TC_SETUP_CLSFLOWER, &cls_flower, false,
427 &f->flags, &f->in_hw_count, rtnl_held);
428
429}
430
431static int fl_hw_replace_filter(struct tcf_proto *tp,
432 struct cls_fl_filter *f, bool rtnl_held,
433 struct netlink_ext_ack *extack)
434{
435 struct tcf_block *block = tp->chain->block;
436 struct flow_cls_offload cls_flower = {};
437 bool skip_sw = tc_skip_sw(f->flags);
438 int err = 0;
439
440 cls_flower.rule = flow_rule_alloc(tcf_exts_num_actions(&f->exts));
441 if (!cls_flower.rule)
442 return -ENOMEM;
443
444 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, extack);
445 cls_flower.command = FLOW_CLS_REPLACE;
446 cls_flower.cookie = (unsigned long) f;
447 cls_flower.rule->match.dissector = &f->mask->dissector;
448 cls_flower.rule->match.mask = &f->mask->key;
449 cls_flower.rule->match.key = &f->mkey;
450 cls_flower.classid = f->res.classid;
451
452 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts,
453 rtnl_held);
454 if (err) {
455 kfree(cls_flower.rule);
456 if (skip_sw) {
457 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
458 return err;
459 }
460 return 0;
461 }
462
463 err = tc_setup_cb_add(block, tp, TC_SETUP_CLSFLOWER, &cls_flower,
464 skip_sw, &f->flags, &f->in_hw_count, rtnl_held);
465 tc_cleanup_flow_action(&cls_flower.rule->action);
466 kfree(cls_flower.rule);
467
468 if (err) {
469 fl_hw_destroy_filter(tp, f, rtnl_held, NULL);
470 return err;
471 }
472
473 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW))
474 return -EINVAL;
475
476 return 0;
477}
478
479static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f,
480 bool rtnl_held)
481{
482 struct tcf_block *block = tp->chain->block;
483 struct flow_cls_offload cls_flower = {};
484
485 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags, NULL);
486 cls_flower.command = FLOW_CLS_STATS;
487 cls_flower.cookie = (unsigned long) f;
488 cls_flower.classid = f->res.classid;
489
490 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false,
491 rtnl_held);
492
493 tcf_exts_stats_update(&f->exts, cls_flower.stats.bytes,
494 cls_flower.stats.pkts,
495 cls_flower.stats.lastused);
496}
497
498static void __fl_put(struct cls_fl_filter *f)
499{
500 if (!refcount_dec_and_test(&f->refcnt))
501 return;
502
503 if (tcf_exts_get_net(&f->exts))
504 tcf_queue_work(&f->rwork, fl_destroy_filter_work);
505 else
506 __fl_destroy_filter(f);
507}
508
509static struct cls_fl_filter *__fl_get(struct cls_fl_head *head, u32 handle)
510{
511 struct cls_fl_filter *f;
512
513 rcu_read_lock();
514 f = idr_find(&head->handle_idr, handle);
515 if (f && !refcount_inc_not_zero(&f->refcnt))
516 f = NULL;
517 rcu_read_unlock();
518
519 return f;
520}
521
522static int __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f,
523 bool *last, bool rtnl_held,
524 struct netlink_ext_ack *extack)
525{
526 struct cls_fl_head *head = fl_head_dereference(tp);
527
528 *last = false;
529
530 spin_lock(&tp->lock);
531 if (f->deleted) {
532 spin_unlock(&tp->lock);
533 return -ENOENT;
534 }
535
536 f->deleted = true;
537 rhashtable_remove_fast(&f->mask->ht, &f->ht_node,
538 f->mask->filter_ht_params);
539 idr_remove(&head->handle_idr, f->handle);
540 list_del_rcu(&f->list);
541 spin_unlock(&tp->lock);
542
543 *last = fl_mask_put(head, f->mask);
544 if (!tc_skip_hw(f->flags))
545 fl_hw_destroy_filter(tp, f, rtnl_held, extack);
546 tcf_unbind_filter(tp, &f->res);
547 __fl_put(f);
548
549 return 0;
550}
551
552static void fl_destroy_sleepable(struct work_struct *work)
553{
554 struct cls_fl_head *head = container_of(to_rcu_work(work),
555 struct cls_fl_head,
556 rwork);
557
558 rhashtable_destroy(&head->ht);
559 kfree(head);
560 module_put(THIS_MODULE);
561}
562
563static void fl_destroy(struct tcf_proto *tp, bool rtnl_held,
564 struct netlink_ext_ack *extack)
565{
566 struct cls_fl_head *head = fl_head_dereference(tp);
567 struct fl_flow_mask *mask, *next_mask;
568 struct cls_fl_filter *f, *next;
569 bool last;
570
571 list_for_each_entry_safe(mask, next_mask, &head->masks, list) {
572 list_for_each_entry_safe(f, next, &mask->filters, list) {
573 __fl_delete(tp, f, &last, rtnl_held, extack);
574 if (last)
575 break;
576 }
577 }
578 idr_destroy(&head->handle_idr);
579
580 __module_get(THIS_MODULE);
581 tcf_queue_work(&head->rwork, fl_destroy_sleepable);
582}
583
584static void fl_put(struct tcf_proto *tp, void *arg)
585{
586 struct cls_fl_filter *f = arg;
587
588 __fl_put(f);
589}
590
591static void *fl_get(struct tcf_proto *tp, u32 handle)
592{
593 struct cls_fl_head *head = fl_head_dereference(tp);
594
595 return __fl_get(head, handle);
596}
597
598static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
599 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC },
600 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 },
601 [TCA_FLOWER_INDEV] = { .type = NLA_STRING,
602 .len = IFNAMSIZ },
603 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN },
604 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN },
605 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN },
606 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN },
607 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 },
608 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 },
609 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 },
610 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 },
611 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 },
612 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 },
613 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
614 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
615 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) },
616 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
617 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 },
618 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 },
619 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 },
620 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 },
621 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 },
622 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 },
623 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 },
624 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
625 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
626 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 },
627 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
628 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 },
629 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
630 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) },
631 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
632 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) },
633 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 },
634 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 },
635 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 },
636 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 },
637 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 },
638 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 },
639 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 },
640 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 },
641 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 },
642 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 },
643 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 },
644 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 },
645 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 },
646 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 },
647 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 },
648 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 },
649 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 },
650 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 },
651 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 },
652 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 },
653 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 },
654 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 },
655 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 },
656 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 },
657 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 },
658 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 },
659 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 },
660 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 },
661 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN },
662 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN },
663 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN },
664 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN },
665 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 },
666 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 },
667 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 },
668 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 },
669 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 },
670 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 },
671 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 },
672 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 },
673 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 },
674 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 },
675 [TCA_FLOWER_KEY_CVLAN_ID] = { .type = NLA_U16 },
676 [TCA_FLOWER_KEY_CVLAN_PRIO] = { .type = NLA_U8 },
677 [TCA_FLOWER_KEY_CVLAN_ETH_TYPE] = { .type = NLA_U16 },
678 [TCA_FLOWER_KEY_ENC_IP_TOS] = { .type = NLA_U8 },
679 [TCA_FLOWER_KEY_ENC_IP_TOS_MASK] = { .type = NLA_U8 },
680 [TCA_FLOWER_KEY_ENC_IP_TTL] = { .type = NLA_U8 },
681 [TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
682 [TCA_FLOWER_KEY_ENC_OPTS] = { .type = NLA_NESTED },
683 [TCA_FLOWER_KEY_ENC_OPTS_MASK] = { .type = NLA_NESTED },
684 [TCA_FLOWER_KEY_CT_STATE] = { .type = NLA_U16 },
685 [TCA_FLOWER_KEY_CT_STATE_MASK] = { .type = NLA_U16 },
686 [TCA_FLOWER_KEY_CT_ZONE] = { .type = NLA_U16 },
687 [TCA_FLOWER_KEY_CT_ZONE_MASK] = { .type = NLA_U16 },
688 [TCA_FLOWER_KEY_CT_MARK] = { .type = NLA_U32 },
689 [TCA_FLOWER_KEY_CT_MARK_MASK] = { .type = NLA_U32 },
690 [TCA_FLOWER_KEY_CT_LABELS] = { .type = NLA_BINARY,
691 .len = 128 / BITS_PER_BYTE },
692 [TCA_FLOWER_KEY_CT_LABELS_MASK] = { .type = NLA_BINARY,
693 .len = 128 / BITS_PER_BYTE },
694};
695
