1 /* 2 * net/sched/cls_flow.c Generic flow classifier 3 * 4 * Copyright (c) 2007, 2008 Patrick McHardy <kaber@trash.net> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/kernel.h> 13 #include <linux/init.h> 14 #include <linux/list.h> 15 #include <linux/jhash.h> 16 #include <linux/random.h> 17 #include <linux/pkt_cls.h> 18 #include <linux/skbuff.h> 19 #include <linux/in.h> 20 #include <linux/ip.h> 21 #include <linux/ipv6.h> 22 #include <linux/if_vlan.h> 23 #include <linux/slab.h> 24 #include <linux/module.h> 25 26 #include <net/pkt_cls.h> 27 #include <net/ip.h> 28 #include <net/route.h> 29 #include <net/flow_dissector.h> 30 31 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 32 #include <net/netfilter/nf_conntrack.h> 33 #endif 34 35 struct flow_head { 36 struct list_head filters; 37 struct rcu_head rcu; 38 }; 39 40 struct flow_filter { 41 struct list_head list; 42 struct tcf_exts exts; 43 struct tcf_ematch_tree ematches; 44 struct tcf_proto *tp; 45 struct timer_list perturb_timer; 46 u32 perturb_period; 47 u32 handle; 48 49 u32 nkeys; 50 u32 keymask; 51 u32 mode; 52 u32 mask; 53 u32 xor; 54 u32 rshift; 55 u32 addend; 56 u32 divisor; 57 u32 baseclass; 58 u32 hashrnd; 59 struct rcu_head rcu; 60 }; 61 62 static inline u32 addr_fold(void *addr) 63 { 64 unsigned long a = (unsigned long)addr; 65 66 return (a & 0xFFFFFFFF) ^ (BITS_PER_LONG > 32 ? a >> 32 : 0); 67 } 68 69 static u32 flow_get_src(const struct sk_buff *skb, const struct flow_keys *flow) 70 { 71 __be32 src = flow_get_u32_src(flow); 72 73 if (src) 74 return ntohl(src); 75 76 return addr_fold(skb->sk); 77 } 78 79 static u32 flow_get_dst(const struct sk_buff *skb, const struct flow_keys *flow) 80 { 81 __be32 dst = flow_get_u32_dst(flow); 82 83 if (dst) 84 return ntohl(dst); 85 86 return addr_fold(skb_dst(skb)) ^ (__force u16) tc_skb_protocol(skb); 87 } 88 89 static u32 flow_get_proto(const struct sk_buff *skb, const struct flow_keys *flow) 90 { 91 return flow->basic.ip_proto; 92 } 93 94 static u32 flow_get_proto_src(const struct sk_buff *skb, const struct flow_keys *flow) 95 { 96 if (flow->ports.ports) 97 return ntohs(flow->ports.src); 98 99 return addr_fold(skb->sk); 100 } 101 102 static u32 flow_get_proto_dst(const struct sk_buff *skb, const struct flow_keys *flow) 103 { 104 if (flow->ports.ports) 105 return ntohs(flow->ports.dst); 106 107 return addr_fold(skb_dst(skb)) ^ (__force u16) tc_skb_protocol(skb); 108 } 109 110 static u32 flow_get_iif(const struct sk_buff *skb) 111 { 112 return skb->skb_iif; 113 } 114 115 static u32 flow_get_priority(const struct sk_buff *skb) 116 { 117 return skb->priority; 118 } 119 120 static u32 flow_get_mark(const struct sk_buff *skb) 121 { 122 return skb->mark; 123 } 124 125 static u32 flow_get_nfct(const struct sk_buff *skb) 126 { 127 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 128 return addr_fold(skb->nfct); 129 #else 130 return 0; 131 #endif 132 } 133 134 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 135 #define CTTUPLE(skb, member) \ 136 ({ \ 137 enum