1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef __NET_PKT_CLS_H 3 #define __NET_PKT_CLS_H 4 5 #include <linux/pkt_cls.h> 6 #include <linux/workqueue.h> 7 #include <net/sch_generic.h> 8 #include <net/act_api.h> 9 10 /* Basic packet classifier frontend definitions. */ 11 12 struct tcf_walker { 13 int stop; 14 int skip; 15 int count; 16 int (*fn)(struct tcf_proto *, void *node, struct tcf_walker *); 17 }; 18 19 int register_tcf_proto_ops(struct tcf_proto_ops *ops); 20 int unregister_tcf_proto_ops(struct tcf_proto_ops *ops); 21 22 bool tcf_queue_work(struct work_struct *work); 23 24 #ifdef CONFIG_NET_CLS 25 struct tcf_chain *tcf_chain_get(struct tcf_block *block, u32 chain_index, 26 bool create); 27 void tcf_chain_put(struct tcf_chain *chain); 28 int tcf_block_get(struct tcf_block **p_block, 29 struct tcf_proto __rcu **p_filter_chain); 30 void tcf_block_put(struct tcf_block *block); 31 int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp, 32 struct tcf_result *res, bool compat_mode); 33 34 #else 35 static inline 36 int tcf_block_get(struct tcf_block **p_block, 37 struct tcf_proto __rcu **p_filter_chain) 38 { 39 return 0; 40 } 41 42 static inline void tcf_block_put(struct tcf_block *block) 43 { 44 } 45 46 static inline int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp, 47 struct tcf_result *res, bool compat_mode) 48 { 49 return TC_ACT_UNSPEC; 50 } 51 #endif 52 53 static inline unsigned long 54 __cls_set_class(unsigned long *clp, unsigned long cl) 55 { 56 return xchg(clp, cl); 57 } 58 59 static inline unsigned long 60 cls_set_class(struct tcf_proto *tp, unsigned long *clp, 61 unsigned long cl) 62 { 63 unsigned long old_cl; 64 65 tcf_tree_lock(tp); 66 old_cl = __cls_set_class(clp, cl); 67 tcf_tree_unlock(tp); 68 69 return old_cl; 70 } 71 72 static inline void 73 tcf_bind_filter(struct tcf_proto *tp, struct tcf_result *r, unsigned long base) 74 { 75 unsigned long cl; 76 77 cl = tp->q->ops->cl_ops->bind_tcf(tp->q, base, r->classid); 78 cl = cls_set_class(tp, &r->class, cl); 79 if (cl) 80 tp->q->ops->cl_ops->unbind_tcf(tp->q, cl); 81 } 82 83 static inline void 84 tcf_unbind_filter(struct tcf_proto *tp, struct tcf_result *r) 85 { 86 unsigned long cl; 87 88 if ((cl = __cls_set_class(&r->class, 0)) != 0) 89 tp->q->ops->cl_ops->unbind_tcf(tp->q, cl); 90 } 91 92 struct tcf_exts { 93 #ifdef CONFIG_NET_CLS_ACT 94 __u32 type; /* for backward compat(TCA_OLD_COMPAT) */ 95 int nr_actions; 96 struct tc_action **actions; 97 struct net *net; 98 #endif 99 /* Map to export classifier specific extension TLV types to the 100 * generic extensions API. Unsupported extensions must be set to 0. 101 */ 102 int action; 103 int police; 104 }; 105 106 static inline int tcf_exts_init(struct tcf_exts *exts, int action, int police) 107 { 108 #ifdef CONFIG_NET_CLS_ACT 109 exts->type = 0; 110 exts->nr_actions = 0; 111 exts->net = NULL; 112 exts->actions = kcalloc(TCA_ACT_MAX_PRIO, sizeof(struct tc_action *), 113 GFP_KERNEL); 114 if (!exts->actions) 115 return -ENOMEM; 116 #endif 117 exts->action = action; 118 exts->police = police; 119 return 0; 120 } 121 122 /* Return false if the netns is being destroyed in cleanup_net(). Callers 123 * need to do cleanup synchronously in this case, otherwise may race with 124 * tc_action_net_exit(). Return true for other cases. 