1 /* SPDX-License-Identifier: GPL-2.0 */
2 #include <linux/kernel.h>
3 #include <linux/slab.h>
4 #include <net/flow_offload.h>
5 #include <linux/rtnetlink.h>
6 #include <linux/mutex.h>
7
flow_rule_alloc(unsigned int num_actions)8 struct flow_rule *flow_rule_alloc(unsigned int num_actions)
9 {
10 struct flow_rule *rule;
11
12 rule = kzalloc(struct_size(rule, action.entries, num_actions),
13 GFP_KERNEL);
14 if (!rule)
15 return NULL;
16
17 rule->action.num_entries = num_actions;
18
19 return rule;
20 }
21 EXPORT_SYMBOL(flow_rule_alloc);
22
23 #define FLOW_DISSECTOR_MATCH(__rule, __type, __out) \
24 const struct flow_match *__m = &(__rule)->match; \
25 struct flow_dissector *__d = (__m)->dissector; \
26 \
27 (__out)->key = skb_flow_dissector_target(__d, __type, (__m)->key); \
28 (__out)->mask = skb_flow_dissector_target(__d, __type, (__m)->mask); \
29
flow_rule_match_meta(const struct flow_rule * rule,struct flow_match_meta * out)30 void flow_rule_match_meta(const struct flow_rule *rule,
31 struct flow_match_meta *out)
32 {
33 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_META, out);
34 }
35 EXPORT_SYMBOL(flow_rule_match_meta);
36
flow_rule_match_basic(const struct flow_rule * rule,struct flow_match_basic * out)37 void flow_rule_match_basic(const struct flow_rule *rule,
38 struct flow_match_basic *out)
39 {
40 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_BASIC, out);
41 }
42 EXPORT_SYMBOL(flow_rule_match_basic);
43
flow_rule_match_control(const struct flow_rule * rule,struct flow_match_control * out)44 void flow_rule_match_control(const struct flow_rule *rule,
45 struct flow_match_control *out)
46 {
47 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CONTROL, out);
48 }
49 EXPORT_SYMBOL(flow_rule_match_control);
50
flow_rule_match_eth_addrs(const struct flow_rule * rule,struct flow_match_eth_addrs * out)51 void flow_rule_match_eth_addrs(const struct flow_rule *rule,
52 struct flow_match_eth_addrs *out)
53 {
54 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS, out);
55 }
56 EXPORT_SYMBOL(flow_rule_match_eth_addrs);
57
flow_rule_match_vlan(const struct flow_rule * rule,struct flow_match_vlan * out)58 void flow_rule_match_vlan(const struct flow_rule *rule,
59 struct flow_match_vlan *out)
60 {
61 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_VLAN, out);
62 }
63 EXPORT_SYMBOL(flow_rule_match_vlan);
64
flow_rule_match_cvlan(const struct flow_rule * rule,struct flow_match_vlan * out)65 void flow_rule_match_cvlan(const struct flow_rule *rule,
66 struct flow_match_vlan *out)
67 {
68 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CVLAN, out);
69 }
70 EXPORT_SYMBOL(flow_rule_match_cvlan);
71
flow_rule_match_ipv4_addrs(const struct flow_rule * rule,struct flow_match_ipv4_addrs * out)72 void flow_rule_match_ipv4_addrs(const struct flow_rule *rule,
73 struct flow_match_ipv4_addrs *out)
74 {
75 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS, out);
76 }
77 EXPORT_SYMBOL(flow_rule_match_ipv4_addrs);
78
flow_rule_match_ipv6_addrs(const struct flow_rule * rule,struct flow_match_ipv6_addrs * out)79 void flow_rule_match_ipv6_addrs(const struct flow_rule *rule,