ip_conntrack_info ctinfo; \ 138 const struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \ 139 if (ct == NULL) \ 140 goto fallback; \ 141 ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; \ 142 }) 143 #else 144 #define CTTUPLE(skb, member) \ 145 ({ \ 146 goto fallback; \ 147 0; \ 148 }) 149 #endif 150 151 static u32 flow_get_nfct_src(const struct sk_buff *skb, const struct flow_keys *flow) 152 { 153 switch (tc_skb_protocol(skb)) { 154 case htons(ETH_P_IP): 155 return ntohl(CTTUPLE(skb, src.u3.ip)); 156 case htons(ETH_P_IPV6): 157 return ntohl(CTTUPLE(skb, src.u3.ip6[3])); 158 } 159 fallback: 160 return flow_get_src(skb, flow); 161 } 162 163 static u32 flow_get_nfct_dst(const struct sk_buff *skb, const struct flow_keys *flow) 164 { 165 switch (tc_skb_protocol(skb)) { 166 case htons(ETH_P_IP): 167 return ntohl(CTTUPLE(skb, dst.u3.ip)); 168 case htons(ETH_P_IPV6): 169 return ntohl(CTTUPLE(skb, dst.u3.ip6[3])); 170 } 171 fallback: 172 return flow_get_dst(skb, flow); 173 } 174 175 static u32 flow_get_nfct_proto_src(const struct sk_buff *skb, const struct flow_keys *flow) 176 { 177 return ntohs(CTTUPLE(skb, src.u.all)); 178 fallback: 179 return flow_get_proto_src(skb, flow); 180 } 181 182 static u32 flow_get_nfct_proto_dst(const struct sk_buff *skb, const struct flow_keys *flow) 183 { 184 return ntohs(CTTUPLE(skb, dst.u.all)); 185 fallback: 186 return flow_get_proto_dst(skb, flow); 187 } 188 189 static u32 flow_get_rtclassid(const struct sk_buff *skb) 190 { 191 #ifdef CONFIG_IP_ROUTE_CLASSID 192 if (skb_dst(skb)) 193 return skb_dst(skb)->tclassid; 194 #endif 195 return 0; 196 } 197 198 static u32 flow_get_skuid(const struct sk_buff *skb) 199 { 200 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) { 201 kuid_t skuid = skb->sk->sk_socket->file->f_cred->fsuid; 202 return from_kuid(&init_user_ns, skuid); 203 } 204 return 0; 205 } 206 207 static u32 flow_get_skgid(const struct sk_buff *skb) 208 { 209 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file) { 210 kgid_t skgid = skb->sk->sk_socket->file->f_cred->fsgid; 211 return from_kgid(&init_user_ns, skgid); 212 } 213 return 0; 214 } 215 216 static u32 flow_get_vlan_tag(const struct sk_buff *skb) 217 { 218 u16 uninitialized_var(tag); 219 220 if (vlan_get_tag(skb, &tag) < 0) 221 return 0; 222 return tag & VLAN_VID_MASK; 223 } 224 225 static u32 flow_get_rxhash(struct sk_buff *skb) 226 { 227 return skb_get_hash(skb); 228 } 229 230 static u32 flow_key_get(struct sk_buff *skb, int key, struct flow_keys *flow) 231 { 232 switch (key) { 233 case FLOW_KEY_SRC: 234 return flow_get_src(skb, flow); 235 case FLOW_KEY_DST: 236 return flow_get_dst(skb, flow); 237 case FLOW_KEY_PROTO: 238 return flow_get_proto(skb, flow); 239 case FLOW_KEY_PROTO_SRC: 240 return flow_get_proto_src(skb, flow); 241 case FLOW_KEY_PROTO_DST: 242 return flow_get_proto_dst(skb, flow); 243 case FLOW_KEY_IIF: 244 return flow_get_iif(skb); 245 case FLOW_KEY_PRIORITY: 246 return flow_get_priority(skb); 247 case FLOW_KEY_MARK: 248 return flow_get_mark(skb); 249 case