125 */ 126 static inline bool tcf_exts_get_net(struct tcf_exts *exts) 127 { 128 #ifdef CONFIG_NET_CLS_ACT 129 exts->net = maybe_get_net(exts->net); 130 return exts->net != NULL; 131 #else 132 return true; 133 #endif 134 } 135 136 static inline void tcf_exts_put_net(struct tcf_exts *exts) 137 { 138 #ifdef CONFIG_NET_CLS_ACT 139 if (exts->net) 140 put_net(exts->net); 141 #endif 142 } 143 144 static inline void tcf_exts_to_list(const struct tcf_exts *exts, 145 struct list_head *actions) 146 { 147 #ifdef CONFIG_NET_CLS_ACT 148 int i; 149 150 for (i = 0; i < exts->nr_actions; i++) { 151 struct tc_action *a = exts->actions[i]; 152 153 list_add_tail(&a->list, actions); 154 } 155 #endif 156 } 157 158 static inline void 159 tcf_exts_stats_update(const struct tcf_exts *exts, 160 u64 bytes, u64 packets, u64 lastuse) 161 { 162 #ifdef CONFIG_NET_CLS_ACT 163 int i; 164 165 preempt_disable(); 166 167 for (i = 0; i < exts->nr_actions; i++) { 168 struct tc_action *a = exts->actions[i]; 169 170 tcf_action_stats_update(a, bytes, packets, lastuse); 171 } 172 173 preempt_enable(); 174 #endif 175 } 176 177 /** 178 * tcf_exts_has_actions - check if at least one action is present 179 * @exts: tc filter extensions handle 180 * 181 * Returns true if at least one action is present. 182 */ 183 static inline bool tcf_exts_has_actions(struct tcf_exts *exts) 184 { 185 #ifdef CONFIG_NET_CLS_ACT 186 return exts->nr_actions; 187 #else 188 return false; 189 #endif 190 } 191 192 /** 193 * tcf_exts_has_one_action - check if exactly one action is present 194 * @exts: tc filter extensions handle 195 * 196 * Returns true if exactly one action is present. 197 */ 198 static inline bool tcf_exts_has_one_action(struct tcf_exts *exts) 199 { 200 #ifdef CONFIG_NET_CLS_ACT 201 return exts->nr_actions == 1; 202 #else 203 return false; 204 #endif 205 } 206 207 /** 208 * tcf_exts_exec - execute tc filter extensions 209 * @skb: socket buffer 210 * @exts: tc filter extensions handle 211 * @res: desired result 212 * 213 * Executes all configured extensions. Returns TC_ACT_OK on a normal execution, 214 * a negative number if the filter must be considered unmatched or 215 * a positive action code (TC_ACT_*) which must be returned to the 216 * underlying layer. 217 */ 218 static inline int 219 tcf_exts_exec(struct sk_buff *skb, struct tcf_exts *exts, 220 struct tcf_result *res) 221 { 222 #ifdef CONFIG_NET_CLS_ACT 223 return tcf_action_exec(skb, exts->actions, exts->nr_actions, res); 224 #endif 225 return TC_ACT_OK; 226 } 227 228 int tcf_exts_validate(struct net *net, struct tcf_proto *tp, 229 struct nlattr **tb, struct nlattr *rate_tlv, 230 struct tcf_exts *exts, bool ovr); 231 void tcf_exts_destroy(struct tcf_exts *exts); 232 void tcf_exts_change(struct tcf_exts *dst, struct tcf_exts *src); 233 int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts); 234 