696static const struct nla_policy
697enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {
698 [TCA_FLOWER_KEY_ENC_OPTS_UNSPEC] = {
699 .strict_start_type = TCA_FLOWER_KEY_ENC_OPTS_VXLAN },
700 [TCA_FLOWER_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
701 [TCA_FLOWER_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED },
702 [TCA_FLOWER_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED },
703};
704
705static const struct nla_policy
706geneve_opt_policy[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1] = {
707 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
708 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
709 [TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
710 .len = 128 },
711};
712
713static const struct nla_policy
714vxlan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1] = {
715 [TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 },
716};
717
718static const struct nla_policy
719erspan_opt_policy[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1] = {
720 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 },
721 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 },
722 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 },
723 [TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 },
724};
725
726static void fl_set_key_val(struct nlattr **tb,
727 void *val, int val_type,
728 void *mask, int mask_type, int len)
729{
730 if (!tb[val_type])
731 return;
732 nla_memcpy(val, tb[val_type], len);
733 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type])
734 memset(mask, 0xff, len);
735 else
736 nla_memcpy(mask, tb[mask_type], len);
737}
738
739static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
740 struct fl_flow_key *mask)
741{
742 fl_set_key_val(tb, &key->tp_range.tp_min.dst,
743 TCA_FLOWER_KEY_PORT_DST_MIN, &mask->tp_range.tp_min.dst,
744 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.dst));
745 fl_set_key_val(tb, &key->tp_range.tp_max.dst,
746 TCA_FLOWER_KEY_PORT_DST_MAX, &mask->tp_range.tp_max.dst,
747 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.dst));
748 fl_set_key_val(tb, &key->tp_range.tp_min.src,
749 TCA_FLOWER_KEY_PORT_SRC_MIN, &mask->tp_range.tp_min.src,
750 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_min.src));
751 fl_set_key_val(tb, &key->tp_range.tp_max.src,
752 TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_range.tp_max.src,
753 TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.src));
754
755 if ((mask->tp_range.tp_min.dst && mask->tp_range.tp_max.dst &&
756 htons(key->tp_range.tp_max.dst) <=
757 htons(key->tp_range.tp_min.dst)) ||
758 (mask->tp_range.tp_min.src && mask->tp_range.tp_max.src &&
759 htons(key->tp_range.tp_max.src) <=
760 htons(key->tp_range.tp_min.src)))
761 return -EINVAL;
762
763 return 0;
764}
765
766static int fl_set_key_mpls(struct nlattr **tb,
767 struct flow_dissector_key_mpls *key_val,
768 struct flow_dissector_key_mpls *key_mask)
769{
770 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) {
771 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]);
772 key_mask->mpls_ttl = MPLS_TTL_MASK;
773 }
774 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) {
775 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]);
776
777 if (bos & ~MPLS_BOS_MASK)
778 return -EINVAL;
779 key_val->mpls_bos = bos;
780 key_mask->mpls_bos = MPLS_BOS_MASK;
781 }
782 if (tb[TCA_FLOWER_KEY_MPLS_TC]) {
783 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]);
784
785 if (tc & ~MPLS_TC_MASK)
786 return -EINVAL;
787 key_val->mpls_tc = tc;
788 key_mask->mpls_tc = MPLS_TC_MASK;
789 }
790 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) {
791 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]);
792
793 if (label & ~MPLS_LABEL_MASK)
794 return -EINVAL;
795 key_val->mpls_label = label;
796 key_mask->mpls_label = MPLS_LABEL_MASK;
797 }
798 return 0;
799}
800
801static void fl_set_key_vlan(struct nlattr **tb,
802 __be16 ethertype,
803 int vlan_id_key, int vlan_prio_key,
804 struct flow_dissector_key_vlan *key_val,
805 struct flow_dissector_key_vlan *key_mask)
806{
807#define VLAN_PRIORITY_MASK 0x7
808
809 if (tb[vlan_id_key]) {
810 key_val->vlan_id =
811 nla_get_u16(tb[vlan_id_key]) & VLAN_VID_MASK;
812 key_mask->vlan_id = VLAN_VID_MASK;
813 }
814 if (tb[vlan_prio_key]) {
815 key_val->vlan_priority =
816 nla_get_u8(tb[vlan_prio_key]) &
817 VLAN_PRIORITY_MASK;
818 key_mask->vlan_priority = VLAN_PRIORITY_MASK;
819 }
820 key_val->vlan_tpid = ethertype;
821 key_mask->vlan_tpid = cpu_to_be16(~0);
822}
823
824static void fl_set_key_flag(u32 flower_key, u32 flower_mask,
825 u32 *dissector_key, u32 *dissector_mask,
826 u32 flower_flag_bit, u32 dissector_flag_bit)
827{
828 if (flower_mask & flower_flag_bit) {
829 *dissector_mask |= dissector_flag_bit;
830 if (flower_key & flower_flag_bit)
831 *dissector_key |= dissector_flag_bit;
832 }
833}
834
835static int fl_set_key_flags(struct nlattr **tb,
836 u32 *flags_key, u32 *flags_mask)
837{
838 u32 key, mask;
839
840
841 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK])
842 return -EINVAL;
843
844 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS]));
845 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK]));
846
847 *flags_key = 0;
848 *flags_mask = 0;
849
850 fl_set_key_flag(key, mask, flags_key, flags_mask,
851 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
852 fl_set_key_flag(key, mask, flags_key, flags_mask,
853 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
854 FLOW_DIS_FIRST_FRAG);
855
856 return 0;
857}
858
859static void fl_set_key_ip(struct nlattr **tb, bool encap,
860 struct flow_dissector_key_ip *key,
861 struct flow_dissector_key_ip *mask)
862{
863 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
864 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
865 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
866 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
867
868 fl_set_key_val(tb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos));
869 fl_set_key_val(tb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl));
870}
871
872static int fl_set_geneve_opt(const struct nlattr *nla, struct fl_flow_key *key,
873 int depth, int option_len,
874 struct netlink_ext_ack *extack)
875{
876 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
877 struct nlattr *class = NULL, *type = NULL, *data = NULL;
878 struct geneve_opt *opt;
879 int err, data_len = 0;
880
881 if (option_len > sizeof(struct geneve_opt))
882 data_len = option_len - sizeof(struct geneve_opt);
883
884 opt = (struct geneve_opt *)&key->enc_opts.data[key->enc_opts.len];
885 memset(opt, 0xff, option_len);
886 opt->length = data_len / 4;
887 opt->r1 = 0;
888 opt->r2 = 0;
889 opt->r3 = 0;
890
891
892 if (!depth)
893 return sizeof(struct geneve_opt) + data_len;
894
895 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_GENEVE) {
896 NL_SET_ERR_MSG(extack, "Non-geneve option type for mask");
897 return -EINVAL;
898 }
899
900 err = nla_parse_nested_deprecated(tb,
901 TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
902 nla, geneve_opt_policy, extack);
903 if (err < 0)
904 return err;
905
906
907
908
909 if (!option_len &&
910 (!tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS] ||
911 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE] ||
912 !tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA])) {
913 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
914 return -EINVAL;
915 }
916
917
918
919
920 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]) {
921 int new_len = key->enc_opts.len;
922
923 data = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA];
924 data_len = nla_len(data);
925 if (data_len < 4) {
926 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
927 return -ERANGE;
928 }
929 if (data_len % 4) {
930 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
931 return -ERANGE;
932 }
933
934 new_len += sizeof(struct geneve_opt) + data_len;
935 BUILD_BUG_ON(FLOW_DIS_TUN_OPTS_MAX != IP_TUNNEL_OPTS_MAX);
936 if (new_len > FLOW_DIS_TUN_OPTS_MAX) {
937 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
938 return -ERANGE;
939 }
940 opt->length = data_len / 4;
941 memcpy(opt->opt_data, nla_data(data), data_len);
942 }
943
944 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]) {
945 class = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS];
946 opt->opt_class = nla_get_be16(class);
947 }
948
949 if (tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]) {
950 type = tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE];
951 opt->type = nla_get_u8(type);
952 }
953
954 return sizeof(struct geneve_opt) + data_len;
955}
956
957static int fl_set_vxlan_opt(const struct nlattr *nla, struct fl_flow_key *key,
958 int depth, int option_len,
959 struct netlink_ext_ack *extack)
960{
961 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1];
962 struct vxlan_metadata *md;
963 int err;
964
965 md = (struct vxlan_metadata *)&key->enc_opts.data[key->enc_opts.len];
966 memset(md, 0xff, sizeof(*md));
967
968 if (!depth)
969 return sizeof(*md);
970
971 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_VXLAN) {
972 NL_SET_ERR_MSG(extack, "Non-vxlan option type for mask");
973 return -EINVAL;
974 }
975
976 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX, nla,
977 vxlan_opt_policy, extack);
978 if (err < 0)
979 return err;
980
981 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]) {
982 NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp");
983 return -EINVAL;
984 }
985
986 if (tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP])
987 md->gbp = nla_get_u32(tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]);
988
989 return sizeof(*md);
990}
991
992static int fl_set_erspan_opt(const struct nlattr *nla, struct fl_flow_key *key,
993 int depth, int option_len,
994 struct netlink_ext_ack *extack)
995{
996 struct nlattr *tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1];
997 struct erspan_metadata *md;
998 int err;
999
1000 md = (struct erspan_metadata *)&key->enc_opts.data[key->enc_opts.len];
1001 memset(md, 0xff, sizeof(*md));
1002 md->version = 1;
1003
1004 if (!depth)
1005 return sizeof(*md);
1006
1007 if (nla_type(nla) != TCA_FLOWER_KEY_ENC_OPTS_ERSPAN) {
1008 NL_SET_ERR_MSG(extack, "Non-erspan option type for mask");
