1 /* 2 * net/sched/act_api.c Packet action API. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Author: Jamal Hadi Salim 10 * 11 * 12 */ 13 14 #include <linux/types.h> 15 #include <linux/kernel.h> 16 #include <linux/string.h> 17 #include <linux/errno.h> 18 #include <linux/slab.h> 19 #include <linux/skbuff.h> 20 #include <linux/init.h> 21 #include <linux/kmod.h> 22 #include <linux/err.h> 23 #include <linux/module.h> 24 #include <net/net_namespace.h> 25 #include <net/sock.h> 26 #include <net/sch_generic.h> 27 #include <net/pkt_cls.h> 28 #include <net/act_api.h> 29 #include <net/netlink.h> 30 31 static int tcf_action_goto_chain_init(struct tc_action *a, struct tcf_proto *tp) 32 { 33 u32 chain_index = a->tcfa_action & TC_ACT_EXT_VAL_MASK; 34 35 if (!tp) 36 return -EINVAL; 37 a->goto_chain = tcf_chain_get(tp->chain->block, chain_index, true); 38 if (!a->goto_chain) 39 return -ENOMEM; 40 return 0; 41 } 42 43 static void tcf_action_goto_chain_fini(struct tc_action *a) 44 { 45 tcf_chain_put(a->goto_chain); 46 } 47 48 static void tcf_action_goto_chain_exec(const struct tc_action *a, 49 struct tcf_result *res) 50 { 51 const struct tcf_chain *chain = a->goto_chain; 52 53 res->goto_tp = rcu_dereference_bh(chain->filter_chain); 54 } 55 56 static void free_tcf(struct rcu_head *head) 57 { 58 struct tc_action *p = container_of(head, struct tc_action, tcfa_rcu); 59 60 free_percpu(p->cpu_bstats); 61 free_percpu(p->cpu_qstats); 62 63 if (p->act_cookie) { 64 kfree(p->act_cookie->data); 65 kfree(p->act_cookie); 66 } 67 if (p->goto_chain) 68 tcf_action_goto_chain_fini(p); 69 70 kfree(p); 71 } 72 73 static void tcf_hash_destroy(struct tcf_hashinfo *hinfo, struct tc_action *p) 74 { 75 spin_lock_bh(&hinfo->lock); 76 hlist_del(&p->tcfa_head); 77 spin_unlock_bh(&hinfo->lock); 78 gen_kill_estimator(&p->tcfa_rate_est); 79 /* 80 * gen_estimator est_timer() might access p->tcfa_lock 81 * or bstats, wait a RCU grace period before freeing p 82 */ 83 call_rcu(&p->tcfa_rcu, free_tcf); 84 } 85 86 int __tcf_hash_release(struct tc_action *p, bool bind, bool strict) 87 { 88 int ret = 0; 89 90 if (p) { 91 if (bind) 92 p->tcfa_bindcnt--; 93 else if (strict && p->tcfa_bindcnt > 0) 94 return -EPERM; 95 96 p->tcfa_refcnt--; 97 if (p->tcfa_bindcnt <= 0 && p->tcfa_refcnt <= 0) { 98 if (p->ops->cleanup) 99 p->ops->cleanup(p, bind); 100 tcf_hash_destroy(p->hinfo, p); 101 ret = ACT_P_DELETED; 102 } 103 } 104 105 return ret; 106 } 107 EXPORT_SYMBOL(__tcf_hash_release); 108 109 static int tcf_dump_walker(struct tcf_hashinfo *hinfo, struct sk_buff *skb, 110 struct netlink_callback *cb) 111 { 112 int err = 0, index = -1, i = 0, s_i = 0, n_i = 0; 113 u32 act_flags = cb->args[2]; 114 unsigned long jiffy_since = cb->args[3]; 115 struct nlattr *nest; 116 117 spin_lock_bh(&hinfo->lock); 118 119 s_i = cb->args[0]; 120 121 for (i = 0; i < (hinfo->hmask + 1); i++) { 122 struct hlist_head *head; 123 struct tc_action *p; 124 125 head = &hinfo->htab[tcf_hash(i, hinfo->hmask)]; 126 127 hlist_for_each_entry_rcu(p, head, tcfa_head) { 128 index++; 129 if (index < s_i) 130 continue; 131 132 if (jiffy_since && 133 time_after(jiffy_since, 134 (unsigned long)p->tcfa_tm.lastuse)) 135 continue; 136 137 nest = nla_nest_start(skb, n_i); 138 if (nest == NULL) 139 goto nla_put_failure; 140 err = tcf_action_dump_1(skb, p, 0, 0); 141 if (err < 0) { 142 index--; 143 nlmsg_trim(skb, nest); 144 goto done; 145 } 146 nla_nest_end(skb, nest); 147 n_i++; 148 if (!(act_flags & TCA_FLAG_LARGE_DUMP_ON) && 149 n_i >= TCA_ACT_MAX_PRIO) 150 goto done; 151 } 152 } 153 done: 154 if (index >= 0) 155 cb->args[0] = index + 1; 156 157 spin_unlock_bh(&hinfo->lock); 158 if (n_i) { 159 if (act_flags & TCA_FLAG_LARGE_DUMP_ON) 160 cb->args[1] = n_i; 161 } 162 return n_i; 163 164 nla_put_failure: 165 nla_nest_cancel(skb, nest); 166 goto done; 167 } 168 169 static int tcf_del_walker(struct tcf_hashinfo *hinfo, struct sk_buff *skb, 170 const struct tc_action_ops *ops) 171 { 172 struct nlattr *nest; 173 int i = 0, n_i = 0; 174 int ret = -EINVAL; 175 176 nest = nla_nest_start(skb, 0); 177 if (nest == NULL) 178 goto nla_put_failure; 179 if (nla_put_string(skb, TCA_KIND, ops->kind)) 180 goto nla_put_failure; 181 for (i = 0; i < (hinfo->hmask + 1); i++) { 182 struct hlist_head *head; 183 struct hlist_node *n; 184 struct tc_action *p; 185 186 head = &hinfo->htab[tcf_hash(i, hinfo->hmask)]; 187 hlist_for_each_entry_safe(p, n, head, tcfa_head) { 188 ret = __tcf_hash_release(p, false, true); 189 if (ret == ACT_P_DELETED) { 190 module_put(p->ops->owner); 191 n_i++; 192 } else if (ret < 0) 193 goto nla_put_failure; 194 } 195 } 196 if (nla_put_u32(skb, TCA_FCNT, n_i)) 197 goto nla_put_failure; 198 nla_nest_end(skb, nest); 199 200 return n_i; 201 nla_put_failure: 202 nla_nest_cancel(skb, nest); 203 return ret; 204 } 205 206 int tcf_generic_walker(struct tc_action_net *tn, struct sk_buff *skb, 207 struct netlink_callback *cb, int type, 208 const struct tc_action_ops *ops) 209 { 210 struct tcf_hashinfo *hinfo = tn->hinfo; 211 212 if (type == RTM_DELACTION) { 213 return tcf_del_walker(hinfo, skb, ops); 214 } else if (type == RTM_GETACTION) { 215 return tcf_dump_walker(hinfo, skb, cb); 216 } else { 217 WARN(1, "tcf_generic_walker: unknown action %d\n", type); 218 return -EINVAL; 219 } 220 } 221 EXPORT_SYMBOL(tcf_generic_walker); 222 223 static struct tc_action *tcf_hash_lookup(u32 index, struct tcf_hashinfo *hinfo) 224 { 225 struct tc_action *p = NULL; 226 struct hlist_head *head; 227 228 spin_lock_bh(&hinfo->lock); 229 head = &hinfo->htab[tcf_hash(index, hinfo->hmask)]; 230 hlist_for_each_entry_rcu(p, head, tcfa_head) 231 if (p->tcfa_index == index) 232 break; 233 spin_unlock_bh(&hinfo->lock); 234 235 return p; 236 } 237 238 u32 tcf_hash_new_index(struct tc_action_net *tn) 239 { 240 struct tcf_hashinfo *hinfo = tn->hinfo; 241 u32 val = hinfo->index; 242 243 do { 244 if (++val == 0) 245 val = 1; 246 } while (tcf_hash_lookup(val, hinfo)); 247 248 hinfo->index = val; 249 return val; 250 } 251 EXPORT_SYMBOL(tcf_hash_new_index); 252 253 int tcf_hash_search(struct tc_action_net *tn, struct tc_action **a, u32 index) 254 { 255 struct tcf_hashinfo *hinfo = tn->hinfo; 256 struct tc_action *p = tcf_hash_lookup(index, hinfo); 257 258 if (p) { 259 *a = p; 260 return 1; 261 } 262 return 0; 263 } 264 EXPORT_SYMBOL(tcf_hash_search); 265 266 bool tcf_hash_check(struct tc_action_net *tn, u32 index, struct tc_action **a, 267 int bind) 268 { 269 struct tcf_hashinfo *hinfo = tn->hinfo; 270 struct tc_action *p = NULL; 271 272 if (index && (p = tcf_hash_lookup(index, hinfo)) != NULL) { 273 if (bind) 274 p->tcfa_bindcnt++; 275 p->tcfa_refcnt++; 276 *a = p; 277 return true; 278 } 279 return false; 280 } 281 EXPORT_SYMBOL(tcf_hash_check); 282 283 void tcf_hash_cleanup(struct tc_action *a, struct nlattr *est) 284 { 285 if (est) 286 gen_kill_estimator(&a->tcfa_rate_est); 287 call_rcu(&a->tcfa_rcu, free_tcf); 288 } 289 EXPORT_SYMBOL(tcf_hash_cleanup); 290 291 int tcf_hash_create(struct tc_action_net *tn, u32 index, struct nlattr *est, 292 struct tc_action **a, const struct tc_action_ops *ops, 293 int bind, bool cpustats) 294 { 295 struct tc_action *p = kzalloc(ops->size, GFP_KERNEL); 296 struct tcf_hashinfo *hinfo = tn->hinfo; 297 int err = -ENOMEM; 298 299 if (unlikely(!p)) 300 return -ENOMEM; 301 p->tcfa_refcnt = 1; 302 if (bind) 303 p->tcfa_bindcnt = 1; 304 305 if (cpustats) { 306 p->cpu_bstats = netdev_alloc_pcpu_stats(struct gnet_stats_basic_cpu); 307 if (!p->cpu_bstats) { 308 err1: 309 kfree(p); 310 return err; 311 } 312 p->cpu_qstats = alloc_percpu(struct gnet_stats_queue); 313 if (!p->cpu_qstats) { 314 err2: 315 free_percpu(p->cpu_bstats); 316 goto err1; 317 } 318 } 319 spin_lock_init(&p->tcfa_lock); 320 INIT_HLIST_NODE(&p->tcfa_head); 321 p->tcfa_index = index ? index : tcf_hash_new_index(tn); 322 p->tcfa_tm.install = jiffies; 323 p->tcfa_tm.lastuse = jiffies; 324 p->tcfa_tm.firstuse = 0; 325 if (est) { 326 err = gen_new_estimator(&p->tcfa_bstats, p->cpu_bstats, 327 &p->tcfa_rate_est, 328 &p->tcfa_lock, NULL, est); 329 if (err) { 330 free_percpu(p->cpu_qstats); 331 goto err2; 332 } 333 } 334 335 p->hinfo = hinfo; 336 p->ops = ops; 337 INIT_LIST_HEAD(&p->list); 338 *a = p; 339 return 0; 340 } 341 EXPORT_SYMBOL(tcf_hash_create); 342 343 void tcf_hash_insert(struct tc_action_net *tn, struct tc_action *a) 344 { 345 struct tcf_hashinfo *hinfo = tn->hinfo; 346 unsigned int h = tcf_hash(a->tcfa_index, hinfo->hmask); 347 348 spin_lock_bh(&hinfo->lock); 349 hlist_add_head(&a->tcfa_head, &hinfo->htab[h]); 350 spin_unlock_bh(&hinfo->lock); 351 } 352 EXPORT_SYMBOL(tcf_hash_insert); 353 354 void tcf_hashinfo_destroy(const struct tc_action_ops *ops, 355 struct tcf_hashinfo *hinfo) 356 { 357 int i; 358 359 for (i = 0; i < hinfo->hmask + 1; i++) { 360 struct tc_action *p; 361 struct hlist_node *n; 362 363 hlist_for_each_entry_safe(p, n, &hinfo->htab[i], tcfa_head) { 364 int ret; 365 366 ret = __tcf_hash_release(p, false, true); 367 if (ret == ACT_P_DELETED) 368 module_put(ops->owner); 369 else if (ret < 0) 370 return; 371 } 372 } 373 kfree(hinfo->htab); 374 } 375 EXPORT_SYMBOL(tcf_hashinfo_destroy); 376 377 static LIST_HEAD(act_base); 378 static DEFINE_RWLOCK(act_mod_lock); 379 380 int tcf_register_action(struct tc_action_ops *act, 381 struct pernet_operations *ops) 382 { 383 struct tc_action_ops *a; 384 int ret; 385 386 if (!act->act || !act->dump || !act->init || !act->walk || !act->lookup) 387 return -EINVAL; 388 389 /* We have to register pernet ops before making the action ops visible, 390 * otherwise tcf_action_init_1() could get a partially initialized 391 * netns. 392 */ 393 ret = register_pernet_subsys(ops); 394 if (ret) 395 return ret; 396 397 write_lock(&act_mod_lock); 398 list_for_each_entry(a, &act_base, head) { 399 if (act->type == a->type || (strcmp(act->kind, a->kind) == 0)) { 400 write_unlock(&act_mod_lock); 401 unregister_pernet_subsys(ops); 402 return -EEXIST; 403 } 404 } 405 list_add_tail(&act->head, &act_base); 406 write_unlock(&act_mod_lock); 407 408 return 0; 409 } 410 EXPORT_SYMBOL(tcf_register_action); 411 412 int tcf_unregister_action(struct tc_action_ops *act, 413 struct pernet_operations *ops) 414 { 415 struct tc_action_ops *a; 416 int err = -ENOENT; 417 418 write_lock(&act_mod_lock); 419 list_for_each_entry(a, &act_base, head) { 420 if (a == act) { 421 list_del(&act->head); 422 err = 0; 423 break; 424 } 425 } 426 write_unlock(&act_mod_lock); 427 if (!err) 428 unregister_pernet_subsys(ops); 429 return err; 430 } 431 EXPORT_SYMBOL(tcf_unregister_action); 432 433 /* lookup by name */ 434 static struct tc_action_ops *tc_lookup_action_n(char *kind) 435 { 436 struct tc_action_ops *a, *res = NULL; 437 438 if (kind) { 439 read_lock(&act_mod_lock); 440 list_for_each_entry(a, &act_base, head) { 441 if (strcmp(kind, a->kind) == 0) { 442 if (try_module_get(a->owner)) 443 res = a; 444 break; 445 } 446 } 447 read_unlock(&act_mod_lock); 448 } 449 return res; 450 } 451 452 /* lookup by nlattr */ 453 static struct tc_action_ops *tc_lookup_action(struct nlattr *kind) 454 { 455 struct tc_action_ops *a, *res = NULL; 456 457 if (kind) { 458 read_lock(&act_mod_lock); 459 list_for_each_entry(a, &act_base, head) { 460 if (nla_strcmp(kind, a->kind) == 0) { 461 if (try_module_get(a->owner)) 462 res = a; 463 break; 464 } 465 } 466 read_unlock(&act_mod_lock); 467 } 468 return res; 469 } 470 471 /*TCA_ACT_MAX_PRIO is 32, there count upto 32 */ 472 #define TCA_ACT_MAX_PRIO_MASK 0x1FF 473 int tcf_action_exec(struct sk_buff *skb, struct tc_action **actions, 474 int nr_actions, struct tcf_result *res) 475 { 476 u32 jmp_prgcnt = 0; 477 u32 jmp_ttl = TCA_ACT_MAX_PRIO; /*matches actions per filter */ 478 int i; 479 int ret = TC_ACT_OK; 480 481 if (skb_skip_tc_classify(skb)) 482 return TC_ACT_OK; 483 484 restart_act_graph: 485 for (i = 0; i < nr_actions; i++) { 486 const struct tc_action *a = actions[i]; 487 488 if (jmp_prgcnt > 0) { 489 jmp_prgcnt -= 1; 490 continue; 491 } 492 repeat: 493 ret = a->ops->act(skb, a, res); 494 if (ret == TC_ACT_REPEAT) 495 goto repeat; /* we need a ttl - JHS */ 496 497 if (TC_ACT_EXT_CMP(ret, TC_ACT_JUMP)) { 498 jmp_prgcnt = ret & TCA_ACT_MAX_PRIO_MASK; 499 if (!jmp_prgcnt || (jmp_prgcnt > nr_actions)) { 500 /* faulty opcode, stop pipeline */ 501 return TC_ACT_OK; 502 } else { 503 jmp_ttl -= 1; 504 if (jmp_ttl > 0) 505 goto restart_act_graph; 506 else /* faulty graph, stop pipeline */ 507 return TC_ACT_OK; 508 } 509 } else if (TC_ACT_EXT_CMP(ret, TC_ACT_GOTO_CHAIN)) { 510 tcf_action_goto_chain_exec(a, res); 511 } 512 513 if (ret != TC_ACT_PIPE) 514 break; 515 } 516 517 return ret; 518 } 519 EXPORT_SYMBOL(tcf_action_exec); 520 521 int tcf_action_destroy(struct list_head *actions, int bind) 522 { 523 struct tc_action *a, *tmp; 524 int ret = 0; 525 526 list_for_each_entry_safe(a, tmp, actions, list) { 527 ret = __tcf_hash_release(a, bind, true); 528 if (ret == ACT_P_DELETED) 529 module_put(a->ops->owner); 530 else if (ret < 0) 531 return ret; 532 } 533 return ret; 534 } 535 536 int 537 tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 538 { 539 return a->ops->dump(skb, a, bind, ref); 540 } 541 542 int 543 tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 544 { 545 int err = -EINVAL; 546 unsigned char *b = skb_tail_pointer(skb); 547 struct nlattr *nest; 548 549 if (nla_put_string(skb, TCA_KIND, a->ops->kind)) 550 goto nla_put_failure; 551 if (tcf_action_copy_stats(skb, a, 0)) 552 goto nla_put_failure; 553 if (a->act_cookie) { 554 if (nla_put(skb, TCA_ACT_COOKIE, a->act_cookie->len, 555 a->act_cookie->data)) 556 goto nla_put_failure; 557 } 558 559 nest = nla_nest_start(skb, TCA_OPTIONS); 560 if (nest == NULL) 561 goto nla_put_failure; 562 err = tcf_action_dump_old(skb, a, bind, ref); 563 if (err > 0) { 564 nla_nest_end(skb, nest); 565 return err; 566 } 567 568 nla_put_failure: 569 nlmsg_trim(skb, b); 570 return -1; 571 } 572 EXPORT_SYMBOL(tcf_action_dump_1); 573 574 int tcf_action_dump(struct sk_buff *skb, struct list_head *actions, 575 int bind, int ref) 576 { 577 struct tc_action *a; 578 int err = -EINVAL; 579 struct nlattr *nest; 580 581 list_for_each_entry(a, actions, list) { 582 nest = nla_nest_start(skb, a->order); 583 if (nest == NULL) 584 goto nla_put_failure; 585 err = tcf_action_dump_1(skb, a, bind, ref); 586 if (err < 0) 587 goto errout; 588 nla_nest_end(skb, nest); 589 } 590 591 return 0; 592 593 nla_put_failure: 594 err = -EINVAL; 595 errout: 596 nla_nest_cancel(skb, nest); 597 return err; 598 } 599 600 static struct tc_cookie *nla_memdup_cookie(struct nlattr **tb) 601 { 602 struct tc_cookie *c = kzalloc(sizeof(*c), GFP_KERNEL); 603 if (!c) 604 return NULL; 605 606 c->data = nla_memdup(tb[TCA_ACT_COOKIE], GFP_KERNEL); 607 if (!c->data) { 608 kfree(c); 609 return NULL; 610 } 611 c->len = nla_len(tb[TCA_ACT_COOKIE]); 612 613 return c; 614 } 615 616 struct tc_action *tcf_action_init_1(struct net *net, struct tcf_proto *tp, 617 struct nlattr *nla, struct nlattr *est, 618 char *name, int ovr, int bind) 619 { 620 struct tc_action *a; 621 struct tc_action_ops *a_o; 622 struct tc_cookie *cookie = NULL; 623 char act_name[IFNAMSIZ]; 624 struct nlattr *tb[TCA_ACT_MAX + 1]; 625 struct nlattr *kind; 626 int err; 627 628 if (name == NULL) { 629 err = nla_parse_nested(tb, TCA_ACT_MAX, nla, NULL, NULL); 630 if (err < 0) 631 goto err_out; 632 err = -EINVAL; 633 kind = tb[TCA_ACT_KIND]; 634 if (kind == NULL) 635 goto err_out; 636 if (nla_strlcpy(act_name, kind, IFNAMSIZ) >= IFNAMSIZ) 637 goto err_out; 638 if (tb[TCA_ACT_COOKIE]) { 639 int cklen = nla_len(tb[TCA_ACT_COOKIE]); 640 641 if (cklen > TC_COOKIE_MAX_SIZE) 642 goto err_out; 643 644 cookie = nla_memdup_cookie(tb); 645 if (!cookie) { 646 err = -ENOMEM; 647 goto err_out; 648 } 649 } 650 } else { 651 err = -EINVAL; 652 if (strlcpy(act_name, name, IFNAMSIZ) >= IFNAMSIZ) 653 goto err_out; 654 } 655 656 a_o = tc_lookup_action_n(act_name); 657 if (a_o == NULL) { 658 #ifdef CONFIG_MODULES 659 rtnl_unlock(); 660 request_module("act_%s", act_name); 661 rtnl_lock(); 662 663 a_o = tc_lookup_action_n(act_name); 664 665 /* We dropped the RTNL semaphore in order to 666 * perform the module load. So, even if we 667 * succeeded in loading the module we have to 668 * tell the caller to replay the request. We 669 * indicate this using -EAGAIN. 670 */ 671 if (a_o != NULL) { 672 err = -EAGAIN; 673 goto err_mod; 674 } 675 #endif 676 err = -ENOENT; 677 goto err_out; 678 } 679 680 /* backward compatibility for policer */ 681 if (name == NULL) 682 err = a_o->init(net, tb[TCA_ACT_OPTIONS], est, &a, ovr, bind); 683 else 684 err = a_o->init(net, nla, est, &a, ovr, bind); 685 if (err < 0) 686 goto err_mod; 687 688 if (name == NULL && tb[TCA_ACT_COOKIE]) { 689 if (a->act_cookie) { 690 kfree(a->act_cookie->data); 691 kfree(a->act_cookie); 692 } 693 a->act_cookie = cookie; 694 } 695 696 /* module count goes up only when brand new policy is created 697 * if it exists and is only bound to in a_o->init() then 698 * ACT_P_CREATED is not returned (a zero is). 699 */ 700 if (err != ACT_P_CREATED) 701 module_put(a_o->owner); 702 703 if (TC_ACT_EXT_CMP(a->tcfa_action, TC_ACT_GOTO_CHAIN)) { 704 err = tcf_action_goto_chain_init(a, tp); 705 if (err) { 706 LIST_HEAD(actions); 707 708 list_add_tail(&a->list, &actions); 709 tcf_action_destroy(&actions, bind); 710 return ERR_PTR(err); 711 } 712 } 713 714 return a; 715 716 err_mod: 717 module_put(a_o->owner); 718 err_out: 719 if (cookie) { 720 kfree(cookie->data); 721 kfree(cookie); 722 } 723 return ERR_PTR(err); 724 } 725 726 static void cleanup_a(struct list_head *actions, int ovr) 727 { 728 struct tc_action *a; 729 730 if (!ovr) 731 return; 732 733 list_for_each_entry(a, actions, list) 734 a->tcfa_refcnt--; 735 } 736 737 int tcf_action_init(struct net *net, struct tcf_proto *tp, struct nlattr *nla, 738 struct nlattr *est, char *name, int ovr, int bind, 739 struct list_head *actions) 740 { 741 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 742 struct tc_action *act; 743 int err; 744 int i; 745 746 err = nla_parse_nested(tb, TCA_ACT_MAX_PRIO, nla, NULL, NULL); 747 if (err < 0) 748 return err; 749 750 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 751 act = tcf_action_init_1(net, tp, tb[i], est, name, ovr, bind); 752 if (IS_ERR(act)) { 753 err = PTR_ERR(act); 754 goto err; 755 } 756 act->order = i; 757 if (ovr) 758 act->tcfa_refcnt++; 759 list_add_tail(&act->list, actions); 760 } 761 762 /* Remove the temp refcnt which was necessary to protect against 763 * destroying an existing action which was being replaced 764 */ 765 cleanup_a(actions, ovr); 766 return 0; 767 768 err: 769 tcf_action_destroy(actions, bind); 770 return err; 771 } 772 773 int tcf_action_copy_stats(struct sk_buff *skb, struct tc_action *p, 774 int compat_mode) 775 { 776 int err = 0; 777 struct gnet_dump d; 778 779 if (p == NULL) 780 goto errout; 781 782 /* compat_mode being true specifies a call that is supposed 783 * to add additional backward compatibility statistic TLVs. 784 */ 785 if (compat_mode) { 786 if (p->type == TCA_OLD_COMPAT) 787 err = gnet_stats_start_copy_compat(skb, 0, 788 TCA_STATS, 789 TCA_XSTATS, 790 &p->tcfa_lock, &d, 791 TCA_PAD); 792 else 793 return 0; 794 } else 795 err = gnet_stats_start_copy(skb, TCA_ACT_STATS, 796 &p->tcfa_lock, &d, TCA_ACT_PAD); 797 798 if (err < 0) 799 goto errout; 800 801 if (gnet_stats_copy_basic(NULL, &d, p->cpu_bstats, &p->tcfa_bstats) < 0 || 802 gnet_stats_copy_rate_est(&d, &p->tcfa_rate_est) < 0 || 803 gnet_stats_copy_queue(&d, p->cpu_qstats, 804 &p->tcfa_qstats, 805 p->tcfa_qstats.qlen) < 0) 806 goto errout; 807 808 if (gnet_stats_finish_copy(&d) < 0) 809 goto errout; 810 811 return 0; 812 813 errout: 814 return -1; 815 } 816 817 static int tca_get_fill(struct sk_buff *skb, struct list_head *actions, 818 u32 portid, u32 seq, u16 flags, int event, int bind, 819 int ref) 820 { 821 struct tcamsg *t; 822 struct nlmsghdr *nlh; 823 unsigned char *b = skb_tail_pointer(skb); 824 struct nlattr *nest; 825 826 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*t), flags); 827 if (!nlh) 828 goto out_nlmsg_trim; 829 t = nlmsg_data(nlh); 830 t->tca_family = AF_UNSPEC; 831 t->tca__pad1 = 0; 832 t->tca__pad2 = 0; 833 834 nest = nla_nest_start(skb, TCA_ACT_TAB); 835 if (nest == NULL) 836 goto out_nlmsg_trim; 837 838 if (tcf_action_dump(skb, actions, bind, ref) < 0) 839 goto out_nlmsg_trim; 840 841 nla_nest_end(skb, nest); 842 843 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 844 return skb->len; 845 846 out_nlmsg_trim: 847 nlmsg_trim(skb, b); 848 return -1; 849 } 850 851 static int 852 tcf_get_notify(struct net *net, u32 portid, struct nlmsghdr *n, 853 struct list_head *actions, int event) 854 { 855 struct sk_buff *skb; 856 857 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 858 if (!skb) 859 return -ENOBUFS; 860 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, event, 861 0, 0) <= 0) { 862 kfree_skb(skb); 863 return -EINVAL; 864 } 865 866 return rtnl_unicast(skb, net, portid); 867 } 868 869 static struct tc_action *tcf_action_get_1(struct net *net, struct nlattr *nla, 870 struct nlmsghdr *n, u32 portid) 871 { 872 struct nlattr *tb[TCA_ACT_MAX + 1]; 873 const struct tc_action_ops *ops; 874 struct tc_action *a; 875 int index; 876 int err; 877 878 err = nla_parse_nested(tb, TCA_ACT_MAX, nla, NULL, NULL); 879 if (err < 0) 880 goto err_out; 881 882 err = -EINVAL; 883 if (tb[TCA_ACT_INDEX] == NULL || 884 nla_len(tb[TCA_ACT_INDEX]) < sizeof(index)) 885 goto err_out; 886 index = nla_get_u32(tb[TCA_ACT_INDEX]); 887 888 err = -EINVAL; 889 ops = tc_lookup_action(tb[TCA_ACT_KIND]); 890 if (!ops) /* could happen in batch of actions */ 891 goto err_out; 892 err = -ENOENT; 893 if (ops->lookup(net, &a, index) == 0) 894 goto err_mod; 895 896 module_put(ops->owner); 897 return a; 898 899 err_mod: 900 module_put(ops->owner); 901 err_out: 902 return ERR_PTR(err); 903 } 904 905 static int tca_action_flush(struct net *net, struct nlattr *nla, 906 struct nlmsghdr *n, u32 portid) 907 { 908 struct sk_buff *skb; 909 unsigned char *b; 910 struct nlmsghdr *nlh; 911 struct tcamsg *t; 912 struct netlink_callback dcb; 913 struct nlattr *nest; 914 struct nlattr *tb[TCA_ACT_MAX + 1]; 915 const struct tc_action_ops *ops; 916 struct nlattr *kind; 917 int err = -ENOMEM; 918 919 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 920 if (!skb) { 921 pr_debug("tca_action_flush: failed skb alloc\n"); 922 return err; 923 } 924 925 b = skb_tail_pointer(skb); 926 927 err = nla_parse_nested(tb, TCA_ACT_MAX, nla, NULL, NULL); 928 if (err < 0) 929 goto err_out; 930 931 err = -EINVAL; 932 kind = tb[TCA_ACT_KIND]; 933 ops = tc_lookup_action(kind); 934 if (!ops) /*some idjot trying to flush unknown action */ 935 goto err_out; 936 937 nlh = nlmsg_put(skb, portid, n->nlmsg_seq, RTM_DELACTION, 938 sizeof(*t), 0); 939 if (!nlh) 940 goto out_module_put; 941 t = nlmsg_data(nlh); 942 t->tca_family = AF_UNSPEC; 943 t->tca__pad1 = 0; 944 t->tca__pad2 = 0; 945 946 nest = nla_nest_start(skb, TCA_ACT_TAB); 947 if (nest == NULL) 948 goto out_module_put; 949 950 err = ops->walk(net, skb, &dcb, RTM_DELACTION, ops); 951 if (err <= 0) 952 goto out_module_put; 953 954 nla_nest_end(skb, nest); 955 956 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 957 nlh->nlmsg_flags |= NLM_F_ROOT; 958 module_put(ops->owner); 959 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 960 n->nlmsg_flags & NLM_F_ECHO); 961 if (err > 0) 962 return 0; 963 964 return err; 965 966 out_module_put: 967 module_put(ops->owner); 968 err_out: 969 kfree_skb(skb); 970 return err; 971 } 972 973 static int 974 tcf_del_notify(struct net *net, struct nlmsghdr *n, struct list_head *actions, 975 u32 portid) 976 { 977 int ret; 978 struct sk_buff *skb; 979 980 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 981 if (!skb) 982 return -ENOBUFS; 983 984 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, RTM_DELACTION, 985 0, 1) <= 0) { 986 kfree_skb(skb); 987 return -EINVAL; 988 } 989 990 /* now do the delete */ 991 ret = tcf_action_destroy(actions, 0); 992 if (ret < 0) { 993 kfree_skb(skb); 994 return ret; 995 } 996 997 ret = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 998 n->nlmsg_flags & NLM_F_ECHO); 999 if (ret > 0) 1000 return 0; 1001 return ret; 1002 } 1003 1004 static int 1005 tca_action_gd(struct net *net, struct nlattr *nla, struct nlmsghdr *n, 1006 u32 portid, int event) 1007 { 1008 int i, ret; 1009 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 1010 struct tc_action *act; 1011 LIST_HEAD(actions); 1012 1013 ret = nla_parse_nested(tb, TCA_ACT_MAX_PRIO, nla, NULL, NULL); 1014 if (ret < 0) 1015 return ret; 1016 1017 if (event == RTM_DELACTION && n->nlmsg_flags & NLM_F_ROOT) { 1018 if (tb[1] != NULL) 1019 return tca_action_flush(net, tb[1], n, portid); 1020 else 1021 return -EINVAL; 1022 } 1023 1024 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) { 1025 act = tcf_action_get_1(net, tb[i], n, portid); 1026 if (IS_ERR(act)) { 1027 ret = PTR_ERR(act); 1028 goto err; 1029 } 1030 act->order = i; 1031 list_add_tail(&act->list, &actions); 1032 } 1033 1034 if (event == RTM_GETACTION) 1035 ret = tcf_get_notify(net, portid, n, &actions, event); 1036 else { /* delete */ 1037 ret = tcf_del_notify(net, n, &actions, portid); 1038 if (ret) 1039 goto err; 1040 return ret; 1041 } 1042 err: 1043 if (event != RTM_GETACTION) 1044 tcf_action_destroy(&actions, 0); 1045 return ret; 1046 } 1047 1048 static int 1049 tcf_add_notify(struct net *net, struct nlmsghdr *n, struct list_head *actions, 1050 u32 portid) 1051 { 1052 struct sk_buff *skb; 1053 int err = 0; 1054 1055 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 1056 if (!skb) 1057 return -ENOBUFS; 1058 1059 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, n->nlmsg_flags, 1060 RTM_NEWACTION, 0, 0) <= 0) { 1061 kfree_skb(skb); 1062 return -EINVAL; 1063 } 1064 1065 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC, 1066 n->nlmsg_flags & NLM_F_ECHO); 1067 if (err > 0) 1068 err = 0; 1069 return err; 1070 } 1071 1072 static int tcf_action_add(struct net *net, struct nlattr *nla, 1073 struct nlmsghdr *n, u32 portid, int ovr) 1074 { 1075 int ret = 0; 1076 LIST_HEAD(actions); 1077 1078 ret = tcf_action_init(net, NULL, nla, NULL, NULL, ovr, 0, &actions); 1079 if (ret) 1080 return ret; 1081 1082 return tcf_add_notify(net, n, &actions, portid); 1083 } 1084 1085 static u32 tcaa_root_flags_allowed = TCA_FLAG_LARGE_DUMP_ON; 1086 static const struct nla_policy tcaa_policy[TCA_ROOT_MAX + 1] = { 1087 [TCA_ROOT_FLAGS] = { .type = NLA_BITFIELD32, 1088 .validation_data = &tcaa_root_flags_allowed }, 1089 [TCA_ROOT_TIME_DELTA] = { .type = NLA_U32 }, 1090 }; 1091 1092 static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n, 1093 struct netlink_ext_ack *extack) 1094 { 1095 struct net *net = sock_net(skb->sk); 1096 struct nlattr *tca[TCA_ROOT_MAX + 1]; 1097 u32 portid = skb ? NETLINK_CB(skb).portid : 0; 1098 int ret = 0, ovr = 0; 1099 1100 if ((n->nlmsg_type != RTM_GETACTION) && 1101 !netlink_capable(skb, CAP_NET_ADMIN)) 1102 return -EPERM; 1103 1104 ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ROOT_MAX, NULL, 1105 extack); 1106 if (ret < 0) 1107 return ret; 1108 1109 if (tca[TCA_ACT_TAB] == NULL) { 1110 pr_notice("tc_ctl_action: received NO action attribs\n"); 1111 return -EINVAL; 1112 } 1113 1114 /* n->nlmsg_flags & NLM_F_CREATE */ 1115 switch (n->nlmsg_type) { 1116 case RTM_NEWACTION: 1117 /* we are going to assume all other flags 1118 * imply create only if it doesn't exist 1119 * Note that CREATE | EXCL implies that 1120 * but since we want