int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts); 235 int tcf_exts_get_dev(struct net_device *dev, struct tcf_exts *exts, 236 struct net_device **hw_dev); 237 238 /** 239 * struct tcf_pkt_info - packet information 240 */ 241 struct tcf_pkt_info { 242 unsigned char * ptr; 243 int nexthdr; 244 }; 245 246 #ifdef CONFIG_NET_EMATCH 247 248 struct tcf_ematch_ops; 249 250 /** 251 * struct tcf_ematch - extended match (ematch) 252 * 253 * @matchid: identifier to allow userspace to reidentify a match 254 * @flags: flags specifying attributes and the relation to other matches 255 * @ops: the operations lookup table of the corresponding ematch module 256 * @datalen: length of the ematch specific configuration data 257 * @data: ematch specific data 258 */ 259 struct tcf_ematch { 260 struct tcf_ematch_ops * ops; 261 unsigned long data; 262 unsigned int datalen; 263 u16 matchid; 264 u16 flags; 265 struct net *net; 266 }; 267 268 static inline int tcf_em_is_container(struct tcf_ematch *em) 269 { 270 return !em->ops; 271 } 272 273 static inline int tcf_em_is_simple(struct tcf_ematch *em) 274 { 275 return em->flags & TCF_EM_SIMPLE; 276 } 277 278 static inline int tcf_em_is_inverted(struct tcf_ematch *em) 279 { 280 return em->flags & TCF_EM_INVERT; 281 } 282 283 static inline int tcf_em_last_match(struct tcf_ematch *em) 284 { 285 return (em->flags & TCF_EM_REL_MASK) == TCF_EM_REL_END; 286 } 287 288 static inline int tcf_em_early_end(struct tcf_ematch *em, int result) 289 { 290 if (tcf_em_last_match(em)) 291 return 1; 292 293 if (result == 0 && em->flags & TCF_EM_REL_AND) 294 return 1; 295 296 if (result != 0 && em->flags & TCF_EM_REL_OR) 297 return 1; 298 299 return 0; 300 } 301 302 /** 303 * struct tcf_ematch_tree - ematch tree handle 304 * 305 * @hdr: ematch tree header supplied by userspace 306 * @matches: array of ematches 307 */ 308 struct tcf_ematch_tree { 309 struct tcf_ematch_tree_hdr hdr; 310 struct tcf_ematch * matches; 311 312 }; 313 314 /** 315 * struct tcf_ematch_ops - ematch module operations 316 * 317 * @kind: identifier (kind) of this ematch module 318 * @datalen: length of expected configuration data (optional) 319 * @change: called during validation (optional) 320 * @match: called during ematch tree evaluation, must return 1/0 321 * @destroy: called during destroyage (optional) 322 * @dump: called during dumping process (optional) 323 * @owner: owner, must be set to THIS_MODULE 324 * @link: link to previous/next ematch module (internal use) 325 */ 326 struct tcf_ematch_ops { 327 int kind; 328 int datalen; 329 int (*change)(struct net *net, void *, 330 int, struct tcf_ematch *); 331 int (*match)(struct sk_buff *, struct tcf_ematch *, 332 struct tcf_pkt_info *); 333 void (*destroy)(struct tcf_ematch *); 334 int (*dump)(struct sk_buff *, struct tcf_ematch *); 335 struct module *owner; 336 struct list_head link; 337 }; 338 339 int tcf_em_register(struct tcf_ematch_ops *); 340 void tcf_em_unregister(struct tcf_ematch_ops *); 341 int tcf_em_tree_validate(struct tcf_proto *, struct nlattr *, 342 struct tcf_ematch_tree *); 343 void tcf_em_tree_destroy(struct tcf_ematch_tree *); 344 int tcf_em_tree_dump(struct sk_buff *, struct tcf_ematch_tree *, int); 345 int __tcf_em_tree_match(struct sk_buff *, struct tcf_ematch_tree *, 346 struct tcf_pkt_info *); 347 348 /** 349 * tcf_em_tree_match - evaulate an ematch tree 350 * 351 * @skb: socket buffer of the packet in question 352 * @tree: ematch tree to be used for evaluation 353 * @info: packet information examined by classifier 354 * 355 * This function matches @skb against the ematch tree in @tree by going 356 * through all ematches respecting their logic relations returning 357 * as soon as the result is obvious. 358 * 359 * Returns 1 if the ematch tree as-one matches, no ematches are configured 360 * or ematch is not enabled in the kernel, otherwise 0 is returned. 361 */ 362 static inline int tcf_em_tree_match(struct sk_buff *skb, 363 struct tcf_ematch_tree *tree, 364 struct tcf_pkt_info *info) 365 { 366 if (tree->hdr.nmatches) 367 return __tcf_em_tree_match(skb, tree, info); 368 else 369 return 1; 370 } 371 372 #define MODULE_ALIAS_TCF_EMATCH(kind) MODULE_ALIAS("ematch-kind-" __stringify(kind)) 373 374 #else /* CONFIG_NET_EMATCH */ 375 376 struct tcf_ematch_tree { 377 }; 378 379 #define tcf_em_tree_validate(tp, tb, t) ((void)(t), 0) 380 #define tcf_em_tree_destroy(t) do { (void)(t); } while(0) 381 #define tcf_em_tree_dump(skb, t, tlv) (0) 382 #define tcf_em_tree_match(skb, t, info) ((void)(info), 1) 383 384 #endif /* CONFIG_NET_EMATCH */ 385 386 static inline unsigned char * tcf_get_base_ptr(struct sk_buff *skb, int layer) 387 { 388 switch (layer) { 389 case TCF_LAYER_LINK: 390 return skb->data; 391 case TCF_LAYER_NETWORK: 392 return skb_network_header(skb); 393 case TCF_LAYER_TRANSPORT: 394 return skb_transport_header(skb); 395 } 396 397 return NULL; 398 } 399 400 static inline int tcf_valid_offset(const struct sk_buff *skb, 401 const unsigned char *ptr, const int len) 402 { 403 return likely((ptr + len) <= skb_tail_pointer(skb) && 404 ptr >= skb->head && 405 (ptr <= (ptr + len))); 406 } 407 408 #ifdef CONFIG_NET_CLS_IND 409 #include <net/net_namespace.h> 410 411 static inline int 412 tcf_change_indev(struct net *net, struct nlattr *indev_tlv) 413 { 414 char indev[IFNAMSIZ]; 415 struct net_device *dev; 416 417 if (nla_strlcpy(indev, indev_tlv, IFNAMSIZ) >= IFNAMSIZ) 418 return -EINVAL; 419 dev = __dev_get_by_name(net, indev); 420 if (!dev) 421 return -ENODEV; 422 return dev->ifindex; 423 } 424 425 static inline bool 426 tcf_match_indev(struct sk_buff *skb, int ifindex) 427 { 428 if (!ifindex) 429 return true; 430 if (!skb->skb_iif) 431 return false; 432 return ifindex == skb->skb_iif; 433 } 434 #endif /* CONFIG_NET_CLS_IND */ 435 436 struct tc_cls_common_offload { 437 u32 chain_index; 438 __be16 protocol; 439 u32 prio; 440 u32 classid; 441 }; 442 443 static inline void 444 tc_cls_common_offload_init(struct tc_cls_common_offload *cls_common, 445 const struct tcf_proto *tp) 446 { 447 cls_common->chain_index = tp->chain->index; 448 cls_common->protocol = tp->protocol; 449 cls_common->prio = tp->prio; 