1009 return -EINVAL;
1010 }
1011
1012 err = nla_parse_nested(tb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX, nla,
1013 erspan_opt_policy, extack);
1014 if (err < 0)
1015 return err;
1016
1017 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]) {
1018 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver");
1019 return -EINVAL;
1020 }
1021
1022 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER])
1023 md->version = nla_get_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]);
1024
1025 if (md->version == 1) {
1026 if (!option_len && !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) {
1027 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index");
1028 return -EINVAL;
1029 }
1030 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]) {
1031 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX];
1032 md->u.index = nla_get_be32(nla);
1033 }
1034 } else if (md->version == 2) {
1035 if (!option_len && (!tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR] ||
1036 !tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID])) {
1037 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid");
1038 return -EINVAL;
1039 }
1040 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR]) {
1041 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR];
1042 md->u.md2.dir = nla_get_u8(nla);
1043 }
1044 if (tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID]) {
1045 nla = tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID];
1046 set_hwid(&md->u.md2, nla_get_u8(nla));
1047 }
1048 } else {
1049 NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect");
1050 return -EINVAL;
1051 }
1052
1053 return sizeof(*md);
1054}
1055
1056static int fl_set_enc_opt(struct nlattr **tb, struct fl_flow_key *key,
1057 struct fl_flow_key *mask,
1058 struct netlink_ext_ack *extack)
1059{
1060 const struct nlattr *nla_enc_key, *nla_opt_key, *nla_opt_msk = NULL;
1061 int err, option_len, key_depth, msk_depth = 0;
1062
1063 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS],
1064 TCA_FLOWER_KEY_ENC_OPTS_MAX,
1065 enc_opts_policy, extack);
1066 if (err)
1067 return err;
1068
1069 nla_enc_key = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS]);
1070
1071 if (tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]) {
1072 err = nla_validate_nested_deprecated(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK],
1073 TCA_FLOWER_KEY_ENC_OPTS_MAX,
1074 enc_opts_policy, extack);
1075 if (err)
1076 return err;
1077
1078 nla_opt_msk = nla_data(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
1079 msk_depth = nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
1080 }
1081
1082 nla_for_each_attr(nla_opt_key, nla_enc_key,
1083 nla_len(tb[TCA_FLOWER_KEY_ENC_OPTS]), key_depth) {
1084 switch (nla_type(nla_opt_key)) {
1085 case TCA_FLOWER_KEY_ENC_OPTS_GENEVE:
1086 if (key->enc_opts.dst_opt_type &&
1087 key->enc_opts.dst_opt_type != TUNNEL_GENEVE_OPT) {
1088 NL_SET_ERR_MSG(extack, "Duplicate type for geneve options");
1089 return -EINVAL;
1090 }
1091 option_len = 0;
1092 key->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
1093 option_len = fl_set_geneve_opt(nla_opt_key, key,
1094 key_depth, option_len,
1095 extack);
1096 if (option_len < 0)
1097 return option_len;
1098
1099 key->enc_opts.len += option_len;
1100
1101
1102
1103 mask->enc_opts.dst_opt_type = TUNNEL_GENEVE_OPT;
1104 option_len = fl_set_geneve_opt(nla_opt_msk, mask,
1105 msk_depth, option_len,
1106 extack);
1107 if (option_len < 0)
1108 return option_len;
1109
1110 mask->enc_opts.len += option_len;
1111 if (key->enc_opts.len != mask->enc_opts.len) {
1112 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1113 return -EINVAL;
1114 }
1115
1116 if (msk_depth)
1117 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1118 break;
1119 case TCA_FLOWER_KEY_ENC_OPTS_VXLAN:
1120 if (key->enc_opts.dst_opt_type) {
1121 NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options");
1122 return -EINVAL;
1123 }
1124 option_len = 0;
1125 key->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT;
1126 option_len = fl_set_vxlan_opt(nla_opt_key, key,
1127 key_depth, option_len,
1128 extack);
1129 if (option_len < 0)
1130 return option_len;
1131
1132 key->enc_opts.len += option_len;
1133
1134
1135
1136 mask->enc_opts.dst_opt_type = TUNNEL_VXLAN_OPT;
1137 option_len = fl_set_vxlan_opt(nla_opt_msk, mask,
1138 msk_depth, option_len,
1139 extack);
1140 if (option_len < 0)
1141 return option_len;
1142
1143 mask->enc_opts.len += option_len;
1144 if (key->enc_opts.len != mask->enc_opts.len) {
1145 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1146 return -EINVAL;
1147 }
1148
1149 if (msk_depth)
1150 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1151 break;
1152 case TCA_FLOWER_KEY_ENC_OPTS_ERSPAN:
1153 if (key->enc_opts.dst_opt_type) {
1154 NL_SET_ERR_MSG(extack, "Duplicate type for erspan options");
1155 return -EINVAL;
1156 }
1157 option_len = 0;
1158 key->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT;
1159 option_len = fl_set_erspan_opt(nla_opt_key, key,
1160 key_depth, option_len,
1161 extack);
1162 if (option_len < 0)
1163 return option_len;
1164
1165 key->enc_opts.len += option_len;
1166
1167
1168
1169 mask->enc_opts.dst_opt_type = TUNNEL_ERSPAN_OPT;
1170 option_len = fl_set_erspan_opt(nla_opt_msk, mask,
1171 msk_depth, option_len,
1172 extack);
1173 if (option_len < 0)
1174 return option_len;
1175
1176 mask->enc_opts.len += option_len;
1177 if (key->enc_opts.len != mask->enc_opts.len) {
1178 NL_SET_ERR_MSG(extack, "Key and mask miss aligned");
1179 return -EINVAL;
1180 }
1181
1182 if (msk_depth)
1183 nla_opt_msk = nla_next(nla_opt_msk, &msk_depth);
1184 break;
1185 default:
1186 NL_SET_ERR_MSG(extack, "Unknown tunnel option type");
1187 return -EINVAL;
1188 }
1189 }
1190
1191 return 0;
1192}
1193
1194static int fl_set_key_ct(struct nlattr **tb,
1195 struct flow_dissector_key_ct *key,
1196 struct flow_dissector_key_ct *mask,
1197 struct netlink_ext_ack *extack)
1198{
1199 if (tb[TCA_FLOWER_KEY_CT_STATE]) {
1200 if (!IS_ENABLED(CONFIG_NF_CONNTRACK)) {
1201 NL_SET_ERR_MSG(extack, "Conntrack isn't enabled");
1202 return -EOPNOTSUPP;
1203 }
1204 fl_set_key_val(tb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
1205 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
1206 sizeof(key->ct_state));
1207 }
1208 if (tb[TCA_FLOWER_KEY_CT_ZONE]) {
1209 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)) {
1210 NL_SET_ERR_MSG(extack, "Conntrack zones isn't enabled");
1211 return -EOPNOTSUPP;
1212 }
1213 fl_set_key_val(tb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
1214 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
1215 sizeof(key->ct_zone));
1216 }
1217 if (tb[TCA_FLOWER_KEY_CT_MARK]) {
1218 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)) {
1219 NL_SET_ERR_MSG(extack, "Conntrack mark isn't enabled");
1220 return -EOPNOTSUPP;
1221 }
1222 fl_set_key_val(tb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
1223 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
1224 sizeof(key->ct_mark));
1225 }
1226 if (tb[TCA_FLOWER_KEY_CT_LABELS]) {
1227 if (!IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS)) {
1228 NL_SET_ERR_MSG(extack, "Conntrack labels aren't enabled");
1229 return -EOPNOTSUPP;
1230 }
1231 fl_set_key_val(tb, key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
1232 mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
1233 sizeof(key->ct_labels));
1234 }
1235
1236 return 0;
1237}
1238
1239static int fl_set_key(struct net *net, struct nlattr **tb,
1240 struct fl_flow_key *key, struct fl_flow_key *mask,
1241 struct netlink_ext_ack *extack)
1242{
1243 __be16 ethertype;
1244 int ret = 0;
1245
1246 if (tb[TCA_FLOWER_INDEV]) {
1247 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV], extack);
1248 if (err < 0)
1249 return err;
1250 key->meta.ingress_ifindex = err;
1251 mask->meta.ingress_ifindex = 0xffffffff;
1252 }
1253
1254 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
1255 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
1256 sizeof(key->eth.dst));
1257 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
1258 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
1259 sizeof(key->eth.src));
1260
1261 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) {
1262 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]);
1263
1264 if (eth_type_vlan(ethertype)) {
1265 fl_set_key_vlan(tb, ethertype, TCA_FLOWER_KEY_VLAN_ID,
1266 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan,
1267 &mask->vlan);
1268
1269 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
1270 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]);
1271 if (eth_type_vlan(ethertype)) {
1272 fl_set_key_vlan(tb, ethertype,
1273 TCA_FLOWER_KEY_CVLAN_ID,
1274 TCA_FLOWER_KEY_CVLAN_PRIO,
1275 &key->cvlan, &mask->cvlan);
1276 fl_set_key_val(tb, &key->basic.n_proto,
1277 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1278 &mask->basic.n_proto,
1279 TCA_FLOWER_UNSPEC,
1280 sizeof(key->basic.n_proto));
1281 } else {
1282 key->basic.n_proto = ethertype;
1283 mask->basic.n_proto = cpu_to_be16(~0);
1284 }
1285 }
1286 } else {
1287 key->basic.n_proto = ethertype;
1288 mask->basic.n_proto = cpu_to_be16(~0);
1289 }
1290 }
1291
1292 if (key->basic.n_proto == htons(ETH_P_IP) ||
1293 key->basic.n_proto == htons(ETH_P_IPV6)) {
1294 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
1295 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
1296 sizeof(key->basic.ip_proto));
1297 fl_set_key_ip(tb, false, &key->ip, &mask->ip);
1298 }
1299
1300 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) {
1301 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1302 mask->control.addr_type = ~0;
1303 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
1304 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
1305 sizeof(key->ipv4.src));
1306 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
1307 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
1308 sizeof(key->ipv4.dst));
1309 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) {
1310 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1311 mask->control.addr_type = ~0;
1312 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
