2 * net/sched/cls_flow.c Generic flow classifier
4 * Copyright (c) 2007, 2008 Patrick McHardy <kaber@trash.net>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version 2
9 * of the License, or (at your option) any later version.
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/list.h>
15 #include <linux/jhash.h>
16 #include <linux/random.h>
17 #include <linux/pkt_cls.h>
18 #include <linux/skbuff.h>
21 #include <linux/ipv6.h>
23 #include <net/pkt_cls.h>
25 #include <net/route.h>
26 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
27 #include <net/netfilter/nf_conntrack.h>
31 struct list_head filters;
35 struct list_head list;
37 struct tcf_ematch_tree ematches;
51 static u32 flow_hashrnd __read_mostly;
52 static int flow_hashrnd_initted __read_mostly;
54 static const struct tcf_ext_map flow_ext_map = {
55 .action = TCA_FLOW_ACT,
56 .police = TCA_FLOW_POLICE,
59 static inline u32 addr_fold(void *addr)
61 unsigned long a = (unsigned long)addr;
63 return (a & 0xFFFFFFFF) ^ (BITS_PER_LONG > 32 ? a >> 32 : 0);
66 static u32 flow_get_src(const struct sk_buff *skb)
68 switch (skb->protocol) {
69 case __constant_htons(ETH_P_IP):
70 return ntohl(ip_hdr(skb)->saddr);
71 case __constant_htons(ETH_P_IPV6):
72 return ntohl(ipv6_hdr(skb)->saddr.s6_addr32[3]);
74 return addr_fold(skb->sk);
78 static u32 flow_get_dst(const struct sk_buff *skb)
80 switch (skb->protocol) {
81 case __constant_htons(ETH_P_IP):
82 return ntohl(ip_hdr(skb)->daddr);
83 case __constant_htons(ETH_P_IPV6):
84 return ntohl(ipv6_hdr(skb)->daddr.s6_addr32[3]);
86 return addr_fold(skb->dst) ^ (__force u16)skb->protocol;
90 static u32 flow_get_proto(const struct sk_buff *skb)
92 switch (skb->protocol) {
93 case __constant_htons(ETH_P_IP):
94 return ip_hdr(skb)->protocol;
95 case __constant_htons(ETH_P_IPV6):
96 return ipv6_hdr(skb)->nexthdr;
102 static int has_ports(u8 protocol)
107 case IPPROTO_UDPLITE:
117 static u32 flow_get_proto_src(const struct sk_buff *skb)
121 switch (skb->protocol) {
122 case __constant_htons(ETH_P_IP): {
123 struct iphdr *iph = ip_hdr(skb);
125 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
126 has_ports(iph->protocol))
127 res = ntohs(*(__be16 *)((void *)iph + iph->ihl * 4));
130 case __constant_htons(ETH_P_IPV6): {
131 struct ipv6hdr *iph = ipv6_hdr(skb);
133 if (has_ports(iph->nexthdr))
134 res = ntohs(*(__be16 *)&iph[1]);
138 res = addr_fold(skb->sk);
144 static u32 flow_get_proto_dst(const struct sk_buff *skb)
148 switch (skb->protocol) {
149 case __constant_htons(ETH_P_IP): {
150 struct iphdr *iph = ip_hdr(skb);
152 if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) &&
153 has_ports(iph->protocol))
154 res = ntohs(*(__be16 *)((void *)iph + iph->ihl * 4 + 2));
157 case __constant_htons(ETH_P_IPV6): {
158 struct ipv6hdr *iph = ipv6_hdr(skb);
160 if (has_ports(iph->nexthdr))
161 res = ntohs(*(__be16 *)((void *)&iph[1] + 2));
165 res = addr_fold(skb->dst) ^ (__force u16)skb->protocol;
171 static u32 flow_get_iif(const struct sk_buff *skb)
176 static u32 flow_get_priority(const struct sk_buff *skb)