450 cls_common->classid = tp->classid; 451 } 452 453 struct tc_cls_u32_knode { 454 struct tcf_exts *exts; 455 struct tc_u32_sel *sel; 456 u32 handle; 457 u32 val; 458 u32 mask; 459 u32 link_handle; 460 u8 fshift; 461 }; 462 463 struct tc_cls_u32_hnode { 464 u32 handle; 465 u32 prio; 466 unsigned int divisor; 467 }; 468 469 enum tc_clsu32_command { 470 TC_CLSU32_NEW_KNODE, 471 TC_CLSU32_REPLACE_KNODE, 472 TC_CLSU32_DELETE_KNODE, 473 TC_CLSU32_NEW_HNODE, 474 TC_CLSU32_REPLACE_HNODE, 475 TC_CLSU32_DELETE_HNODE, 476 }; 477 478 struct tc_cls_u32_offload { 479 struct tc_cls_common_offload common; 480 /* knode values */ 481 enum tc_clsu32_command command; 482 union { 483 struct tc_cls_u32_knode knode; 484 struct tc_cls_u32_hnode hnode; 485 }; 486 }; 487 488 static inline bool tc_can_offload(const struct net_device *dev) 489 { 490 if (!(dev->features & NETIF_F_HW_TC)) 491 return false; 492 if (!dev->netdev_ops->ndo_setup_tc) 493 return false; 494 return true; 495 } 496 497 static inline bool tc_skip_hw(u32 flags) 498 { 499 return (flags & TCA_CLS_FLAGS_SKIP_HW) ? true : false; 500 } 501 502 static inline bool tc_should_offload(const struct net_device *dev, u32 flags) 503 { 504 if (tc_skip_hw(flags)) 505 return false; 506 return tc_can_offload(dev); 507 } 508 509 static inline bool tc_skip_sw(u32 flags) 510 { 511 return (flags & TCA_CLS_FLAGS_SKIP_SW) ? true : false; 512 } 513 514 /* SKIP_HW and SKIP_SW are mutually exclusive flags. */ 515 static inline bool tc_flags_valid(u32 flags) 516 { 517 if (flags & ~(TCA_CLS_FLAGS_SKIP_HW | TCA_CLS_FLAGS_SKIP_SW)) 518 return false; 519 520 if (!(flags ^ (TCA_CLS_FLAGS_SKIP_HW | TCA_CLS_FLAGS_SKIP_SW))) 521 return false; 522 523 return true; 524 } 525 526 static inline bool tc_in_hw(u32 flags) 527 { 528 return (flags & TCA_CLS_FLAGS_IN_HW) ? true : false; 529 } 530 531 enum tc_fl_command { 532 TC_CLSFLOWER_REPLACE, 533 TC_CLSFLOWER_DESTROY, 534 TC_CLSFLOWER_STATS, 535 }; 536 537 struct tc_cls_flower_offload { 538 struct tc_cls_common_offload common; 539 enum tc_fl_command command; 540 unsigned long cookie; 541 struct flow_dissector *dissector; 542 struct fl_flow_key *mask; 543 struct fl_flow_key *key; 544 struct tcf_exts *exts; 545 bool egress_dev; 546 }; 547 548 enum tc_matchall_command { 549 TC_CLSMATCHALL_REPLACE, 550 TC_CLSMATCHALL_DESTROY, 551 }; 552 553 struct tc_cls_matchall_offload { 554 struct tc_cls_common_offload common; 555 enum tc_matchall_command command; 556 struct tcf_exts *exts; 557 unsigned long cookie; 558 }; 559 560 enum tc_clsbpf_command { 561 TC_CLSBPF_ADD, 562 TC_CLSBPF_REPLACE, 563 TC_CLSBPF_DESTROY, 564 TC_CLSBPF_STATS, 565 }; 566 567 struct tc_cls_bpf_offload { 568 struct tc_cls_common_offload common; 569 enum tc_clsbpf_command command; 570 struct tcf_exts *exts; 571 struct bpf_prog *prog; 572 const char *name; 573 bool exts_integrated; 574 u32 gen_flags; 575 }; 576 577 578 /* This structure holds cookie structure that is passed from user 579 * to the kernel for actions and classifiers 580 */ 581 struct tc_cookie { 582 u8 *data; 583 u32 len; 584 }; 585 #endif 586