80 struct flow_match_ipv6_addrs *out)
81 {
82 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS, out);
83 }
84 EXPORT_SYMBOL(flow_rule_match_ipv6_addrs);
85
flow_rule_match_ip(const struct flow_rule * rule,struct flow_match_ip * out)86 void flow_rule_match_ip(const struct flow_rule *rule,
87 struct flow_match_ip *out)
88 {
89 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IP, out);
90 }
91 EXPORT_SYMBOL(flow_rule_match_ip);
92
flow_rule_match_ports(const struct flow_rule * rule,struct flow_match_ports * out)93 void flow_rule_match_ports(const struct flow_rule *rule,
94 struct flow_match_ports *out)
95 {
96 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_PORTS, out);
97 }
98 EXPORT_SYMBOL(flow_rule_match_ports);
99
flow_rule_match_tcp(const struct flow_rule * rule,struct flow_match_tcp * out)100 void flow_rule_match_tcp(const struct flow_rule *rule,
101 struct flow_match_tcp *out)
102 {
103 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_TCP, out);
104 }
105 EXPORT_SYMBOL(flow_rule_match_tcp);
106
flow_rule_match_icmp(const struct flow_rule * rule,struct flow_match_icmp * out)107 void flow_rule_match_icmp(const struct flow_rule *rule,
108 struct flow_match_icmp *out)
109 {
110 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ICMP, out);
111 }
112 EXPORT_SYMBOL(flow_rule_match_icmp);
113
flow_rule_match_mpls(const struct flow_rule * rule,struct flow_match_mpls * out)114 void flow_rule_match_mpls(const struct flow_rule *rule,
115 struct flow_match_mpls *out)
116 {
117 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_MPLS, out);
118 }
119 EXPORT_SYMBOL(flow_rule_match_mpls);
120
flow_rule_match_enc_control(const struct flow_rule * rule,struct flow_match_control * out)121 void flow_rule_match_enc_control(const struct flow_rule *rule,
122 struct flow_match_control *out)
123 {
124 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL, out);
125 }
126 EXPORT_SYMBOL(flow_rule_match_enc_control);
127
flow_rule_match_enc_ipv4_addrs(const struct flow_rule * rule,struct flow_match_ipv4_addrs * out)128 void flow_rule_match_enc_ipv4_addrs(const struct flow_rule *rule,
129 struct flow_match_ipv4_addrs *out)
130 {
131 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, out);
132 }
133 EXPORT_SYMBOL(flow_rule_match_enc_ipv4_addrs);
134
flow_rule_match_enc_ipv6_addrs(const struct flow_rule * rule,struct flow_match_ipv6_addrs * out)135 void flow_rule_match_enc_ipv6_addrs(const struct flow_rule *rule,
136 struct flow_match_ipv6_addrs *out)
137 {
138 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, out);
139 }
140 EXPORT_SYMBOL(flow_rule_match_enc_ipv6_addrs);
141
flow_rule_match_enc_ip(const struct flow_rule * rule,struct flow_match_ip * out)142 void flow_rule_match_enc_ip(const struct flow_rule *rule,
143 struct flow_match_ip *out)
144 {
145 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IP, out);
146 }
147 EXPORT_SYMBOL(flow_rule_match_enc_ip);
148
flow_rule_match_enc_ports(const struct flow_rule * rule,struct flow_match_ports * out)149 void flow_rule_match_enc_ports(const struct flow_rule *rule,