1313 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
1314 sizeof(key->ipv6.src));
1315 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
1316 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
1317 sizeof(key->ipv6.dst));
1318 }
1319
1320 if (key->basic.ip_proto == IPPROTO_TCP) {
1321 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
1322 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
1323 sizeof(key->tp.src));
1324 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
1325 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
1326 sizeof(key->tp.dst));
1327 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
1328 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1329 sizeof(key->tcp.flags));
1330 } else if (key->basic.ip_proto == IPPROTO_UDP) {
1331 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
1332 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
1333 sizeof(key->tp.src));
1334 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
1335 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
1336 sizeof(key->tp.dst));
1337 } else if (key->basic.ip_proto == IPPROTO_SCTP) {
1338 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
1339 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
1340 sizeof(key->tp.src));
1341 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
1342 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
1343 sizeof(key->tp.dst));
1344 } else if (key->basic.n_proto == htons(ETH_P_IP) &&
1345 key->basic.ip_proto == IPPROTO_ICMP) {
1346 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE,
1347 &mask->icmp.type,
1348 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
1349 sizeof(key->icmp.type));
1350 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE,
1351 &mask->icmp.code,
1352 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
1353 sizeof(key->icmp.code));
1354 } else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
1355 key->basic.ip_proto == IPPROTO_ICMPV6) {
1356 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE,
1357 &mask->icmp.type,
1358 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
1359 sizeof(key->icmp.type));
1360 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE,
1361 &mask->icmp.code,
1362 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
1363 sizeof(key->icmp.code));
1364 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) ||
1365 key->basic.n_proto == htons(ETH_P_MPLS_MC)) {
1366 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls);
1367 if (ret)
1368 return ret;
1369 } else if (key->basic.n_proto == htons(ETH_P_ARP) ||
1370 key->basic.n_proto == htons(ETH_P_RARP)) {
1371 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP,
1372 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK,
1373 sizeof(key->arp.sip));
1374 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP,
1375 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK,
1376 sizeof(key->arp.tip));
1377 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP,
1378 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK,
1379 sizeof(key->arp.op));
1380 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
1381 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
1382 sizeof(key->arp.sha));
1383 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
1384 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
1385 sizeof(key->arp.tha));
1386 }
1387
1388 if (key->basic.ip_proto == IPPROTO_TCP ||
1389 key->basic.ip_proto == IPPROTO_UDP ||
1390 key->basic.ip_proto == IPPROTO_SCTP) {
1391 ret = fl_set_key_port_range(tb, key, mask);
1392 if (ret)
1393 return ret;
1394 }
1395
1396 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||
1397 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {
1398 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1399 mask->enc_control.addr_type = ~0;
1400 fl_set_key_val(tb, &key->enc_ipv4.src,
1401 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1402 &mask->enc_ipv4.src,
1403 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1404 sizeof(key->enc_ipv4.src));
1405 fl_set_key_val(tb, &key->enc_ipv4.dst,
1406 TCA_FLOWER_KEY_ENC_IPV4_DST,
1407 &mask->enc_ipv4.dst,
1408 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1409 sizeof(key->enc_ipv4.dst));
1410 }
1411
1412 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] ||
1413 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) {
1414 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1415 mask->enc_control.addr_type = ~0;
1416 fl_set_key_val(tb, &key->enc_ipv6.src,
1417 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1418 &mask->enc_ipv6.src,
1419 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1420 sizeof(key->enc_ipv6.src));
1421 fl_set_key_val(tb, &key->enc_ipv6.dst,
1422 TCA_FLOWER_KEY_ENC_IPV6_DST,
1423 &mask->enc_ipv6.dst,
1424 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1425 sizeof(key->enc_ipv6.dst));
1426 }
1427
1428 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID,
1429 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC,
1430 sizeof(key->enc_key_id.keyid));
1431
1432 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
1433 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
1434 sizeof(key->enc_tp.src));
1435
1436 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
1437 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
1438 sizeof(key->enc_tp.dst));
1439
1440 fl_set_key_ip(tb, true, &key->enc_ip, &mask->enc_ip);
1441
1442 if (tb[TCA_FLOWER_KEY_ENC_OPTS]) {
1443 ret = fl_set_enc_opt(tb, key, mask, extack);
1444 if (ret)
1445 return ret;
1446 }
1447
1448 ret = fl_set_key_ct(tb, &key->ct, &mask->ct, extack);
1449 if (ret)
1450 return ret;
1451
1452 if (tb[TCA_FLOWER_KEY_FLAGS])
1453 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags);
1454
1455 return ret;
1456}
1457
1458static void fl_mask_copy(struct fl_flow_mask *dst,
1459 struct fl_flow_mask *src)
1460{
1461 const void *psrc = fl_key_get_start(&src->key, src);
1462 void *pdst = fl_key_get_start(&dst->key, src);
1463
1464 memcpy(pdst, psrc, fl_mask_range(src));
1465 dst->range = src->range;
1466}
1467
1468static const struct rhashtable_params fl_ht_params = {
1469 .key_offset = offsetof(struct cls_fl_filter, mkey),
1470 .head_offset = offsetof(struct cls_fl_filter, ht_node),
1471 .automatic_shrinking = true,
1472};
1473
1474static int fl_init_mask_hashtable(struct fl_flow_mask *mask)
1475{
1476 mask->filter_ht_params = fl_ht_params;
1477 mask->filter_ht_params.key_len = fl_mask_range(mask);
1478 mask->filter_ht_params.key_offset += mask->range.start;
1479
1480 return rhashtable_init(&mask->ht, &mask->filter_ht_params);
1481}
1482
1483#define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member)
1484#define FL_KEY_MEMBER_SIZE(member) sizeof_field(struct fl_flow_key, member)
1485
1486#define FL_KEY_IS_MASKED(mask, member) \
1487 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \
1488 0, FL_KEY_MEMBER_SIZE(member)) \
1489
1490#define FL_KEY_SET(keys, cnt, id, member) \
1491 do { \
1492 keys[cnt].key_id = id; \
1493 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \
1494 cnt++; \
1495 } while(0);
1496
1497#define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \
1498 do { \
1499 if (FL_KEY_IS_MASKED(mask, member)) \
1500 FL_KEY_SET(keys, cnt, id, member); \
1501 } while(0);
1502
1503static void fl_init_dissector(struct flow_dissector *dissector,
1504 struct fl_flow_key *mask)
1505{
1506 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX];
1507 size_t cnt = 0;
1508
1509 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1510 FLOW_DISSECTOR_KEY_META, meta);
1511 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control);
1512 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic);
1513 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1514 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth);
1515 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1516 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4);
1517 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1518 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6);
1519 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1520 FLOW_DISSECTOR_KEY_PORTS, tp);
1521 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1522 FLOW_DISSECTOR_KEY_PORTS_RANGE, tp_range);
1523 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1524 FLOW_DISSECTOR_KEY_IP, ip);
1525 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1526 FLOW_DISSECTOR_KEY_TCP, tcp);
1527 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1528 FLOW_DISSECTOR_KEY_ICMP, icmp);
1529 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1530 FLOW_DISSECTOR_KEY_ARP, arp);
1531 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1532 FLOW_DISSECTOR_KEY_MPLS, mpls);
1533 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1534 FLOW_DISSECTOR_KEY_VLAN, vlan);
1535 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1536 FLOW_DISSECTOR_KEY_CVLAN, cvlan);
1537 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1538 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id);
1539 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1540 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4);
1541 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1542 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6);
1543 if (FL_KEY_IS_MASKED(mask, enc_ipv4) ||
1544 FL_KEY_IS_MASKED(mask, enc_ipv6))
1545 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1546 enc_control);
1547 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1548 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp);
1549 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1550 FLOW_DISSECTOR_KEY_ENC_IP, enc_ip);
1551 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1552 FLOW_DISSECTOR_KEY_ENC_OPTS, enc_opts);
1553 FL_KEY_SET_IF_MASKED(mask, keys, cnt,
1554 FLOW_DISSECTOR_KEY_CT, ct);
1555
1556 skb_flow_dissector_init(dissector, keys, cnt);
1557}
1558
1559static struct fl_flow_mask *fl_create_new_mask(struct cls_fl_head *head,
1560 struct fl_flow_mask *mask)
1561{
1562 struct fl_flow_mask *newmask;
1563 int err;
1564
1565 newmask = kzalloc(sizeof(*newmask), GFP_KERNEL);
1566 if (!newmask)
1567 return ERR_PTR(-ENOMEM);
1568
1569 fl_mask_copy(newmask, mask);
1570