avoid ambiguity (eg when flags 1121 * is zero) then just set this 1122 */ 1123 if (n->nlmsg_flags & NLM_F_REPLACE) 1124 ovr = 1; 1125 replay: 1126 ret = tcf_action_add(net, tca[TCA_ACT_TAB], n, portid, ovr); 1127 if (ret == -EAGAIN) 1128 goto replay; 1129 break; 1130 case RTM_DELACTION: 1131 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n, 1132 portid, RTM_DELACTION); 1133 break; 1134 case RTM_GETACTION: 1135 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n, 1136 portid, RTM_GETACTION); 1137 break; 1138 default: 1139 BUG(); 1140 } 1141 1142 return ret; 1143 } 1144 1145 static struct nlattr *find_dump_kind(struct nlattr **nla) 1146 { 1147 struct nlattr *tb1, *tb2[TCA_ACT_MAX + 1]; 1148 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1]; 1149 struct nlattr *kind; 1150 1151 tb1 = nla[TCA_ACT_TAB]; 1152 if (tb1 == NULL) 1153 return NULL; 1154 1155 if (nla_parse(tb, TCA_ACT_MAX_PRIO, nla_data(tb1), 1156 NLMSG_ALIGN(nla_len(tb1)), NULL, NULL) < 0) 1157 return NULL; 1158 1159 if (tb[1] == NULL) 1160 return NULL; 1161 if (nla_parse_nested(tb2, TCA_ACT_MAX, tb[1], NULL, NULL) < 0) 1162 return NULL; 1163 kind = tb2[TCA_ACT_KIND]; 1164 1165 return kind; 1166 } 1167 1168 static int tc_dump_action(struct sk_buff *skb, struct netlink_callback *cb) 1169 { 1170 struct net *net = sock_net(skb->sk); 1171 struct nlmsghdr *nlh; 1172 unsigned char *b = skb_tail_pointer(skb); 1173 struct nlattr *nest; 1174 struct tc_action_ops *a_o; 1175 int ret = 0; 1176 struct tcamsg *t = (struct tcamsg *) nlmsg_data(cb->nlh); 1177 struct nlattr *tb[TCA_ROOT_MAX + 1]; 1178 struct nlattr *count_attr = NULL; 1179 unsigned long jiffy_since = 0; 1180 struct nlattr *kind = NULL; 1181 struct nla_bitfield32 bf; 1182 u32 msecs_since = 0; 1183 u32 act_count = 0; 1184 1185 ret = nlmsg_parse(cb->nlh, sizeof(struct tcamsg), tb, TCA_ROOT_MAX, 1186 tcaa_policy, NULL); 1187 if (ret < 0) 1188 return ret; 1189 1190 kind = find_dump_kind(tb); 1191 if (kind == NULL) { 1192 pr_info("tc_dump_action: action bad kind\n"); 1193 return 0; 1194 } 1195 1196 a_o = tc_lookup_action(kind); 1197 if (a_o == NULL) 1198 return 0; 1199 1200 cb->args[2] = 0; 1201 if (tb[TCA_ROOT_FLAGS]) { 1202 bf = nla_get_bitfield32(tb[TCA_ROOT_FLAGS]); 1203 cb->args[2] = bf.value; 1204 } 1205 1206 if (tb[TCA_ROOT_TIME_DELTA]) { 1207 msecs_since = nla_get_u32(tb[TCA_ROOT_TIME_DELTA]); 1208 } 1209 1210 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq, 1211 cb->nlh->nlmsg_type, sizeof(*t), 0); 1212 if (!nlh) 1213 goto out_module_put; 1214 1215 if (msecs_since) 1216 jiffy_since = jiffies - msecs_to_jiffies(msecs_since); 1217 1218 t = nlmsg_data(nlh); 1219 t->tca_family = AF_UNSPEC; 1220 t->tca__pad1 = 0; 1221 t->tca__pad2 = 0; 1222 cb->args[3] = jiffy_since; 1223 count_attr = nla_reserve(skb, TCA_ROOT_COUNT, sizeof(u32)); 1224 if (!count_attr) 1225 goto out_module_put; 1226 1227 nest = nla_nest_start(skb, TCA_ACT_TAB); 1228 if (nest == NULL) 1229 goto out_module_put; 1230 1231 ret = a_o->walk(net, skb, cb, RTM_GETACTION, a_o); 1232 if (ret < 0) 1233 goto out_module_put; 1234 1235 if (ret > 0) { 1236 nla_nest_end(skb, nest); 1237 ret = skb->len; 1238 act_count = cb->args[1]; 1239 memcpy(nla_data(count_attr), &act_count, sizeof(u32)); 1240 cb->args[1] = 0; 1241 } else 1242 nlmsg_trim(skb, b); 1243 1244 nlh->nlmsg_len = skb_tail_pointer(skb) - b; 1245 if (NETLINK_CB(cb->skb).portid && ret) 1246 nlh->nlmsg_flags |= NLM_F_MULTI; 1247 module_put(a_o->owner); 1248 return skb->len; 1249 1250 out_module_put: 1251 module_put(a_o->owner); 1252 nlmsg_trim(skb, b); 1253 return skb->len; 1254 } 1255 1256 static int __init tc_action_init(void) 1257 { 1258 rtnl_register(PF_UNSPEC, RTM_NEWACTION, tc_ctl_action, NULL, 0); 1259 rtnl_register(PF_UNSPEC, RTM_DELACTION, tc_ctl_action, NULL, 0); 1260 rtnl_register(PF_UNSPEC, RTM_GETACTION, tc_ctl_action, tc_dump_action, 1261 0); 1262 1263 return 0; 1264 } 1265 1266 subsys_initcall(tc_action_init); 1267