150 struct flow_match_ports *out)
151 {
152 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_PORTS, out);
153 }
154 EXPORT_SYMBOL(flow_rule_match_enc_ports);
155
flow_rule_match_enc_keyid(const struct flow_rule * rule,struct flow_match_enc_keyid * out)156 void flow_rule_match_enc_keyid(const struct flow_rule *rule,
157 struct flow_match_enc_keyid *out)
158 {
159 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_KEYID, out);
160 }
161 EXPORT_SYMBOL(flow_rule_match_enc_keyid);
162
flow_rule_match_enc_opts(const struct flow_rule * rule,struct flow_match_enc_opts * out)163 void flow_rule_match_enc_opts(const struct flow_rule *rule,
164 struct flow_match_enc_opts *out)
165 {
166 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_OPTS, out);
167 }
168 EXPORT_SYMBOL(flow_rule_match_enc_opts);
169
flow_block_cb_alloc(flow_setup_cb_t * cb,void * cb_ident,void * cb_priv,void (* release)(void * cb_priv))170 struct flow_block_cb *flow_block_cb_alloc(flow_setup_cb_t *cb,
171 void *cb_ident, void *cb_priv,
172 void (*release)(void *cb_priv))
173 {
174 struct flow_block_cb *block_cb;
175
176 block_cb = kzalloc(sizeof(*block_cb), GFP_KERNEL);
177 if (!block_cb)
178 return ERR_PTR(-ENOMEM);
179
180 block_cb->cb = cb;
181 block_cb->cb_ident = cb_ident;
182 block_cb->cb_priv = cb_priv;
183 block_cb->release = release;
184
185 return block_cb;
186 }
187 EXPORT_SYMBOL(flow_block_cb_alloc);
188
flow_block_cb_free(struct flow_block_cb * block_cb)189 void flow_block_cb_free(struct flow_block_cb *block_cb)
190 {
191 if (block_cb->release)
192 block_cb->release(block_cb->cb_priv);
193
194 kfree(block_cb);
195 }
196 EXPORT_SYMBOL(flow_block_cb_free);
197
flow_block_cb_lookup(struct flow_block * block,flow_setup_cb_t * cb,void * cb_ident)198 struct flow_block_cb *flow_block_cb_lookup(struct flow_block *block,
199 flow_setup_cb_t *cb, void *cb_ident)
200 {
201 struct flow_block_cb *block_cb;
202
203 list_for_each_entry(block_cb, &block->cb_list, list) {
204 if (block_cb->cb == cb &&
205 block_cb->cb_ident == cb_ident)
206 return block_cb;
207 }
208
209 return NULL;
210 }
211 EXPORT_SYMBOL(flow_block_cb_lookup);
212
flow_block_cb_priv(struct flow_block_cb * block_cb)213 void *flow_block_cb_priv(struct flow_block_cb *block_cb)
214 {
215 return block_cb->cb_priv;
216 }
217 EXPORT_SYMBOL(flow_block_cb_priv);
218
flow_block_cb_incref(struct flow_block_cb * block_cb)219 void flow_block_cb_incref(struct flow_block_cb *block_cb)
220 {
221 block_cb->refcnt++;
222 }
223 EXPORT_SYMBOL(flow_block_cb_incref);
224
flow_block_cb_decref(struct flow_block_cb * block_cb)225 unsigned int flow_block_cb_decref(struct flow_block_cb *block_cb)
226 {
227 return --block_cb->refcnt;
228 }
229 EXPORT_SYMBOL(flow_block_cb_decref);
230
flow_block_cb_is_busy(flow_setup_cb_t * cb,void * cb_ident,struct list_head * driver_block_list)231 bool flow_block_cb_is_busy(flow_setup_cb_t *cb, void *cb_ident,
232 struct list_head *driver_block_list)
233 {
234 struct flow_block_cb *block_cb;
235
236 list_for_each_entry(block_cb, driver_block_list, driver_list) {
237 if (block_cb->cb == cb &&