1571 if ((newmask->key.tp_range.tp_min.dst &&
1572 newmask->key.tp_range.tp_max.dst) ||
1573 (newmask->key.tp_range.tp_min.src &&
1574 newmask->key.tp_range.tp_max.src))
1575 newmask->flags |= TCA_FLOWER_MASK_FLAGS_RANGE;
1576
1577 err = fl_init_mask_hashtable(newmask);
1578 if (err)
1579 goto errout_free;
1580
1581 fl_init_dissector(&newmask->dissector, &newmask->key);
1582
1583 INIT_LIST_HEAD_RCU(&newmask->filters);
1584
1585 refcount_set(&newmask->refcnt, 1);
1586 err = rhashtable_replace_fast(&head->ht, &mask->ht_node,
1587 &newmask->ht_node, mask_ht_params);
1588 if (err)
1589 goto errout_destroy;
1590
1591 spin_lock(&head->masks_lock);
1592 list_add_tail_rcu(&newmask->list, &head->masks);
1593 spin_unlock(&head->masks_lock);
1594
1595 return newmask;
1596
1597errout_destroy:
1598 rhashtable_destroy(&newmask->ht);
1599errout_free:
1600 kfree(newmask);
1601
1602 return ERR_PTR(err);
1603}
1604
1605static int fl_check_assign_mask(struct cls_fl_head *head,
1606 struct cls_fl_filter *fnew,
1607 struct cls_fl_filter *fold,
1608 struct fl_flow_mask *mask)
1609{
1610 struct fl_flow_mask *newmask;
1611 int ret = 0;
1612
1613 rcu_read_lock();
1614
1615
1616
1617
1618
1619 fnew->mask = rhashtable_lookup_get_insert_fast(&head->ht,
1620 &mask->ht_node,
1621 mask_ht_params);
1622 if (!fnew->mask) {
1623 rcu_read_unlock();
1624
1625 if (fold) {
1626 ret = -EINVAL;
1627 goto errout_cleanup;
1628 }
1629
1630 newmask = fl_create_new_mask(head, mask);
1631 if (IS_ERR(newmask)) {
1632 ret = PTR_ERR(newmask);
1633 goto errout_cleanup;
1634 }
1635
1636 fnew->mask = newmask;
1637 return 0;
1638 } else if (IS_ERR(fnew->mask)) {
1639 ret = PTR_ERR(fnew->mask);
1640 } else if (fold && fold->mask != fnew->mask) {
1641 ret = -EINVAL;
1642 } else if (!refcount_inc_not_zero(&fnew->mask->refcnt)) {
1643
1644 ret = -EAGAIN;
1645 }
1646 rcu_read_unlock();
1647 return ret;
1648
1649errout_cleanup:
1650 rhashtable_remove_fast(&head->ht, &mask->ht_node,
1651 mask_ht_params);
1652 return ret;
1653}
1654
1655static int fl_set_parms(struct net *net, struct tcf_proto *tp,
1656 struct cls_fl_filter *f, struct fl_flow_mask *mask,
1657 unsigned long base, struct nlattr **tb,
1658 struct nlattr *est, bool ovr,
1659 struct fl_flow_tmplt *tmplt, bool rtnl_held,
1660 struct netlink_ext_ack *extack)
1661{
1662 int err;
1663
1664 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr, rtnl_held,
1665 extack);
1666 if (err < 0)
1667 return err;
1668
1669 if (tb[TCA_FLOWER_CLASSID]) {
1670 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]);
1671 if (!rtnl_held)
1672 rtnl_lock();
1673 tcf_bind_filter(tp, &f->res, base);
1674 if (!rtnl_held)
1675 rtnl_unlock();
1676 }
1677
1678 err = fl_set_key(net, tb, &f->key, &mask->key, extack);
1679 if (err)
1680 return err;
1681
1682 fl_mask_update_range(mask);
1683 fl_set_masked_key(&f->mkey, &f->key, mask);
1684
1685 if (!fl_mask_fits_tmplt(tmplt, mask)) {
1686 NL_SET_ERR_MSG_MOD(extack, "Mask does not fit the template");
1687 return -EINVAL;
1688 }
1689
1690 return 0;
1691}
1692
1693static int fl_ht_insert_unique(struct cls_fl_filter *fnew,
1694 struct cls_fl_filter *fold,
1695 bool *in_ht)
1696{
1697 struct fl_flow_mask *mask = fnew->mask;
1698 int err;
1699
1700 err = rhashtable_lookup_insert_fast(&mask->ht,
1701 &fnew->ht_node,
1702 mask->filter_ht_params);
1703 if (err) {
1704 *in_ht = false;
1705
1706
1707
1708 return fold && err == -EEXIST ? 0 : err;
1709 }
1710
1711 *in_ht = true;
1712 return 0;
1713}
1714
1715static int fl_change(struct net *net, struct sk_buff *in_skb,
1716 struct tcf_proto *tp, unsigned long base,
1717 u32 handle, struct nlattr **tca,
1718 void **arg, bool ovr, bool rtnl_held,
1719 struct netlink_ext_ack *extack)
1720{
1721 struct cls_fl_head *head = fl_head_dereference(tp);
1722 struct cls_fl_filter *fold = *arg;
1723 struct cls_fl_filter *fnew;
1724 struct fl_flow_mask *mask;
1725 struct nlattr **tb;
1726 bool in_ht;
1727 int err;
1728
1729 if (!tca[TCA_OPTIONS]) {
1730 err = -EINVAL;
1731 goto errout_fold;
1732 }
1733
1734 mask = kzalloc(sizeof(struct fl_flow_mask), GFP_KERNEL);
1735 if (!mask) {
1736 err = -ENOBUFS;
1737 goto errout_fold;
1738 }
1739
1740 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
1741 if (!tb) {
1742 err = -ENOBUFS;
1743 goto errout_mask_alloc;
1744 }
1745
1746 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
1747 tca[TCA_OPTIONS], fl_policy, NULL);
1748 if (err < 0)
1749 goto errout_tb;
1750
1751 if (fold && handle && fold->handle != handle) {
1752 err = -EINVAL;
1753 goto errout_tb;
1754 }
1755
1756 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL);
1757 if (!fnew) {
1758 err = -ENOBUFS;
1759 goto errout_tb;
1760 }
1761 INIT_LIST_HEAD(&fnew->hw_list);
1762 refcount_set(&fnew->refcnt, 1);
1763
1764 err = tcf_exts_init(&fnew->exts, net, TCA_FLOWER_ACT, 0);
1765 if (err < 0)
1766 goto errout;
1767
1768 if (tb[TCA_FLOWER_FLAGS]) {
1769 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]);
1770
1771 if (!tc_flags_valid(fnew->flags)) {
1772 err = -EINVAL;
1773 goto errout;
1774 }
1775 }
1776
1777 err = fl_set_parms(net, tp, fnew, mask, base, tb, tca[TCA_RATE], ovr,
1778 tp->chain->tmplt_priv, rtnl_held, extack);
1779 if (err)
1780 goto errout;
1781
1782 err = fl_check_assign_mask(head, fnew, fold, mask);
1783 if (err)
1784 goto errout;
1785
1786 err = fl_ht_insert_unique(fnew, fold, &in_ht);
1787 if (err)
1788 goto errout_mask;
1789
1790 if (!tc_skip_hw(fnew->flags)) {
1791 err = fl_hw_replace_filter(tp, fnew, rtnl_held, extack);
1792 if (err)
1793 goto errout_ht;
1794 }
1795
1796 if (!tc_in_hw(fnew->flags))
1797 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW;
1798
1799 spin_lock(&tp->lock);
1800
1801
1802
1803
1804 if (tp->deleting) {
1805 err = -EAGAIN;
1806 goto errout_hw;
1807 }
1808
1809 if (fold) {
1810
1811 if (fold->deleted) {
1812 err = -EAGAIN;
1813 goto errout_hw;
1814 }
1815
1816 fnew->handle = handle;
1817
1818 if (!in_ht) {
1819 struct rhashtable_params params =
1820 fnew->mask->filter_ht_params;
1821
1822 err = rhashtable_insert_fast(&fnew->mask->ht,
1823 &fnew->ht_node,
1824 params);
1825 if (err)
1826 goto errout_hw;
1827 in_ht = true;
1828 }
1829
1830 refcount_inc(&fnew->refcnt);
1831 rhashtable_remove_fast(&fold->mask->ht,
1832 &fold->ht_node,
1833 fold->mask->filter_ht_params);
1834 idr_replace(&head->handle_idr, fnew, fnew->handle);
1835 list_replace_rcu(&fold->list, &fnew->list);
1836 fold->deleted = true;
1837
1838 spin_unlock(&tp->lock);
1839
1840 fl_mask_put(head, fold->mask);
1841 if (!tc_skip_hw(fold->flags))
1842 fl_hw_destroy_filter(tp, fold, rtnl_held, NULL);
1843 tcf_unbind_filter(tp, &fold->res);
1844
1845
1846
1847 refcount_dec(&fold->refcnt);
1848 __fl_put(fold);
1849 } else {
1850 if (handle) {
1851
1852 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1853 handle, GFP_ATOMIC);
1854
1855
1856
1857
1858
1859
1860
1861 if (err == -ENOSPC)
1862 err = -EAGAIN;
1863 } else {
1864 handle = 1;
1865 err = idr_alloc_u32(&head->handle_idr, fnew, &handle,
1866 INT_MAX, GFP_ATOMIC);
1867 }
1868 if (err)
1869 goto errout_hw;
1870
1871 refcount_inc(&fnew->refcnt);
1872 fnew->handle = handle;
1873 list_add_tail_rcu(&fnew->list, &fnew->mask->filters);
1874 spin_unlock(&tp->lock);
1875 }
1876
1877 *arg = fnew;
1878
1879 kfree(tb);
1880 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1881 return 0;
1882
1883errout_ht:
1884 spin_lock(&tp->lock);
1885errout_hw:
1886 fnew->deleted = true;
1887 spin_unlock(&tp->lock);
1888 if (!tc_skip_hw(fnew->flags))
1889 fl_hw_destroy_filter(tp, fnew, rtnl_held, NULL);
1890 if (in_ht)
1891 rhashtable_remove_fast(&fnew->mask->ht, &fnew->ht_node,
1892 fnew->mask->filter_ht_params);
1893errout_mask:
1894 fl_mask_put(head, fnew->mask);
1895errout:
1896 __fl_put(fnew);
1897errout_tb:
1898 kfree(tb);
1899errout_mask_alloc:
1900 tcf_queue_work(&mask->rwork, fl_uninit_mask_free_work);
1901errout_fold:
1902 if (fold)
1903 __fl_put(fold);
1904 return err;
1905}
1906
1907static int fl_delete(struct tcf_proto *tp, void *arg, bool *last,
1908 bool rtnl_held, struct netlink_ext_ack *extack)
1909{
1910 struct cls_fl_head *head = fl_head_dereference(tp);
1911 struct cls_fl_filter *f = arg;
1912 bool last_on_mask;
1913 int err = 0;
1914
1915 err = __fl_delete(tp, f, &last_on_mask, rtnl_held, extack);
1916 *last = list_empty(&head->masks);
1917 __fl_put(f);
1918
1919 return err;
1920}
1921
1922static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg,
1923 bool rtnl_held)
1924{
1925 struct cls_fl_head *head = fl_head_dereference(tp);
1926 unsigned long id = arg->cookie, tmp;
1927 struct cls_fl_filter *f;
1928
1929 arg->count = arg->skip;
1930
1931 idr_for_each_entry_continue_ul(&head->handle_idr, f, tmp, id) {
1932
1933 if (!refcount_inc_not_zero(&f->refcnt))
1934 continue;
1935 if (arg->fn(tp, f, arg) < 0) {
1936 __fl_put(f);
1937 arg->stop = 1;
1938 break;
1939 }
1940 __fl_put(f);
1941 arg->count++;
1942 }
1943 arg->cookie = id;
1944}
1945
1946static struct cls_fl_filter *
1947fl_get_next_hw_filter(struct tcf_proto *tp, struct cls_fl_filter *f, bool add)
1948{
1949 struct cls_fl_head *head = fl_head_dereference(tp);
1950
1951 spin_lock(&tp->lock);
1952 if (list_empty(&head->hw_filters)) {
1953 spin_unlock(&tp->lock);
1954 return NULL;
1955 }
1956
1957 if (!f)
1958 f = list_entry(&head->hw_filters, struct cls_fl_filter,
1959 hw_list);
1960 list_for_each_entry_continue(f, &head->hw_filters, hw_list) {
1961 if (!(add && f->deleted) && refcount_inc_not_zero(&f->refcnt)) {
1962 spin_unlock(&tp->lock);
1963 return f;
1964 }
1965 }
1966
1967 spin_unlock(&tp->lock);
1968 return NULL;
1969}
1970
1971static int fl_reoffload(struct tcf_proto *tp, bool add, flow_setup_cb_t *cb,
1972 void *cb_priv, struct netlink_ext_ack *extack)
1973{
1974 struct tcf_block *block = tp->chain->block;
1975 struct flow_cls_offload cls_flower = {};
1976 struct cls_fl_filter *f = NULL;
1977 int err;
1978
1979
1980
1981
1982
1983 ASSERT_RTNL();
1984
1985 while ((f = fl_get_next_hw_filter(tp, f, add))) {
1986 cls_flower.rule =
1987 flow_rule_alloc(tcf_exts_num_actions(&f->exts));
1988 if (!cls_flower.rule) {
1989 __fl_put(f);
1990 return -ENOMEM;
1991 }
1992
1993 tc_cls_common_offload_init(&cls_flower.common, tp, f->flags,
1994 extack);
1995 cls_flower.command = add ?