178 return skb->priority;
181 static u32 flow_get_mark(const struct sk_buff *skb)
186 static u32 flow_get_nfct(const struct sk_buff *skb)
188 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
189 return addr_fold(skb->nfct);
195 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
196 #define CTTUPLE(skb, member) \
198 enum ip_conntrack_info ctinfo; \
199 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); \
202 ct->tuplehash[CTINFO2DIR(ctinfo)].tuple.member; \
205 #define CTTUPLE(skb, member) \
212 static u32 flow_get_nfct_src(const struct sk_buff *skb)
214 switch (skb->protocol) {
215 case __constant_htons(ETH_P_IP):
216 return ntohl(CTTUPLE(skb, src.u3.ip));
217 case __constant_htons(ETH_P_IPV6):
218 return ntohl(CTTUPLE(skb, src.u3.ip6[3]));
221 return flow_get_src(skb);
224 static u32 flow_get_nfct_dst(const struct sk_buff *skb)
226 switch (skb->protocol) {
227 case __constant_htons(ETH_P_IP):
228 return ntohl(CTTUPLE(skb, dst.u3.ip));
229 case __constant_htons(ETH_P_IPV6):
230 return ntohl(CTTUPLE(skb, dst.u3.ip6[3]));
233 return flow_get_dst(skb);
236 static u32 flow_get_nfct_proto_src(const struct sk_buff *skb)
238 return ntohs(CTTUPLE(skb, src.u.all));
240 return flow_get_proto_src(skb);
243 static u32 flow_get_nfct_proto_dst(const struct sk_buff *skb)
245 return ntohs(CTTUPLE(skb, dst.u.all));
247 return flow_get_proto_dst(skb);
250 static u32 flow_get_rtclassid(const struct sk_buff *skb)
252 #ifdef CONFIG_NET_CLS_ROUTE
254 return skb->dst->tclassid;
259 static u32 flow_get_skuid(const struct sk_buff *skb)
261 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file)
262 return skb->sk->sk_socket->file->f_uid;
266 static u32 flow_get_skgid(const struct sk_buff *skb)
268 if (skb->sk && skb->sk->sk_socket && skb->sk->sk_socket->file)
269 return skb->sk->sk_socket->file->f_gid;
273 static u32 flow_key_get(const struct sk_buff *skb, int key)
277 return flow_get_src(skb);
279 return flow_get_dst(skb);
281 return flow_get_proto(skb);
282 case FLOW_KEY_PROTO_SRC:
283 return flow_get_proto_src(skb);
284 case FLOW_KEY_PROTO_DST:
285 return flow_get_proto_dst(skb);
287 return flow_get_iif(skb);
288 case FLOW_KEY_PRIORITY:
289 return flow_get_priority(skb);
291 return flow_get_mark(skb);
293 return flow_get_nfct(skb);
294 case FLOW_KEY_NFCT_SRC:
295 return flow_get_nfct_src(skb);
296 case FLOW_KEY_NFCT_DST:
297 return flow_get_nfct_dst(skb);
298 case FLOW_KEY_NFCT_PROTO_SRC:
299 return flow_get_nfct_proto_src(skb);
300 case FLOW_KEY_NFCT_PROTO_DST:
301 return flow_get_nfct_proto_dst(skb);
302 case FLOW_KEY_RTCLASSID:
303 return flow_get_rtclassid(skb);
305 return flow_get_skuid(skb);
307 return flow_get_skgid(skb);
314 static int flow_classify(struct sk_buff *skb, struct tcf_proto *tp,
315 struct tcf_result *res)
317 struct flow_head *head = tp->root;
318 struct flow_filter *f;
324 list_for_each_entry(f, &head->filters, list) {
327 if (!tcf_em_tree_match(skb, &f->ematches, NULL))
330 keymask = f->keymask;
332 for (n = 0; n < f->nkeys; n++) {
333 key = ffs(keymask) - 1;