238 block_cb->cb_ident == cb_ident)
239 return true;
240 }
241
242 return false;
243 }
244 EXPORT_SYMBOL(flow_block_cb_is_busy);
245
flow_block_cb_setup_simple(struct flow_block_offload * f,struct list_head * driver_block_list,flow_setup_cb_t * cb,void * cb_ident,void * cb_priv,bool ingress_only)246 int flow_block_cb_setup_simple(struct flow_block_offload *f,
247 struct list_head *driver_block_list,
248 flow_setup_cb_t *cb,
249 void *cb_ident, void *cb_priv,
250 bool ingress_only)
251 {
252 struct flow_block_cb *block_cb;
253
254 if (ingress_only &&
255 f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS)
256 return -EOPNOTSUPP;
257
258 f->driver_block_list = driver_block_list;
259
260 switch (f->command) {
261 case FLOW_BLOCK_BIND:
262 if (flow_block_cb_is_busy(cb, cb_ident, driver_block_list))
263 return -EBUSY;
264
265 block_cb = flow_block_cb_alloc(cb, cb_ident, cb_priv, NULL);
266 if (IS_ERR(block_cb))
267 return PTR_ERR(block_cb);
268
269 flow_block_cb_add(block_cb, f);
270 list_add_tail(&block_cb->driver_list, driver_block_list);
271 return 0;
272 case FLOW_BLOCK_UNBIND:
273 block_cb = flow_block_cb_lookup(f->block, cb, cb_ident);
274 if (!block_cb)
275 return -ENOENT;
276
277 flow_block_cb_remove(block_cb, f);
278 list_del(&block_cb->driver_list);
279 return 0;
280 default:
281 return -EOPNOTSUPP;
282 }
283 }
284 EXPORT_SYMBOL(flow_block_cb_setup_simple);
285
286 static LIST_HEAD(block_cb_list);
287
288 static struct rhashtable indr_setup_block_ht;
289
290 struct flow_indr_block_cb {
291 struct list_head list;
292 void *cb_priv;
293 flow_indr_block_bind_cb_t *cb;
294 void *cb_ident;
295 };
296
297 struct flow_indr_block_dev {
298 struct rhash_head ht_node;
299 struct net_device *dev;
300 unsigned int refcnt;
301 struct list_head cb_list;
302 };
303
304 static const struct rhashtable_params flow_indr_setup_block_ht_params = {
305 .key_offset = offsetof(struct flow_indr_block_dev, dev),
306 .head_offset = offsetof(struct flow_indr_block_dev, ht_node),
307 .key_len = sizeof(struct net_device *),
308 };
309
310 static struct flow_indr_block_dev *
flow_indr_block_dev_lookup(struct net_device * dev)311 flow_indr_block_dev_lookup(struct net_device *dev)
312 {
313 return rhashtable_lookup_fast(&indr_setup_block_ht, &dev,
314 flow_indr_setup_block_ht_params);
315 }
316
317 static struct flow_indr_block_dev *
flow_indr_block_dev_get(struct net_device * dev)318 flow_indr_block_dev_get(struct net_device *dev)
319 {
320 struct flow_indr_block_dev *indr_dev;
321
322 indr_dev = flow_indr_block_dev_lookup(dev);
323 if (indr_dev)
324 goto inc_ref;
325
326 indr_dev = kzalloc(sizeof(*indr_dev), GFP_KERNEL);
327 if (!indr_dev)
328 return NULL;
329
330 INIT_LIST_HEAD(&indr_dev->cb_list);
331 indr_dev->dev = dev;
332 if (rhashtable_insert_fast(&indr_setup_block_ht, &indr_dev->ht_node,
333 flow_indr_setup_block_ht_params)) {
334 kfree(indr_dev);
335 return NULL;
336 }
337
338 inc_ref:
339 indr_dev->refcnt++;
340 return indr_dev;
341 }
342
flow_indr_block_dev_put(struct flow_indr_block_dev * indr_dev)343 static void flow_indr_block_dev_put(struct flow_indr_block_dev *indr_dev)