1996 FLOW_CLS_REPLACE : FLOW_CLS_DESTROY;
1997 cls_flower.cookie = (unsigned long)f;
1998 cls_flower.rule->match.dissector = &f->mask->dissector;
1999 cls_flower.rule->match.mask = &f->mask->key;
2000 cls_flower.rule->match.key = &f->mkey;
2001
2002 err = tc_setup_flow_action(&cls_flower.rule->action, &f->exts,
2003 true);
2004 if (err) {
2005 kfree(cls_flower.rule);
2006 if (tc_skip_sw(f->flags)) {
2007 NL_SET_ERR_MSG_MOD(extack, "Failed to setup flow action");
2008 __fl_put(f);
2009 return err;
2010 }
2011 goto next_flow;
2012 }
2013
2014 cls_flower.classid = f->res.classid;
2015
2016 err = tc_setup_cb_reoffload(block, tp, add, cb,
2017 TC_SETUP_CLSFLOWER, &cls_flower,
2018 cb_priv, &f->flags,
2019 &f->in_hw_count);
2020 tc_cleanup_flow_action(&cls_flower.rule->action);
2021 kfree(cls_flower.rule);
2022
2023 if (err) {
2024 __fl_put(f);
2025 return err;
2026 }
2027next_flow:
2028 __fl_put(f);
2029 }
2030
2031 return 0;
2032}
2033
2034static void fl_hw_add(struct tcf_proto *tp, void *type_data)
2035{
2036 struct flow_cls_offload *cls_flower = type_data;
2037 struct cls_fl_filter *f =
2038 (struct cls_fl_filter *) cls_flower->cookie;
2039 struct cls_fl_head *head = fl_head_dereference(tp);
2040
2041 spin_lock(&tp->lock);
2042 list_add(&f->hw_list, &head->hw_filters);
2043 spin_unlock(&tp->lock);
2044}
2045
2046static void fl_hw_del(struct tcf_proto *tp, void *type_data)
2047{
2048 struct flow_cls_offload *cls_flower = type_data;
2049 struct cls_fl_filter *f =
2050 (struct cls_fl_filter *) cls_flower->cookie;
2051
2052 spin_lock(&tp->lock);
2053 if (!list_empty(&f->hw_list))
2054 list_del_init(&f->hw_list);
2055 spin_unlock(&tp->lock);
2056}
2057
2058static int fl_hw_create_tmplt(struct tcf_chain *chain,
2059 struct fl_flow_tmplt *tmplt)
2060{
2061 struct flow_cls_offload cls_flower = {};
2062 struct tcf_block *block = chain->block;
2063
2064 cls_flower.rule = flow_rule_alloc(0);
2065 if (!cls_flower.rule)
2066 return -ENOMEM;
2067
2068 cls_flower.common.chain_index = chain->index;
2069 cls_flower.command = FLOW_CLS_TMPLT_CREATE;
2070 cls_flower.cookie = (unsigned long) tmplt;
2071 cls_flower.rule->match.dissector = &tmplt->dissector;
2072 cls_flower.rule->match.mask = &tmplt->mask;
2073 cls_flower.rule->match.key = &tmplt->dummy_key;
2074
2075
2076
2077
2078 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
2079 kfree(cls_flower.rule);
2080
2081 return 0;
2082}
2083
2084static void fl_hw_destroy_tmplt(struct tcf_chain *chain,
2085 struct fl_flow_tmplt *tmplt)
2086{
2087 struct flow_cls_offload cls_flower = {};
2088 struct tcf_block *block = chain->block;
2089
2090 cls_flower.common.chain_index = chain->index;
2091 cls_flower.command = FLOW_CLS_TMPLT_DESTROY;
2092 cls_flower.cookie = (unsigned long) tmplt;
2093
2094 tc_setup_cb_call(block, TC_SETUP_CLSFLOWER, &cls_flower, false, true);
2095}
2096
2097static void *fl_tmplt_create(struct net *net, struct tcf_chain *chain,
2098 struct nlattr **tca,
2099 struct netlink_ext_ack *extack)
2100{
2101 struct fl_flow_tmplt *tmplt;
2102 struct nlattr **tb;
2103 int err;
2104
2105 if (!tca[TCA_OPTIONS])
2106 return ERR_PTR(-EINVAL);
2107
2108 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL);
2109 if (!tb)
2110 return ERR_PTR(-ENOBUFS);
2111 err = nla_parse_nested_deprecated(tb, TCA_FLOWER_MAX,
2112 tca[TCA_OPTIONS], fl_policy, NULL);
2113 if (err)
2114 goto errout_tb;
2115
2116 tmplt = kzalloc(sizeof(*tmplt), GFP_KERNEL);
2117 if (!tmplt) {
2118 err = -ENOMEM;
2119 goto errout_tb;
2120 }
2121 tmplt->chain = chain;
2122 err = fl_set_key(net, tb, &tmplt->dummy_key, &tmplt->mask, extack);
2123 if (err)
2124 goto errout_tmplt;
2125
2126 fl_init_dissector(&tmplt->dissector, &tmplt->mask);
2127
2128 err = fl_hw_create_tmplt(chain, tmplt);
2129 if (err)
2130 goto errout_tmplt;
2131
2132 kfree(tb);
2133 return tmplt;
2134
2135errout_tmplt:
2136 kfree(tmplt);
2137errout_tb:
2138 kfree(tb);
2139 return ERR_PTR(err);
2140}
2141
2142static void fl_tmplt_destroy(void *tmplt_priv)
2143{
2144 struct fl_flow_tmplt *tmplt = tmplt_priv;
2145
2146 fl_hw_destroy_tmplt(tmplt->chain, tmplt);
2147 kfree(tmplt);
2148}
2149
2150static int fl_dump_key_val(struct sk_buff *skb,
2151 void *val, int val_type,
2152 void *mask, int mask_type, int len)
2153{
2154 int err;
2155
2156 if (!memchr_inv(mask, 0, len))
2157 return 0;
2158 err = nla_put(skb, val_type, len, val);
2159 if (err)
2160 return err;
2161 if (mask_type != TCA_FLOWER_UNSPEC) {
2162 err = nla_put(skb, mask_type, len, mask);
2163 if (err)
2164 return err;
2165 }
2166 return 0;
2167}
2168
2169static int fl_dump_key_port_range(struct sk_buff *skb, struct fl_flow_key *key,
2170 struct fl_flow_key *mask)
2171{
2172 if (fl_dump_key_val(skb, &key->tp_range.tp_min.dst,
2173 TCA_FLOWER_KEY_PORT_DST_MIN,
2174 &mask->tp_range.tp_min.dst, TCA_FLOWER_UNSPEC,
2175 sizeof(key->tp_range.tp_min.dst)) ||
2176 fl_dump_key_val(skb, &key->tp_range.tp_max.dst,
2177 TCA_FLOWER_KEY_PORT_DST_MAX,
2178 &mask->tp_range.tp_max.dst, TCA_FLOWER_UNSPEC,
2179 sizeof(key->tp_range.tp_max.dst)) ||
2180 fl_dump_key_val(skb, &key->tp_range.tp_min.src,
2181 TCA_FLOWER_KEY_PORT_SRC_MIN,
2182 &mask->tp_range.tp_min.src, TCA_FLOWER_UNSPEC,
2183 sizeof(key->tp_range.tp_min.src)) ||
2184 fl_dump_key_val(skb, &key->tp_range.tp_max.src,
2185 TCA_FLOWER_KEY_PORT_SRC_MAX,
2186 &mask->tp_range.tp_max.src, TCA_FLOWER_UNSPEC,
2187 sizeof(key->tp_range.tp_max.src)))
2188 return -1;
2189
2190 return 0;
2191}
2192
2193static int fl_dump_key_mpls(struct sk_buff *skb,
2194 struct flow_dissector_key_mpls *mpls_key,
2195 struct flow_dissector_key_mpls *mpls_mask)
2196{
2197 int err;
2198
2199 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask)))
2200 return 0;
2201 if (mpls_mask->mpls_ttl) {
2202 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL,
2203 mpls_key->mpls_ttl);
2204 if (err)
2205 return err;
2206 }
2207 if (mpls_mask->mpls_tc) {
2208 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC,
2209 mpls_key->mpls_tc);
2210 if (err)
2211 return err;
2212 }
2213 if (mpls_mask->mpls_label) {
2214 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL,
2215 mpls_key->mpls_label);
2216 if (err)
2217 return err;
2218 }
2219 if (mpls_mask->mpls_bos) {
2220 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS,
2221 mpls_key->mpls_bos);
2222 if (err)
2223 return err;
2224 }
2225 return 0;
2226}
2227
2228static int fl_dump_key_ip(struct sk_buff *skb, bool encap,
2229 struct flow_dissector_key_ip *key,
2230 struct flow_dissector_key_ip *mask)
2231{
2232 int tos_key = encap ? TCA_FLOWER_KEY_ENC_IP_TOS : TCA_FLOWER_KEY_IP_TOS;
2233 int ttl_key = encap ? TCA_FLOWER_KEY_ENC_IP_TTL : TCA_FLOWER_KEY_IP_TTL;
2234 int tos_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TOS_MASK : TCA_FLOWER_KEY_IP_TOS_MASK;
2235 int ttl_mask = encap ? TCA_FLOWER_KEY_ENC_IP_TTL_MASK : TCA_FLOWER_KEY_IP_TTL_MASK;
2236
2237 if (fl_dump_key_val(skb, &key->tos, tos_key, &mask->tos, tos_mask, sizeof(key->tos)) ||
2238 fl_dump_key_val(skb, &key->ttl, ttl_key, &mask->ttl, ttl_mask, sizeof(key->ttl)))
2239 return -1;
2240
2241 return 0;
2242}
2243
2244static int fl_dump_key_vlan(struct sk_buff *skb,
2245 int vlan_id_key, int vlan_prio_key,
2246 struct flow_dissector_key_vlan *vlan_key,
2247 struct flow_dissector_key_vlan *vlan_mask)
2248{
2249 int err;
2250
2251 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask)))
2252 return 0;
2253 if (vlan_mask->vlan_id) {
2254 err = nla_put_u16(skb, vlan_id_key,
2255 vlan_key->vlan_id);
2256 if (err)
2257 return err;
2258 }
2259 if (vlan_mask->vlan_priority) {
2260 err = nla_put_u8(skb, vlan_prio_key,
2261 vlan_key->vlan_priority);
2262 if (err)
2263 return err;
2264 }
2265 return 0;
2266}
2267
2268static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask,
2269 u32 *flower_key, u32 *flower_mask,
2270 u32 flower_flag_bit, u32 dissector_flag_bit)
2271{
2272 if (dissector_mask & dissector_flag_bit) {
2273 *flower_mask |= flower_flag_bit;
2274 if (dissector_key & dissector_flag_bit)
2275 *flower_key |= flower_flag_bit;
2276 }
2277}
2278
2279static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask)
2280{
2281 u32 key, mask;
2282 __be32 _key, _mask;
2283 int err;
2284
2285 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask)))
2286 return 0;
2287
2288 key = 0;
2289 mask = 0;
2290
2291 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2292 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT);
2293 fl_get_key_flag(flags_key, flags_mask, &key, &mask,
2294 TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
2295 FLOW_DIS_FIRST_FRAG);
2296