334 keymask &= ~(1 << key);
335 keys[n] = flow_key_get(skb, key);
338 if (f->mode == FLOW_MODE_HASH)
339 classid = jhash2(keys, f->nkeys, flow_hashrnd);
342 classid = (classid & f->mask) ^ f->xor;
343 classid = (classid >> f->rshift) + f->addend;
347 classid %= f->divisor;
350 res->classid = TC_H_MAKE(f->baseclass, f->baseclass + classid);
352 r = tcf_exts_exec(skb, &f->exts, res);
360 static const struct nla_policy flow_policy[TCA_FLOW_MAX + 1] = {
361 [TCA_FLOW_KEYS] = { .type = NLA_U32 },
362 [TCA_FLOW_MODE] = { .type = NLA_U32 },
363 [TCA_FLOW_BASECLASS] = { .type = NLA_U32 },
364 [TCA_FLOW_RSHIFT] = { .type = NLA_U32 },
365 [TCA_FLOW_ADDEND] = { .type = NLA_U32 },
366 [TCA_FLOW_MASK] = { .type = NLA_U32 },
367 [TCA_FLOW_XOR] = { .type = NLA_U32 },
368 [TCA_FLOW_DIVISOR] = { .type = NLA_U32 },
369 [TCA_FLOW_ACT] = { .type = NLA_NESTED },
370 [TCA_FLOW_POLICE] = { .type = NLA_NESTED },
371 [TCA_FLOW_EMATCHES] = { .type = NLA_NESTED },
374 static int flow_change(struct tcf_proto *tp, unsigned long base,
375 u32 handle, struct nlattr **tca,
378 struct flow_head *head = tp->root;
379 struct flow_filter *f;
380 struct nlattr *opt = tca[TCA_OPTIONS];
381 struct nlattr *tb[TCA_FLOW_MAX + 1];
383 struct tcf_ematch_tree t;
384 unsigned int nkeys = 0;
393 err = nla_parse_nested(tb, TCA_FLOW_MAX, opt, flow_policy);
397 if (tb[TCA_FLOW_BASECLASS]) {
398 baseclass = nla_get_u32(tb[TCA_FLOW_BASECLASS]);
399 if (TC_H_MIN(baseclass) == 0)
403 if (tb[TCA_FLOW_KEYS]) {
404 keymask = nla_get_u32(tb[TCA_FLOW_KEYS]);
406 nkeys = hweight32(keymask);
410 if (fls(keymask) - 1 > FLOW_KEY_MAX)
414 err = tcf_exts_validate(tp, tb, tca[TCA_RATE], &e, &flow_ext_map);
418 err = tcf_em_tree_validate(tp, tb[TCA_FLOW_EMATCHES], &t);
422 f = (struct flow_filter *)*arg;
425 if (f->handle != handle && handle)
429 if (tb[TCA_FLOW_MODE])
430 mode = nla_get_u32(tb[TCA_FLOW_MODE]);
431 if (mode != FLOW_MODE_HASH && nkeys > 1)
437 if (!tb[TCA_FLOW_KEYS])
440 mode = FLOW_MODE_MAP;
441 if (tb[TCA_FLOW_MODE])
442 mode = nla_get_u32(tb[TCA_FLOW_MODE]);
443 if (mode != FLOW_MODE_HASH && nkeys > 1)
446 if (TC_H_MAJ(baseclass) == 0)
447 baseclass = TC_H_MAKE(tp->q->handle, baseclass);
448 if (TC_H_MIN(baseclass) == 0)
449 baseclass = TC_H_MAKE(baseclass, 1);
452 f = kzalloc(sizeof(*f), GFP_KERNEL);
460 tcf_exts_change(tp, &f->exts, &e);
461 tcf_em_tree_change(tp, &f->ematches, &t);
465 if (tb[TCA_FLOW_KEYS]) {
466 f->keymask = keymask;
472 if (tb[TCA_FLOW_MASK])
473 f->mask = nla_get_u32(tb[TCA_FLOW_MASK]);
474 if (tb[TCA_FLOW_XOR])
475 f->xor = nla_get_u32(tb[TCA_FLOW_XOR]);
476 if (tb[TCA_FLOW_RSHIFT])
477 f->rshift = nla_get_u32(tb[TCA_FLOW_RSHIFT]);
478 if (tb[TCA_FLOW_ADDEND])
479 f->addend = nla_get_u32(tb[TCA_FLOW_ADDEND]);
481 if (tb[TCA_FLOW_DIVISOR])
482 f->divisor = nla_get_u32(tb[TCA_FLOW_DIVISOR]);
484 f->baseclass = baseclass;
487 list_add_tail(&f->list, &head->filters);
491 *arg = (unsigned long)f;
495 tcf_em_tree_destroy(tp, &t);
497 tcf_exts_destroy(tp, &e);
501 static void flow_destroy_filter(struct tcf_proto *tp, struct flow_filter *f)