344 {
345 if (--indr_dev->refcnt)
346 return;
347
348 rhashtable_remove_fast(&indr_setup_block_ht, &indr_dev->ht_node,
349 flow_indr_setup_block_ht_params);
350 kfree(indr_dev);
351 }
352
353 static struct flow_indr_block_cb *
flow_indr_block_cb_lookup(struct flow_indr_block_dev * indr_dev,flow_indr_block_bind_cb_t * cb,void * cb_ident)354 flow_indr_block_cb_lookup(struct flow_indr_block_dev *indr_dev,
355 flow_indr_block_bind_cb_t *cb, void *cb_ident)
356 {
357 struct flow_indr_block_cb *indr_block_cb;
358
359 list_for_each_entry(indr_block_cb, &indr_dev->cb_list, list)
360 if (indr_block_cb->cb == cb &&
361 indr_block_cb->cb_ident == cb_ident)
362 return indr_block_cb;
363 return NULL;
364 }
365
366 static struct flow_indr_block_cb *
flow_indr_block_cb_add(struct flow_indr_block_dev * indr_dev,void * cb_priv,flow_indr_block_bind_cb_t * cb,void * cb_ident)367 flow_indr_block_cb_add(struct flow_indr_block_dev *indr_dev, void *cb_priv,
368 flow_indr_block_bind_cb_t *cb, void *cb_ident)
369 {
370 struct flow_indr_block_cb *indr_block_cb;
371
372 indr_block_cb = flow_indr_block_cb_lookup(indr_dev, cb, cb_ident);
373 if (indr_block_cb)
374 return ERR_PTR(-EEXIST);
375
376 indr_block_cb = kzalloc(sizeof(*indr_block_cb), GFP_KERNEL);
377 if (!indr_block_cb)
378 return ERR_PTR(-ENOMEM);
379
380 indr_block_cb->cb_priv = cb_priv;
381 indr_block_cb->cb = cb;
382 indr_block_cb->cb_ident = cb_ident;
383 list_add(&indr_block_cb->list, &indr_dev->cb_list);
384
385 return indr_block_cb;
386 }
387
flow_indr_block_cb_del(struct flow_indr_block_cb * indr_block_cb)388 static void flow_indr_block_cb_del(struct flow_indr_block_cb *indr_block_cb)
389 {
390 list_del(&indr_block_cb->list);
391 kfree(indr_block_cb);
392 }
393
394 static DEFINE_MUTEX(flow_indr_block_cb_lock);
395
flow_block_cmd(struct net_device * dev,flow_indr_block_bind_cb_t * cb,void * cb_priv,enum flow_block_command command)396 static void flow_block_cmd(struct net_device *dev,
397 flow_indr_block_bind_cb_t *cb, void *cb_priv,
398 enum flow_block_command command)
399 {
400 struct flow_indr_block_entry *entry;
401
402 mutex_lock(&flow_indr_block_cb_lock);
403 list_for_each_entry(entry, &block_cb_list, list) {
404 entry->cb(dev, cb, cb_priv, command);
405 }
406 mutex_unlock(&flow_indr_block_cb_lock);
407 }
408
__flow_indr_block_cb_register(struct net_device * dev,void * cb_priv,flow_indr_block_bind_cb_t * cb,void * cb_ident)409 int __flow_indr_block_cb_register(struct net_device *dev, void *cb_priv,
410 flow_indr_block_bind_cb_t *cb,
411 void *cb_ident)
412 {
413 struct flow_indr_block_cb *indr_block_cb;
414 struct flow_indr_block_dev *indr_dev;
415 int err;
416
417 indr_dev = flow_indr_block_dev_get(dev);
418 if (!indr_dev)
419 return -ENOMEM;
420
421 indr_block_cb = flow_indr_block_cb_add(indr_dev, cb_priv, cb, cb_ident);
422 err = PTR_ERR_OR_ZERO(indr_block_cb);
423 if (err)
424 goto err_dev_put;
425
426 flow_block_cmd(dev, indr_block_cb->cb, indr_block_cb->cb_priv,
427 FLOW_BLOCK_BIND);
428
429 return 0;
430
431 err_dev_put:
432 flow_indr_block_dev_put(indr_dev);
433 return err;
434 }