2297 _key = cpu_to_be32(key);
2298 _mask = cpu_to_be32(mask);
2299
2300 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key);
2301 if (err)
2302 return err;
2303
2304 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask);
2305}
2306
2307static int fl_dump_key_geneve_opt(struct sk_buff *skb,
2308 struct flow_dissector_key_enc_opts *enc_opts)
2309{
2310 struct geneve_opt *opt;
2311 struct nlattr *nest;
2312 int opt_off = 0;
2313
2314 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
2315 if (!nest)
2316 goto nla_put_failure;
2317
2318 while (enc_opts->len > opt_off) {
2319 opt = (struct geneve_opt *)&enc_opts->data[opt_off];
2320
2321 if (nla_put_be16(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,
2322 opt->opt_class))
2323 goto nla_put_failure;
2324 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,
2325 opt->type))
2326 goto nla_put_failure;
2327 if (nla_put(skb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,
2328 opt->length * 4, opt->opt_data))
2329 goto nla_put_failure;
2330
2331 opt_off += sizeof(struct geneve_opt) + opt->length * 4;
2332 }
2333 nla_nest_end(skb, nest);
2334 return 0;
2335
2336nla_put_failure:
2337 nla_nest_cancel(skb, nest);
2338 return -EMSGSIZE;
2339}
2340
2341static int fl_dump_key_vxlan_opt(struct sk_buff *skb,
2342 struct flow_dissector_key_enc_opts *enc_opts)
2343{
2344 struct vxlan_metadata *md;
2345 struct nlattr *nest;
2346
2347 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_VXLAN);
2348 if (!nest)
2349 goto nla_put_failure;
2350
2351 md = (struct vxlan_metadata *)&enc_opts->data[0];
2352 if (nla_put_u32(skb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP, md->gbp))
2353 goto nla_put_failure;
2354
2355 nla_nest_end(skb, nest);
2356 return 0;
2357
2358nla_put_failure:
2359 nla_nest_cancel(skb, nest);
2360 return -EMSGSIZE;
2361}
2362
2363static int fl_dump_key_erspan_opt(struct sk_buff *skb,
2364 struct flow_dissector_key_enc_opts *enc_opts)
2365{
2366 struct erspan_metadata *md;
2367 struct nlattr *nest;
2368
2369 nest = nla_nest_start_noflag(skb, TCA_FLOWER_KEY_ENC_OPTS_ERSPAN);
2370 if (!nest)
2371 goto nla_put_failure;
2372
2373 md = (struct erspan_metadata *)&enc_opts->data[0];
2374 if (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER, md->version))
2375 goto nla_put_failure;
2376
2377 if (md->version == 1 &&
2378 nla_put_be32(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index))
2379 goto nla_put_failure;
2380
2381 if (md->version == 2 &&
2382 (nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR,
2383 md->u.md2.dir) ||
2384 nla_put_u8(skb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID,
2385 get_hwid(&md->u.md2))))
2386 goto nla_put_failure;
2387
2388 nla_nest_end(skb, nest);
2389 return 0;
2390
2391nla_put_failure:
2392 nla_nest_cancel(skb, nest);
2393 return -EMSGSIZE;
2394}
2395
2396static int fl_dump_key_ct(struct sk_buff *skb,
2397 struct flow_dissector_key_ct *key,
2398 struct flow_dissector_key_ct *mask)
2399{
2400 if (IS_ENABLED(CONFIG_NF_CONNTRACK) &&
2401 fl_dump_key_val(skb, &key->ct_state, TCA_FLOWER_KEY_CT_STATE,
2402 &mask->ct_state, TCA_FLOWER_KEY_CT_STATE_MASK,
2403 sizeof(key->ct_state)))
2404 goto nla_put_failure;
2405
2406 if (IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES) &&
2407 fl_dump_key_val(skb, &key->ct_zone, TCA_FLOWER_KEY_CT_ZONE,
2408 &mask->ct_zone, TCA_FLOWER_KEY_CT_ZONE_MASK,
2409 sizeof(key->ct_zone)))
2410 goto nla_put_failure;
2411
2412 if (IS_ENABLED(CONFIG_NF_CONNTRACK_MARK) &&
2413 fl_dump_key_val(skb, &key->ct_mark, TCA_FLOWER_KEY_CT_MARK,
2414 &mask->ct_mark, TCA_FLOWER_KEY_CT_MARK_MASK,
2415 sizeof(key->ct_mark)))
2416 goto nla_put_failure;
2417
2418 if (IS_ENABLED(CONFIG_NF_CONNTRACK_LABELS) &&
2419 fl_dump_key_val(skb, &key->ct_labels, TCA_FLOWER_KEY_CT_LABELS,
2420 &mask->ct_labels, TCA_FLOWER_KEY_CT_LABELS_MASK,
2421 sizeof(key->ct_labels)))
2422 goto nla_put_failure;
2423
2424 return 0;
2425
2426nla_put_failure:
2427 return -EMSGSIZE;
2428}
2429
2430static int fl_dump_key_options(struct sk_buff *skb, int enc_opt_type,
2431 struct flow_dissector_key_enc_opts *enc_opts)
2432{
2433 struct nlattr *nest;
2434 int err;
2435
2436 if (!enc_opts->len)
2437 return 0;
2438
2439 nest = nla_nest_start_noflag(skb, enc_opt_type);
2440 if (!nest)
2441 goto nla_put_failure;
2442
2443 switch (enc_opts->dst_opt_type) {
2444 case TUNNEL_GENEVE_OPT:
2445 err = fl_dump_key_geneve_opt(skb, enc_opts);
2446 if (err)
2447 goto nla_put_failure;
2448 break;
2449 case TUNNEL_VXLAN_OPT:
2450 err = fl_dump_key_vxlan_opt(skb, enc_opts);
2451 if (err)
2452 goto nla_put_failure;
2453 break;
2454 case TUNNEL_ERSPAN_OPT:
2455 err = fl_dump_key_erspan_opt(skb, enc_opts);
2456 if (err)
2457 goto nla_put_failure;
2458 break;
2459 default:
2460 goto nla_put_failure;
2461 }
2462 nla_nest_end(skb, nest);
2463 return 0;
2464
2465nla_put_failure:
2466 nla_nest_cancel(skb, nest);
2467 return -EMSGSIZE;
2468}
2469
2470static int fl_dump_key_enc_opt(struct sk_buff *skb,
2471 struct flow_dissector_key_enc_opts *key_opts,
2472 struct flow_dissector_key_enc_opts *msk_opts)
2473{
2474 int err;
2475
2476 err = fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS, key_opts);
2477 if (err)
2478 return err;
2479
2480 return fl_dump_key_options(skb, TCA_FLOWER_KEY_ENC_OPTS_MASK, msk_opts);
2481}
2482
2483static int fl_dump_key(struct sk_buff *skb, struct net *net,
2484 struct fl_flow_key *key, struct fl_flow_key *mask)
2485{
2486 if (mask->meta.ingress_ifindex) {
2487 struct net_device *dev;
2488
2489 dev = __dev_get_by_index(net, key->meta.ingress_ifindex);
2490 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name))
2491 goto nla_put_failure;
2492 }
2493
2494 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST,
2495 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK,
2496 sizeof(key->eth.dst)) ||
2497 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC,
2498 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK,
2499 sizeof(key->eth.src)) ||
2500 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE,
2501 &mask->basic.n_proto, TCA_FLOWER_UNSPEC,
2502 sizeof(key->basic.n_proto)))
2503 goto nla_put_failure;
2504
2505 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls))
2506 goto nla_put_failure;
2507
2508 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_VLAN_ID,
2509 TCA_FLOWER_KEY_VLAN_PRIO, &key->vlan, &mask->vlan))
2510 goto nla_put_failure;
2511
2512 if (fl_dump_key_vlan(skb, TCA_FLOWER_KEY_CVLAN_ID,
2513 TCA_FLOWER_KEY_CVLAN_PRIO,
2514 &key->cvlan, &mask->cvlan) ||
2515 (mask->cvlan.vlan_tpid &&
2516 nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2517 key->cvlan.vlan_tpid)))
2518 goto nla_put_failure;
2519
2520 if (mask->basic.n_proto) {
2521 if (mask->cvlan.vlan_tpid) {
2522 if (nla_put_be16(skb, TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
2523 key->basic.n_proto))
2524 goto nla_put_failure;
2525 } else if (mask->vlan.vlan_tpid) {
2526 if (nla_put_be16(skb, TCA_FLOWER_KEY_VLAN_ETH_TYPE,
2527 key->basic.n_proto))
2528 goto nla_put_failure;
2529 }
2530 }
2531
2532 if ((key->basic.n_proto == htons(ETH_P_IP) ||
2533 key->basic.n_proto == htons(ETH_P_IPV6)) &&
2534 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO,
2535 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC,
2536 sizeof(key->basic.ip_proto)) ||
2537 fl_dump_key_ip(skb, false, &key->ip, &mask->ip)))
2538 goto nla_put_failure;
2539
2540 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2541 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC,
2542 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK,
2543 sizeof(key->ipv4.src)) ||
2544 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST,
2545 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK,
2546 sizeof(key->ipv4.dst))))
2547 goto nla_put_failure;
2548 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2549 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC,
2550 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK,
2551 sizeof(key->ipv6.src)) ||
2552 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST,
2553 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK,
2554 sizeof(key->ipv6.dst))))
2555 goto nla_put_failure;
2556
2557 if (key->basic.ip_proto == IPPROTO_TCP &&
2558 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC,
2559 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK,
2560 sizeof(key->tp.src)) ||
2561 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST,
2562 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK,
2563 sizeof(key->tp.dst)) ||
2564 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS,