FLOW_KEY_NFCT: 250 return flow_get_nfct(skb); 251 case FLOW_KEY_NFCT_SRC: 252 return flow_get_nfct_src(skb, flow); 253 case FLOW_KEY_NFCT_DST: 254 return flow_get_nfct_dst(skb, flow); 255 case FLOW_KEY_NFCT_PROTO_SRC: 256 return flow_get_nfct_proto_src(skb, flow); 257 case FLOW_KEY_NFCT_PROTO_DST: 258 return flow_get_nfct_proto_dst(skb, flow); 259 case FLOW_KEY_RTCLASSID: 260 return flow_get_rtclassid(skb); 261 case FLOW_KEY_SKUID: 262 return flow_get_skuid(skb); 263 case FLOW_KEY_SKGID: 264 return flow_get_skgid(skb); 265 case FLOW_KEY_VLAN_TAG: 266 return flow_get_vlan_tag(skb); 267 case FLOW_KEY_RXHASH: 268 return flow_get_rxhash(skb); 269 default: 270 WARN_ON(1); 271 return 0; 272 } 273 } 274 275 #define FLOW_KEYS_NEEDED ((1 << FLOW_KEY_SRC) | \ 276 (1 << FLOW_KEY_DST) | \ 277 (1 << FLOW_KEY_PROTO) | \ 278 (1 << FLOW_KEY_PROTO_SRC) | \ 279 (1 << FLOW_KEY_PROTO_DST) | \ 280 (1 << FLOW_KEY_NFCT_SRC) | \ 281 (1 << FLOW_KEY_NFCT_DST) | \ 282 (1 << FLOW_KEY_NFCT_PROTO_SRC) | \ 283 (1 << FLOW_KEY_NFCT_PROTO_DST)) 284 285 static int flow_classify(struct sk_buff *skb, const struct tcf_proto *tp, 286 struct tcf_result *res) 287 { 288 struct flow_head *head = rcu_dereference_bh(tp->root); 289 struct flow_filter *f; 290 u32 keymask; 291 u32 classid; 292 unsigned int n, key; 293 int r; 294 295 list_for_each_entry_rcu(f, &head->filters, list) { 296 u32 keys[FLOW_KEY_MAX + 1]; 297 struct flow_keys flow_keys; 298 299 if (!tcf_em_tree_match(skb, &f->ematches, NULL)) 300 continue; 301 302 keymask = f->keymask; 303 if (keymask & FLOW_KEYS_NEEDED) 304 skb_flow_dissect_flow_keys(skb, &flow_keys); 305 306 for (n = 0; n < f->nkeys; n++) { 307 key = ffs(keymask) - 1; 308 keymask &= ~(1 << key); 309 keys[n] = flow_key_get(skb, key, &flow_keys); 310 } 311 312 if (f->mode == FLOW_MODE_HASH) 313 classid = jhash2(keys, f->nkeys, f->hashrnd); 314 else { 315 classid = keys[0]; 316 classid = (classid & f->mask) ^ f->xor; 317 classid = (classid >> f->rshift) + f->addend; 318 } 319 320 if (f->divisor) 321 classid %= f->divisor; 322 323 res->class = 0; 324 res->classid = TC_H_MAKE(f->baseclass, f->baseclass + classid); 325 326 r = tcf_exts_exec(skb, &f->exts, res); 327 if (r < 0) 328 continue; 329 return r; 330 } 331 return -1; 332 } 333 334 static void flow_perturbation(unsigned long arg) 335 { 336 struct flow_filter *f = (struct flow_filter *)arg; 337 338 get_random_bytes(&f->hashrnd, 4); 339 if (f->perturb_period) 340 mod_timer(&f->perturb_timer, jiffies + f->perturb_period); 341 } 342 343 static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = { 344 [TCA_FLOW_KEYS] = { .type = NLA_U32 }, 345 [TCA_FLOW_MODE] = { .type = NLA_U32 }, 346 [TCA_FLOW_BASECLASS] = { .type = NLA_U32 }, 347 [TCA_FLOW_RSHIFT] = { .type = NLA_U32 }, 348 [TCA_FLOW_ADDEND] = { .type = NLA_U32 }, 349 [TCA_FLOW_MASK] = { .type = NLA_U32 }, 350 [TCA_FLOW_XOR] = { .type = NLA_U32 }, 351 [TCA_FLOW_DIVISOR] = { .type = NLA_U32 }, 352 [TCA_FLOW_ACT] = { .type = NLA_NESTED }, 353 [TCA_FLOW_POLICE] = { .type = NLA_NESTED }, 354 [TCA_FLOW_EMATCHES] = { .type = NLA_NESTED }, 355 [TCA_FLOW_PERTURB] = { .type = NLA_U32 }, 356 }; 357 358 static void flow_destroy_filter(struct rcu_head *head) 359 { 360 struct flow_filter *f = container_of(head, struct flow_filter, rcu); 361 362 del_timer_sync(&f->perturb_timer); 363 tcf_exts_destroy(&f->exts); 364 tcf_em_tree_destroy(&f->ematches); 365 kfree(f); 366 } 367 368 static int flow_change(struct net *net, struct sk_buff *in_skb, 369 struct tcf_proto *tp, unsigned long base, 370 u32 handle, struct nlattr **tca, 371 unsigned long *arg, bool ovr) 372 { 373 struct flow_head *head = rtnl_dereference(tp->root); 374 struct flow_filter *fold, *fnew; 375 struct nlattr *opt = tca[TCA_OPTIONS]; 376 struct nlattr *tb[TCA_FLOW_MAX + 1]; 377 struct tcf_exts e; 378 struct tcf_ematch_tree t; 379 unsigned int nkeys = 0; 380 unsigned int perturb_period = 0; 381 u32 baseclass = 0; 382 u32 keymask = 0; 383 u32 mode; 384 int err; 385 386 if (opt == NULL) 387 return -EINVAL; 388 389 err = nla_parse_nested(tb, TCA_FLOW_MAX, opt, flow_policy); 390 if (err < 0) 391 return err; 392 393 if (tb[TCA_FLOW_BASECLASS]) { 394 baseclass = nla_get_u32(tb[TCA_FLOW_BASECLASS]); 395 if (TC_H_MIN(baseclass) == 0) 396 return -EINVAL; 397 } 398 399 if (tb[TCA_FLOW_KEYS]) { 400 keymask = nla_get_u32(tb[TCA_FLOW_KEYS]); 401 402 nkeys = hweight32(keymask); 403 if (nkeys == 0) 404 return -EINVAL; 405 406 if (fls(keymask) - 1 > FLOW_KEY_MAX) 407 return -EOPNOTSUPP; 408 409 if ((keymask & (FLOW_KEY_SKUID|FLOW_KEY_SKGID)) && 410 sk_user_ns(NETLINK_CB(in_skb).sk) != &init_user_ns) 411 return -EOPNOTSUPP; 412 } 413 414 tcf_exts_init(&e, TCA_FLOW_ACT, TCA_FLOW_POLICE); 415 err = tcf_exts_validate(net, tp, tb, tca[TCA_RATE], &e, ovr); 416 if (err < 0) 417 return err; 418 419 err = tcf_em_tree_validate(tp, tb[TCA_FLOW_EMATCHES], &t); 420 if (err < 0) 421 goto err1; 422 423 err = -ENOBUFS; 424 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL); 425 if (!fnew) 426 goto err2; 427 428 fold = (struct flow_filter *)*arg; 429 if (fold) { 430 err = -EINVAL; 431 if (fold->handle != handle && handle) 432 goto err2; 433 434 /* Copy fold into fnew */ 435 fnew->tp = fold->tp; 436 fnew->handle = fold->handle; 437 fnew->nkeys = fold->nkeys; 438 fnew->keymask = fold->keymask; 439 fnew->mode = fold->mode; 440 fnew->mask = fold->mask; 441 fnew->xor = fold->xor; 442 fnew->rshift = fold->rshift; 443 fnew->addend = fold->addend; 444 fnew->divisor = fold->divisor; 445 fnew->baseclass = fold->baseclass; 446 fnew->hashrnd = fold->hashrnd; 447 448 mode = fold->mode; 449 if (tb[TCA_FLOW_MODE]) 450 mode = nla_get_u32(tb[TCA_FLOW_MODE]); 451 if (mode != FLOW_MODE_HASH && nkeys > 1) 452 goto err2; 453 454 if (mode == FLOW_MODE_HASH) 455 perturb_period = fold->perturb_period; 456 if (tb[TCA_FLOW_PERTURB]) { 457 if (mode != FLOW_MODE_HASH) 458 goto err2; 459 perturb_period = nla_get_u32(tb[TCA_FLOW_PERTURB]) * HZ; 460 } 461 } else { 462 err = -EINVAL; 463 if (!handle) 464 goto err2; 465 if (!tb[TCA_FLOW_KEYS]) 466 goto err2; 467 468 mode = FLOW_MODE_MAP; 469 if (tb[TCA_FLOW_MODE]) 470 mode = nla_get_u32(tb[TCA_FLOW_MODE]); 471 if (mode != FLOW_MODE_HASH && nkeys > 1) 472 goto err2; 473 474 if (tb[TCA_FLOW_PERTURB]) { 475 if (mode != FLOW_MODE_HASH) 476 goto err2; 477 perturb_period = nla_get_u32(tb[TCA_FLOW_PERTURB]) * HZ; 478 } 479 480 if (TC_H_MAJ(baseclass) == 0) 481 baseclass = TC_H_MAKE(tp->q->handle, baseclass); 482 if (TC_H_MIN(baseclass) == 0) 483 baseclass = TC_H_MAKE(baseclass, 1); 484 485 fnew->handle = handle; 486 fnew->mask = ~0U; 487 fnew->tp = tp; 488 get_random_bytes(&fnew->hashrnd, 4); 489 tcf_exts_init(&fnew->exts, TCA_FLOW_ACT, TCA_FLOW_POLICE); 490 } 491 492 fnew->perturb_timer.function = flow_perturbation; 493 fnew->perturb_timer.data = (unsigned long)fnew; 494 init_timer_deferrable(&fnew->perturb_timer); 495 496 tcf_exts_change(tp, &fnew->exts, &e); 497 tcf_em_tree_change(tp, &fnew->ematches, &t); 498 499 netif_keep_dst(qdisc_dev(tp->q)); 500 501 if (tb[TCA_FLOW_KEYS]) { 502 fnew->keymask = keymask; 503 fnew->nkeys = nkeys; 504 } 505 506 fnew->mode = mode; 507 508 if (tb[TCA_FLOW_MASK]) 509 fnew->mask = nla_get_u32(tb[TCA_FLOW_MASK]); 510 if (tb[TCA_FLOW_XOR]) 511 fnew->xor = nla_get_u32(tb[TCA_FLOW_XOR]); 512 if (tb[TCA_FLOW_RSHIFT]) 513 fnew->rshift = nla_get_u32(tb[TCA_FLOW_RSHIFT]); 514 if (tb[TCA_FLOW_ADDEND]) 515 fnew->addend = nla_get_u32(tb[TCA_FLOW_ADDEND]); 516 517 if (tb[TCA_FLOW_DIVISOR]) 518 fnew->divisor = nla_get_u32(tb[TCA_FLOW_DIVISOR]); 519 if (baseclass) 520 fnew->baseclass = baseclass; 521 522 fnew->perturb_period = perturb_period; 523 if (perturb_period) 524 mod_timer(&fnew->perturb_timer, jiffies + perturb_period); 525 526 if (*arg == 0) 527 list_add_tail_rcu(&fnew->list, &head->filters); 528 else 529 list_replace_rcu(&fnew->list, &fold->list); 530 531 *arg = (unsigned long)fnew; 532 533 if (fold) 534 call_rcu(&fold->rcu, flow_destroy_filter); 535 return 0; 536 537 err2: 538 tcf_em_tree_destroy(&t); 539 kfree(fnew); 540 err1: 541 tcf_exts_destroy(&e); 542 return err; 543 } 544 545 static int flow_delete(struct tcf_proto *tp, unsigned long arg) 546 { 547 struct flow_filter *f = (struct flow_filter *)arg; 548 549 list_del_rcu(&f->list); 550 call_rcu(&f->rcu, flow_destroy_filter); 551 return 0; 552 } 553 554 static int flow_init(struct tcf_proto *tp) 555 { 556 struct flow_head *head; 557 558 head = kzalloc(sizeof(*head), GFP_KERNEL); 559 if (head == NULL) 560 return -ENOBUFS; 561 INIT_LIST_HEAD(&head->filters); 562 rcu_assign_pointer(tp->root, head); 563 return 0; 564 } 565 566 static bool flow_destroy(struct tcf_proto *tp, bool force) 567 { 568 struct flow_head *head = rtnl_dereference(tp->root); 569 struct flow_filter *f, *next; 570 571 if (!force && !list_empty(&head->filters)) 572 return false; 573 574 list_for_each_entry_safe(f, next, &head->filters, list) { 575 list_del_rcu(&f->list); 576 call_rcu(&f->rcu, flow_destroy_filter); 577 } 578 RCU_INIT_POINTER(tp->root, NULL); 579 kfree_rcu(head, rcu); 580 return true; 581 } 582 583 static unsigned long flow_get(struct tcf_proto *tp, u32 