503 tcf_exts_destroy(tp, &f->exts);
504 tcf_em_tree_destroy(tp, &f->ematches);
508 static int flow_delete(struct tcf_proto *tp, unsigned long arg)
510 struct flow_filter *f = (struct flow_filter *)arg;
515 flow_destroy_filter(tp, f);
519 static int flow_init(struct tcf_proto *tp)
521 struct flow_head *head;
523 if (!flow_hashrnd_initted) {
524 get_random_bytes(&flow_hashrnd, 4);
525 flow_hashrnd_initted = 1;
528 head = kzalloc(sizeof(*head), GFP_KERNEL);
531 INIT_LIST_HEAD(&head->filters);
536 static void flow_destroy(struct tcf_proto *tp)
538 struct flow_head *head = tp->root;
539 struct flow_filter *f, *next;
541 list_for_each_entry_safe(f, next, &head->filters, list) {
543 flow_destroy_filter(tp, f);
548 static unsigned long flow_get(struct tcf_proto *tp, u32 handle)
550 struct flow_head *head = tp->root;
551 struct flow_filter *f;
553 list_for_each_entry(f, &head->filters, list)
554 if (f->handle == handle)
555 return (unsigned long)f;
559 static void flow_put(struct tcf_proto *tp, unsigned long f)
564 static int flow_dump(struct tcf_proto *tp, unsigned long fh,
565 struct sk_buff *skb, struct tcmsg *t)
567 struct flow_filter *f = (struct flow_filter *)fh;
573 t->tcm_handle = f->handle;
575 nest = nla_nest_start(skb, TCA_OPTIONS);
577 goto nla_put_failure;
579 NLA_PUT_U32(skb, TCA_FLOW_KEYS, f->keymask);
580 NLA_PUT_U32(skb, TCA_FLOW_MODE, f->mode);
582 if (f->mask != ~0 || f->xor != 0) {
583 NLA_PUT_U32(skb, TCA_FLOW_MASK, f->mask);
584 NLA_PUT_U32(skb, TCA_FLOW_XOR, f->xor);
587 NLA_PUT_U32(skb, TCA_FLOW_RSHIFT, f->rshift);
589 NLA_PUT_U32(skb, TCA_FLOW_ADDEND, f->addend);
592 NLA_PUT_U32(skb, TCA_FLOW_DIVISOR, f->divisor);
594 NLA_PUT_U32(skb, TCA_FLOW_BASECLASS, f->baseclass);
596 if (tcf_exts_dump(skb, &f->exts, &flow_ext_map) < 0)
597 goto nla_put_failure;
598 #ifdef CONFIG_NET_EMATCH
599 if (f->ematches.hdr.nmatches &&
600 tcf_em_tree_dump(skb, &f->ematches, TCA_FLOW_EMATCHES) < 0)
601 goto nla_put_failure;
603 nla_nest_end(skb, nest);
605 if (tcf_exts_dump_stats(skb, &f->exts, &flow_ext_map) < 0)
606 goto nla_put_failure;
611 nlmsg_trim(skb, nest);
615 static void flow_walk(struct tcf_proto *tp, struct tcf_walker *arg)
617 struct flow_head *head = tp->root;
618 struct flow_filter *f;
620 list_for_each_entry(f, &head->filters, list) {
621 if (arg->count < arg->skip)
623 if (arg->fn(tp, (unsigned long)f, arg) < 0) {
632 static struct tcf_proto_ops cls_flow_ops __read_mostly = {
634 .classify = flow_classify,
636 .destroy = flow_destroy,
637 .change = flow_change,
638 .delete = flow_delete,
643 .owner = THIS_MODULE,
646 static int __init cls_flow_init(void)
648 return register_tcf_proto_ops(&cls_flow_ops);
651 static void __exit cls_flow_exit(void)
653 unregister_tcf_proto_ops(&cls_flow_ops);
656 module_init(cls_flow_init);
657 module_exit(cls_flow_exit);
659 MODULE_LICENSE("GPL");
660 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
661 MODULE_DESCRIPTION("TC flow classifier");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob