1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/types.h>
24#include <linux/kernel.h>
25#include <linux/string.h>
26#include <linux/errno.h>
27#include <linux/skbuff.h>
28#include <net/netlink.h>
29#include <net/act_api.h>
30#include <net/pkt_cls.h>
31
32#define HTSIZE 256
33
34struct fw_head {
35 u32 mask;
36 struct fw_filter __rcu *ht[HTSIZE];
37 struct rcu_head rcu;
38};
39
40struct fw_filter {
41 struct fw_filter __rcu *next;
42 u32 id;
43 struct tcf_result res;
44#ifdef CONFIG_NET_CLS_IND
45 int ifindex;
46#endif
47 struct tcf_exts exts;
48 struct tcf_proto *tp;
49 union {
50 struct work_struct work;
51 struct rcu_head rcu;
52 };
53};
54
55static u32 fw_hash(u32 handle)
56{
57 handle ^= (handle >> 16);
58 handle ^= (handle >> 8);
59 return handle % HTSIZE;
60}
61
62static int fw_classify(struct sk_buff *skb, const struct tcf_proto *tp,
63 struct tcf_result *res)
64{
65 struct fw_head *head = rcu_dereference_bh(tp->root);
66 struct fw_filter *f;
67 int r;
68 u32 id = skb->mark;
69
70 if (head != NULL) {
71 id &= head->mask;
72
73 for (f = rcu_dereference_bh(head->ht[fw_hash(id)]); f;
74 f = rcu_dereference_bh(f->next)) {
75 if (f->id == id) {
76 *res = f->res;
77#ifdef CONFIG_NET_CLS_IND
78 if (!tcf_match_indev(skb, f->ifindex))
79 continue;
80#endif
81 r = tcf_exts_exec(skb, &f->exts, res);
82 if (r < 0)
83 continue;
84
85 return r;
86 }
87 }
88 } else {
89
90 if (id && (TC_H_MAJ(id) == 0 ||
91 !(TC_H_MAJ(id ^ tp->q->handle)))) {
92 res->classid = id;
93 res->class = 0;
94 return 0;
95 }
96 }
97
98 return -1;
99}
100
101static void *fw_get(struct tcf_proto *tp, u32 handle)
102{
103 struct fw_head *head = rtnl_dereference(tp->root);
104 struct fw_filter *f;
105
106 if (head == NULL)
107 return NULL;
108
109 f = rtnl_dereference(head->ht[fw_hash(handle)]);
110 for (; f; f = rtnl_dereference(f->next)) {
111 if (f->id == handle)
112 return f;
113 }
114 return NULL;
115}
116
117static int fw_init(struct tcf_proto *tp)
118{
119
120
121
122 return 0;
123}
124
125static void __fw_delete_filter(struct fw_filter *f)
126{
127 tcf_exts_destroy(&f->exts);
128 tcf_exts_put_net(&f->exts);
129 kfree(f);
130}
131
132static void fw_delete_filter_work(struct work_struct *work)
133{
134 struct fw_filter *f = container_of(work, struct fw_filter, work);
135
136 rtnl_lock();
137 __fw_delete_filter(f);
138 rtnl_unlock();
139}
140
141static void fw_delete_filter(struct rcu_head *head)
142{
143 struct fw_filter *f = container_of(head, struct fw_filter, rcu);
144
145 INIT_WORK(&f->work, fw_delete_filter_work);
146 tcf_queue_work(&f->work);
147}
148
149static void fw_destroy(struct tcf_proto *tp)
150{
151 struct fw_head *head = rtnl_dereference(tp->root);
152 struct fw_filter *f;
153 int h;
154
155 if (head == NULL)
156 return;
157
158 for (h = 0; h < HTSIZE; h++) {
159 while ((f = rtnl_dereference(head->ht[h])) != NULL) {
160 RCU_INIT_POINTER(head->ht[h],
161 rtnl_dereference(f->next));
162 tcf_unbind_filter(tp, &f->res);
163 if (tcf_exts_get_net(&f->exts))
164 call_rcu(&f->rcu, fw_delete_filter);
165 else
166 __fw_delete_filter(f);
167 }
168 }
169 kfree_rcu(head, rcu);
170}
171
172static int fw_delete(struct tcf_proto *tp, void *arg, bool *last)
173{
174 struct fw_head *head = rtnl_dereference(tp->root);
175 struct fw_filter *f = arg;
176 struct fw_filter __rcu **fp;
177 struct fw_filter *pfp;
178 int ret = -EINVAL;
179 int h;
180
181 if (head == NULL || f == NULL)
182 goto out;
183
184 fp = &head->ht[fw_hash(f->id)];
185
186 for (pfp = rtnl_dereference(*fp); pfp;
187 fp = &pfp->next, pfp = rtnl_dereference(*fp)) {
188 if (pfp == f) {
189 RCU_INIT_POINTER(*fp, rtnl_dereference(f->next));
190 tcf_unbind_filter(tp, &f->res);
191 tcf_exts_get_net(&f->exts);
192 call_rcu(&f->rcu, fw_delete_filter);
193 ret = 0;
194 break;
195 }
196 }
197
198 *last = true;
199 for (h = 0; h < HTSIZE; h++) {
200 if (rcu_access_pointer(head->ht[h])) {
201 *last = false;
202 break;
203 }
204 }
205
206out:
207 return ret;
208}
209
210static const struct nla_policy fw_policy[TCA_FW_MAX + 1] = {
211 [TCA_FW_CLASSID] = { .type = NLA_U32 },
212 [TCA_FW_INDEV] = { .type = NLA_STRING, .len = IFNAMSIZ },
213 [TCA_FW_MASK] = { .type = NLA_U32 },
214};
215
216static int fw_set_parms(struct net *net, struct tcf_proto *tp,
217 struct fw_filter *f, struct nlattr **tb,
218 struct nlattr **tca, unsigned long base, bool ovr)
219{
220 struct fw_head *head = rtnl_dereference(tp->root);
221 u32 mask;
222 int err;
223
224 err = tcf_exts_validate(net, tp, tb, tca[TCA_RATE], &f->exts, ovr);
225 if (err < 0)
226 return err;
227
228 if (tb[TCA_FW_CLASSID]) {
229 f->res.classid = nla_get_u32(tb[TCA_FW_CLASSID]);
230 tcf_bind_filter(tp, &f->res, base);
231 }
232
233#ifdef CONFIG_NET_CLS_IND
234 if (tb[TCA_FW_INDEV]) {
235 int ret;
236 ret = tcf_change_indev(net, tb[TCA_FW_INDEV]);
237 if (ret < 0)
238 return ret;
239 f->ifindex = ret;
240 }
241#endif
242
243 err = -EINVAL;
244 if (tb[TCA_FW_MASK]) {
245 mask = nla_get_u32(tb[TCA_FW_MASK]);
246 if (mask != head->mask)
247 return err;
248 } else if (head->mask != 0xFFFFFFFF)
249 return err;
250
251 return 0;
252}
253
254static int fw_change(struct net *net, struct sk_buff *in_skb,
255 struct tcf_proto *tp, unsigned long base,
256 u32 handle, struct nlattr **tca, void **arg,
257 bool ovr)
258{
259 struct fw_head *head = rtnl_dereference(tp->root);
260 struct fw_filter *f = *arg;
261 struct nlattr *opt = tca[TCA_OPTIONS];
262 struct nlattr *tb[TCA_FW_MAX + 1];
263 int err;
264
265 if (!opt)
266 return handle ? -EINVAL : 0;
267
268 err = nla_parse_nested(tb, TCA_FW_MAX, opt, fw_policy, NULL);
269 if (err < 0)
270 return err;
271
272 if (f) {
273 struct fw_filter *pfp, *fnew;
274 struct fw_filter __rcu **fp;
275
276 if (f->id != handle && handle)
277 return -EINVAL;
278
279 fnew = kzalloc(sizeof(struct fw_filter), GFP_KERNEL);
280 if (!fnew)
281 return -ENOBUFS;
282
283 fnew->id = f->id;
284 fnew->res = f->res;
285#ifdef CONFIG_NET_CLS_IND
286 fnew->ifindex = f->ifindex;
287#endif
288 fnew->tp = f->tp;
289
290 err = tcf_exts_init(&fnew->exts, TCA_FW_ACT, TCA_FW_POLICE);
291 if (err < 0) {
292 kfree(fnew);
293 return err;
294 }
295
296 err = fw_set_parms(net, tp, fnew, tb, tca, base, ovr);
297 if (err < 0) {
298 tcf_exts_destroy(&fnew->exts);
299 kfree(fnew);
300 return err;
301 }
302
303 fp = &head->ht[fw_hash(fnew->id)];
304 for (pfp = rtnl_dereference(*fp); pfp;
305 fp = &pfp->next, pfp = rtnl_dereference(*fp))
306 if (pfp == f)
307 break;
308
309 RCU_INIT_POINTER(fnew->next, rtnl_dereference(pfp->next));
310 rcu_assign_pointer(*fp, fnew);
311 tcf_unbind_filter(tp, &f->res);
312 tcf_exts_get_net(&f->exts);
313 call_rcu(&f->rcu, fw_delete_filter);
314
315 *arg = fnew;
316 return err;
317 }
318
319 if (!handle)
320 return -EINVAL;
321
322 if (!head) {
323 u32 mask = 0xFFFFFFFF;
324 if (tb[TCA_FW_MASK])
325 mask = nla_get_u32(tb[TCA_FW_MASK]);
326
327 head = kzalloc(sizeof(*head), GFP_KERNEL);
328 if (!head)
329 return -ENOBUFS;
330 head->mask = mask;
331
332 rcu_assign_pointer(tp->root, head);
333 }
334
335 f = kzalloc(sizeof(struct fw_filter), GFP_KERNEL);
336 if (f == NULL)
337 return -ENOBUFS;
338
339 err = tcf_exts_init(&f->exts, TCA_FW_ACT, TCA_FW_POLICE);
340 if (err < 0)
341 goto errout;
342 f->id = handle;
343 f->tp = tp;
344
345 err = fw_set_parms(net, tp, f, tb, tca, base, ovr);
346 if (err < 0)
347 goto errout;
348
349 RCU_INIT_POINTER(f->next, head->ht[fw_hash(handle)]);
350 rcu_assign_pointer(head->ht[fw_hash(handle)], f);
351
352 *arg = f;
353 return 0;
354
355errout:
356 tcf_exts_destroy(&f->exts);
357 kfree(f);
358 return err;
359}
360
361static void fw_walk(struct tcf_proto *tp, struct tcf_walker *arg)
362{
363 struct fw_head *head = rtnl_dereference(tp->root);
364 int h;
365
366 if (head == NULL)
367 arg->stop = 1;
368
369 if (arg->stop)
370 return;
371
372 for (h = 0; h < HTSIZE; h++) {
373 struct fw_filter *f;
374
375 for (f = rtnl_dereference(head->ht[h]); f;
376 f = rtnl_dereference(f->next)) {
377 if (arg->count < arg->skip) {
378 arg->count++;
379 continue;
380 }
381 if (arg->fn(tp, f, arg) < 0) {
382 arg->stop = 1;
383 return;
384 }
385 arg->count++;
386 }
387 }
388}
389
390static int fw_dump(struct net *net, struct tcf_proto *tp, void *fh,
391 struct sk_buff *skb, struct tcmsg *t)
392{
393 struct fw_head *head = rtnl_dereference(tp->root);
394 struct fw_filter *f = fh;
395 struct nlattr *nest;
396
397 if (f == NULL)
398 return skb->len;
399
400 t->tcm_handle = f->id;
401
402 if (!f->res.classid && !tcf_exts_has_actions(&f->exts))
403 return skb->len;
404
405 nest = nla_nest_start(skb, TCA_OPTIONS);
406 if (nest == NULL)
407 goto nla_put_failure;
408
409 if (f->res.classid &&
410 nla_put_u32(skb, TCA_FW_CLASSID, f->res.classid))
411 goto nla_put_failure;
412#ifdef CONFIG_NET_CLS_IND
413 if (f->ifindex) {
414 struct net_device *dev;
415 dev = __dev_get_by_index(net, f->ifindex);
416 if (dev && nla_put_string(skb, TCA_FW_INDEV, dev->name))
417 goto nla_put_failure;
418 }
419#endif
420 if (head->mask != 0xFFFFFFFF &&
421 nla_put_u32(skb, TCA_FW_MASK, head->mask))
422 goto nla_put_failure;
423
424 if (tcf_exts_dump(skb, &f->exts) < 0)
425 goto nla_put_failure;
426
427 nla_nest_end(skb, nest);
428
429 if (tcf_exts_dump_stats(skb, &f->exts) < 0)
430 goto nla_put_failure;
431
432 return skb->len;
433
434nla_put_failure:
435 nla_nest_cancel(skb, nest);
436 return -1;
437}
438
439static void fw_bind_class(void *fh, u32 classid, unsigned long cl)
440{
441 struct fw_filter *f = fh;
442
443 if (f && f->res.classid == classid)
444 f->res.class = cl;
445}
446
447static struct tcf_proto_ops cls_fw_ops __read_mostly = {
448 .kind = "fw",
449 .classify = fw_classify,
450 .init = fw_init,
451 .destroy = fw_destroy,
452 .get = fw_get,
453 .change = fw_change,
454 .delete = fw_delete,
455 .walk = fw_walk,
456 .dump = fw_dump,
457 .bind_class = fw_bind_class,
458 .owner = THIS_MODULE,
459};
460
461static int __init init_fw(void)
462{
463 return register_tcf_proto_ops(&cls_fw_ops);
464}
465
466static void __exit exit_fw(void)
467{
468 unregister_tcf_proto_ops(&cls_fw_ops);
469}
470
471module_init(init_fw)
472module_exit(exit_fw)
473MODULE_LICENSE("GPL");
474