handle) 584 { 585 struct flow_head *head = rtnl_dereference(tp->root); 586 struct flow_filter *f; 587 588 list_for_each_entry(f, &head->filters, list) 589 if (f->handle == handle) 590 return (unsigned long)f; 591 return 0; 592 } 593 594 static int flow_dump(struct net *net, struct tcf_proto *tp, unsigned long fh, 595 struct sk_buff *skb, struct tcmsg *t) 596 { 597 struct flow_filter *f = (struct flow_filter *)fh; 598 struct nlattr *nest; 599 600 if (f == NULL) 601 return skb->len; 602 603 t->tcm_handle = f->handle; 604 605 nest = nla_nest_start(skb, TCA_OPTIONS); 606 if (nest == NULL) 607 goto nla_put_failure; 608 609 if (nla_put_u32(skb, TCA_FLOW_KEYS, f->keymask) || 610 nla_put_u32(skb, TCA_FLOW_MODE, f->mode)) 611 goto nla_put_failure; 612 613 if (f->mask != ~0 || f->xor != 0) { 614 if (nla_put_u32(skb, TCA_FLOW_MASK, f->mask) || 615 nla_put_u32(skb, TCA_FLOW_XOR, f->xor)) 616 goto nla_put_failure; 617 } 618 if (f->rshift && 619 nla_put_u32(skb, TCA_FLOW_RSHIFT, f->rshift)) 620 goto nla_put_failure; 621 if (f->addend && 622 nla_put_u32(skb, TCA_FLOW_ADDEND, f->addend)) 623 goto nla_put_failure; 624 625 if (f->divisor && 626 nla_put_u32(skb, TCA_FLOW_DIVISOR, f->divisor)) 627 goto nla_put_failure; 628 if (f->baseclass && 629 nla_put_u32(skb, TCA_FLOW_BASECLASS, f->baseclass)) 630 goto nla_put_failure; 631 632 if (f->perturb_period && 633 nla_put_u32(skb, TCA_FLOW_PERTURB, f->perturb_period / HZ)) 634 goto nla_put_failure; 635 636 if (tcf_exts_dump(skb, &f->exts) < 0) 637 goto nla_put_failure; 638 #ifdef CONFIG_NET_EMATCH 639 if (f->ematches.hdr.nmatches && 640 tcf_em_tree_dump(skb, &f->ematches, TCA_FLOW_EMATCHES) < 0) 641 goto nla_put_failure; 642 #endif 643 nla_nest_end(skb, nest); 644 645 if (tcf_exts_dump_stats(skb, &f->exts) < 0) 646 goto nla_put_failure; 647 648 return skb->len; 649 650 nla_put_failure: 651 nla_nest_cancel(skb, nest); 652 return -1; 653 } 654 655 static void flow_walk(struct tcf_proto *tp, struct tcf_walker *arg) 656 { 657 struct flow_head *head = rtnl_dereference(tp->root); 658 struct flow_filter *f; 659 660 list_for_each_entry(f, &head->filters, list) { 661 if (arg->count < arg->skip) 662 goto skip; 663 if (arg->fn(tp, (unsigned long)f, arg) < 0) { 664 arg->stop = 1; 665 break; 666 } 667 skip: 668 arg->count++; 669 } 670 } 671 672 static struct tcf_proto_ops cls_flow_ops __read_mostly = { 673 .kind = "flow", 674 .classify = flow_classify, 675 .init = flow_init, 676 .destroy = flow_destroy, 677 .change = flow_change, 678 .delete = flow_delete, 679 .get = flow_get, 680 .dump = flow_dump, 681 .walk = flow_walk, 682 .owner = THIS_MODULE, 683 }; 684 685 static int __init cls_flow_init(void) 686 { 687 return register_tcf_proto_ops(&cls_flow_ops); 688 } 689 690 static void __exit cls_flow_exit(void) 691 { 692 unregister_tcf_proto_ops(&cls_flow_ops); 693 } 694 695 module_init(cls_flow_init); 696 module_exit(cls_flow_exit); 697 698 MODULE_LICENSE("GPL"); 699 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 700 MODULE_DESCRIPTION("TC flow classifier"); 701