435 EXPORT_SYMBOL_GPL(__flow_indr_block_cb_register);
436
flow_indr_block_cb_register(struct net_device * dev,void * cb_priv,flow_indr_block_bind_cb_t * cb,void * cb_ident)437 int flow_indr_block_cb_register(struct net_device *dev, void *cb_priv,
438 flow_indr_block_bind_cb_t *cb,
439 void *cb_ident)
440 {
441 int err;
442
443 rtnl_lock();
444 err = __flow_indr_block_cb_register(dev, cb_priv, cb, cb_ident);
445 rtnl_unlock();
446
447 return err;
448 }
449 EXPORT_SYMBOL_GPL(flow_indr_block_cb_register);
450
__flow_indr_block_cb_unregister(struct net_device * dev,flow_indr_block_bind_cb_t * cb,void * cb_ident)451 void __flow_indr_block_cb_unregister(struct net_device *dev,
452 flow_indr_block_bind_cb_t *cb,
453 void *cb_ident)
454 {
455 struct flow_indr_block_cb *indr_block_cb;
456 struct flow_indr_block_dev *indr_dev;
457
458 indr_dev = flow_indr_block_dev_lookup(dev);
459 if (!indr_dev)
460 return;
461
462 indr_block_cb = flow_indr_block_cb_lookup(indr_dev, cb, cb_ident);
463 if (!indr_block_cb)
464 return;
465
466 flow_block_cmd(dev, indr_block_cb->cb, indr_block_cb->cb_priv,
467 FLOW_BLOCK_UNBIND);
468
469 flow_indr_block_cb_del(indr_block_cb);
470 flow_indr_block_dev_put(indr_dev);
471 }
472 EXPORT_SYMBOL_GPL(__flow_indr_block_cb_unregister);
473
flow_indr_block_cb_unregister(struct net_device * dev,flow_indr_block_bind_cb_t * cb,void * cb_ident)474 void flow_indr_block_cb_unregister(struct net_device *dev,
475 flow_indr_block_bind_cb_t *cb,
476 void *cb_ident)
477 {
478 rtnl_lock();
479 __flow_indr_block_cb_unregister(dev, cb, cb_ident);
480 rtnl_unlock();
481 }
482 EXPORT_SYMBOL_GPL(flow_indr_block_cb_unregister);
483
flow_indr_block_call(struct net_device * dev,struct flow_block_offload * bo,enum flow_block_command command)484 void flow_indr_block_call(struct net_device *dev,
485 struct flow_block_offload *bo,
486 enum flow_block_command command)
487 {
488 struct flow_indr_block_cb *indr_block_cb;
489 struct flow_indr_block_dev *indr_dev;
490
491 indr_dev = flow_indr_block_dev_lookup(dev);
492 if (!indr_dev)
493 return;
494
495 list_for_each_entry(indr_block_cb, &indr_dev->cb_list, list)
496 indr_block_cb->cb(dev, indr_block_cb->cb_priv, TC_SETUP_BLOCK,
497 bo);
498 }
499 EXPORT_SYMBOL_GPL(flow_indr_block_call);
500
flow_indr_add_block_cb(struct flow_indr_block_entry * entry)501 void flow_indr_add_block_cb(struct flow_indr_block_entry *entry)
502 {
503 mutex_lock(&flow_indr_block_cb_lock);
504 list_add_tail(&entry->list, &block_cb_list);
505 mutex_unlock(&flow_indr_block_cb_lock);
506 }
507 EXPORT_SYMBOL_GPL(flow_indr_add_block_cb);
508
flow_indr_del_block_cb(struct flow_indr_block_entry * entry)509 void flow_indr_del_block_cb(struct flow_indr_block_entry *entry)
510 {
511 mutex_lock(&flow_indr_block_cb_lock);
512 list_del(&entry->list);
513 mutex_unlock(&flow_indr_block_cb_lock);
514 }
515 EXPORT_SYMBOL_GPL(flow_indr_del_block_cb);
516
init_flow_indr_rhashtable(void)517 static int __init init_flow_indr_rhashtable(void)
518 {
519 return rhashtable_init(&indr_setup_block_ht,
520 &flow_indr_setup_block_ht_params);
521 }
522 subsys_initcall(init_flow_indr_rhashtable);
523