2565 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK,
2566 sizeof(key->tcp.flags))))
2567 goto nla_put_failure;
2568 else if (key->basic.ip_proto == IPPROTO_UDP &&
2569 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC,
2570 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK,
2571 sizeof(key->tp.src)) ||
2572 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST,
2573 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK,
2574 sizeof(key->tp.dst))))
2575 goto nla_put_failure;
2576 else if (key->basic.ip_proto == IPPROTO_SCTP &&
2577 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC,
2578 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK,
2579 sizeof(key->tp.src)) ||
2580 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST,
2581 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK,
2582 sizeof(key->tp.dst))))
2583 goto nla_put_failure;
2584 else if (key->basic.n_proto == htons(ETH_P_IP) &&
2585 key->basic.ip_proto == IPPROTO_ICMP &&
2586 (fl_dump_key_val(skb, &key->icmp.type,
2587 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type,
2588 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,
2589 sizeof(key->icmp.type)) ||
2590 fl_dump_key_val(skb, &key->icmp.code,
2591 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code,
2592 TCA_FLOWER_KEY_ICMPV4_CODE_MASK,
2593 sizeof(key->icmp.code))))
2594 goto nla_put_failure;
2595 else if (key->basic.n_proto == htons(ETH_P_IPV6) &&
2596 key->basic.ip_proto == IPPROTO_ICMPV6 &&
2597 (fl_dump_key_val(skb, &key->icmp.type,
2598 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type,
2599 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,
2600 sizeof(key->icmp.type)) ||
2601 fl_dump_key_val(skb, &key->icmp.code,
2602 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code,
2603 TCA_FLOWER_KEY_ICMPV6_CODE_MASK,
2604 sizeof(key->icmp.code))))
2605 goto nla_put_failure;
2606 else if ((key->basic.n_proto == htons(ETH_P_ARP) ||
2607 key->basic.n_proto == htons(ETH_P_RARP)) &&
2608 (fl_dump_key_val(skb, &key->arp.sip,
2609 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip,
2610 TCA_FLOWER_KEY_ARP_SIP_MASK,
2611 sizeof(key->arp.sip)) ||
2612 fl_dump_key_val(skb, &key->arp.tip,
2613 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip,
2614 TCA_FLOWER_KEY_ARP_TIP_MASK,
2615 sizeof(key->arp.tip)) ||
2616 fl_dump_key_val(skb, &key->arp.op,
2617 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op,
2618 TCA_FLOWER_KEY_ARP_OP_MASK,
2619 sizeof(key->arp.op)) ||
2620 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA,
2621 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK,
2622 sizeof(key->arp.sha)) ||
2623 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA,
2624 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK,
2625 sizeof(key->arp.tha))))
2626 goto nla_put_failure;
2627
2628 if ((key->basic.ip_proto == IPPROTO_TCP ||
2629 key->basic.ip_proto == IPPROTO_UDP ||
2630 key->basic.ip_proto == IPPROTO_SCTP) &&
2631 fl_dump_key_port_range(skb, key, mask))
2632 goto nla_put_failure;
2633
2634 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS &&
2635 (fl_dump_key_val(skb, &key->enc_ipv4.src,
2636 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src,
2637 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
2638 sizeof(key->enc_ipv4.src)) ||
2639 fl_dump_key_val(skb, &key->enc_ipv4.dst,
2640 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst,
2641 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
2642 sizeof(key->enc_ipv4.dst))))
2643 goto nla_put_failure;
2644 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS &&
2645 (fl_dump_key_val(skb, &key->enc_ipv6.src,
2646 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src,
2647 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
2648 sizeof(key->enc_ipv6.src)) ||
2649 fl_dump_key_val(skb, &key->enc_ipv6.dst,
2650 TCA_FLOWER_KEY_ENC_IPV6_DST,
2651 &mask->enc_ipv6.dst,
2652 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
2653 sizeof(key->enc_ipv6.dst))))
2654 goto nla_put_failure;
2655
2656 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID,
2657 &mask->enc_key_id, TCA_FLOWER_UNSPEC,
2658 sizeof(key->enc_key_id)) ||
2659 fl_dump_key_val(skb, &key->enc_tp.src,
2660 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,
2661 &mask->enc_tp.src,
2662 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,
2663 sizeof(key->enc_tp.src)) ||
2664 fl_dump_key_val(skb, &key->enc_tp.dst,
2665 TCA_FLOWER_KEY_ENC_UDP_DST_PORT,
2666 &mask->enc_tp.dst,
2667 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,
2668 sizeof(key->enc_tp.dst)) ||
2669 fl_dump_key_ip(skb, true, &key->enc_ip, &mask->enc_ip) ||
2670 fl_dump_key_enc_opt(skb, &key->enc_opts, &mask->enc_opts))
2671 goto nla_put_failure;
2672
2673 if (fl_dump_key_ct(skb, &key->ct, &mask->ct))
2674 goto nla_put_failure;
2675
2676 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags))
2677 goto nla_put_failure;
2678
2679 return 0;
2680
2681nla_put_failure:
2682 return -EMSGSIZE;
2683}
2684
2685static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh,
2686 struct sk_buff *skb, struct tcmsg *t, bool rtnl_held)
2687{
2688 struct cls_fl_filter *f = fh;
2689 struct nlattr *nest;
2690 struct fl_flow_key *key, *mask;
2691 bool skip_hw;
2692
2693 if (!f)
2694 return skb->len;
2695
2696 t->tcm_handle = f->handle;
2697
2698 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2699 if (!nest)
2700 goto nla_put_failure;
2701
2702 spin_lock(&tp->lock);
2703
2704 if (f->res.classid &&
2705 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid))
2706 goto nla_put_failure_locked;
2707
2708 key = &f->key;
2709 mask = &f->mask->key;
2710 skip_hw = tc_skip_hw(f->flags);
2711
2712 if (fl_dump_key(skb, net, key, mask))
2713 goto nla_put_failure_locked;
2714
2715 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags))
2716 goto nla_put_failure_locked;
2717
2718 spin_unlock(&tp->lock);
2719
2720 if (!skip_hw)
2721 fl_hw_update_stats(tp, f, rtnl_held);
2722
2723 if (nla_put_u32(skb, TCA_FLOWER_IN_HW_COUNT, f->in_hw_count))
2724 goto nla_put_failure;
2725
2726 if (tcf_exts_dump(skb, &f->exts))
2727 goto nla_put_failure;
2728
2729 nla_nest_end(skb, nest);
2730
2731 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
2732 goto nla_put_failure;
2733
2734 return skb->len;
2735
2736nla_put_failure_locked:
2737 spin_unlock(&tp->lock);
2738nla_put_failure:
2739 nla_nest_cancel(skb, nest);
2740 return -1;
2741}
2742
2743static int fl_tmplt_dump(struct sk_buff *skb, struct net *net, void *tmplt_priv)
2744{
2745 struct fl_flow_tmplt *tmplt = tmplt_priv;
2746 struct fl_flow_key *key, *mask;
2747 struct nlattr *nest;
2748
2749 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
2750 if (!nest)
2751 goto nla_put_failure;
2752
2753 key = &tmplt->dummy_key;
2754 mask = &tmplt->mask;
2755
2756 if (fl_dump_key(skb, net, key, mask))
2757 goto nla_put_failure;
2758
2759 nla_nest_end(skb, nest);
2760
2761 return skb->len;
2762
2763nla_put_failure:
2764 nla_nest_cancel(skb, nest);
2765 return -EMSGSIZE;
2766}
2767
2768static void fl_bind_class(void *fh, u32 classid, unsigned long cl)
2769{
2770 struct cls_fl_filter *f = fh;
2771
2772 if (f && f->res.classid == classid)
2773 f->res.class = cl;
2774}
2775
2776static bool fl_delete_empty(struct tcf_proto *tp)
2777{
2778 struct cls_fl_head *head = fl_head_dereference(tp);
2779
2780 spin_lock(&tp->lock);
2781 tp->deleting = idr_is_empty(&head->handle_idr);
2782 spin_unlock(&tp->lock);
2783
2784 return tp->deleting;
2785}
2786
2787static struct tcf_proto_ops cls_fl_ops __read_mostly = {
2788 .kind = "flower",
2789 .classify = fl_classify,
2790 .init = fl_init,
2791 .destroy = fl_destroy,
2792 .get = fl_get,
2793 .put = fl_put,
2794 .change = fl_change,
2795 .delete = fl_delete,
2796 .delete_empty = fl_delete_empty,
2797 .walk = fl_walk,
2798 .reoffload = fl_reoffload,
2799 .hw_add = fl_hw_add,
2800 .hw_del = fl_hw_del,
2801 .dump = fl_dump,
2802 .bind_class = fl_bind_class,
2803 .tmplt_create = fl_tmplt_create,
2804 .tmplt_destroy = fl_tmplt_destroy,
2805 .tmplt_dump = fl_tmplt_dump,
2806 .owner = THIS_MODULE,
2807 .flags = TCF_PROTO_OPS_DOIT_UNLOCKED,
2808};
2809
2810static int __init cls_fl_init(void)
2811{
2812 return register_tcf_proto_ops(&cls_fl_ops);
2813}
2814
2815static void __exit cls_fl_exit(void)
2816{
2817 unregister_tcf_proto_ops(&cls_fl_ops);
2818}
2819
2820module_init(cls_fl_init);
2821module_exit(cls_fl_exit);
2822
2823MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
2824MODULE_DESCRIPTION("Flower classifier");
2825MODULE_LICENSE("GPL v2");
2826
