1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * net/sched/act_api.c Packet action API.
5 * Author: Jamal Hadi Salim
8 #include <linux/types.h>
9 #include <linux/kernel.h>
10 #include <linux/string.h>
11 #include <linux/errno.h>
12 #include <linux/slab.h>
13 #include <linux/skbuff.h>
14 #include <linux/init.h>
15 #include <linux/kmod.h>
16 #include <linux/err.h>
17 #include <linux/module.h>
18 #include <net/net_namespace.h>
20 #include <net/sch_generic.h>
21 #include <net/pkt_cls.h>
22 #include <net/act_api.h>
23 #include <net/netlink.h>
26 DEFINE_STATIC_KEY_FALSE(tcf_frag_xmit_count);
27 EXPORT_SYMBOL_GPL(tcf_frag_xmit_count);
30 int tcf_dev_queue_xmit(struct sk_buff *skb, int (*xmit)(struct sk_buff *skb))
33 if (static_branch_unlikely(&tcf_frag_xmit_count))
34 return sch_frag_xmit_hook(skb, xmit);
39 EXPORT_SYMBOL_GPL(tcf_dev_queue_xmit);
41 static void tcf_action_goto_chain_exec(const struct tc_action *a,
42 struct tcf_result *res)
44 const struct tcf_chain *chain = rcu_dereference_bh(a->goto_chain);
46 res->goto_tp = rcu_dereference_bh(chain->filter_chain);
49 static void tcf_free_cookie_rcu(struct rcu_head *p)
51 struct tc_cookie *cookie = container_of(p, struct tc_cookie, rcu);
57 static void tcf_set_action_cookie(struct tc_cookie __rcu **old_cookie,
58 struct tc_cookie *new_cookie)
60 struct tc_cookie *old;
62 old = xchg((__force struct tc_cookie **)old_cookie, new_cookie);
64 call_rcu(&old->rcu, tcf_free_cookie_rcu);
67 int tcf_action_check_ctrlact(int action, struct tcf_proto *tp,
68 struct tcf_chain **newchain,
69 struct netlink_ext_ack *extack)
71 int opcode = TC_ACT_EXT_OPCODE(action), ret = -EINVAL;
75 ret = action > TC_ACT_VALUE_MAX ? -EINVAL : 0;
76 else if (opcode <= TC_ACT_EXT_OPCODE_MAX || action == TC_ACT_UNSPEC)
79 NL_SET_ERR_MSG(extack, "invalid control action");
83 if (TC_ACT_EXT_CMP(action, TC_ACT_GOTO_CHAIN)) {
84 chain_index = action & TC_ACT_EXT_VAL_MASK;
85 if (!tp || !newchain) {
87 NL_SET_ERR_MSG(extack,
88 "can't goto NULL proto/chain");
91 *newchain = tcf_chain_get_by_act(tp->chain->block, chain_index);
94 NL_SET_ERR_MSG(extack,
95 "can't allocate goto_chain");
101 EXPORT_SYMBOL(tcf_action_check_ctrlact);
103 struct tcf_chain *tcf_action_set_ctrlact(struct tc_action *a, int action,
104 struct tcf_chain *goto_chain)
106 a->tcfa_action = action;
107 goto_chain = rcu_replace_pointer(a->goto_chain, goto_chain, 1);
110 EXPORT_SYMBOL(tcf_action_set_ctrlact);
112 /* XXX: For standalone actions, we don't need a RCU grace period either, because
113 * actions are always connected to filters and filters are already destroyed in
114 * RCU callbacks, so after a RCU grace period actions are already disconnected
115 * from filters. Readers later can not find us.
117 static void free_tcf(struct tc_action *p)
119 struct tcf_chain *chain = rcu_dereference_protected(p->goto_chain, 1);
121 free_percpu(p->cpu_bstats);
122 free_percpu(p->cpu_bstats_hw);
123 free_percpu(p->cpu_qstats);
125 tcf_set_action_cookie(&p->act_cookie, NULL);
127 tcf_chain_put_by_act(chain);
132 static void tcf_action_cleanup(struct tc_action *p)
137 gen_kill_estimator(&p->tcfa_rate_est);
141 static int __tcf_action_put(struct tc_action *p, bool bind)
143 struct tcf_idrinfo *idrinfo = p->idrinfo;
145 if (refcount_dec_and_mutex_lock(&p->tcfa_refcnt, &idrinfo->lock)) {
147 atomic_dec(&p->tcfa_bindcnt);
148 idr_remove(&idrinfo->action_idr, p->tcfa_index);
149 mutex_unlock(&idrinfo->lock);
151 tcf_action_cleanup(p);
156 atomic_dec(&p->tcfa_bindcnt);
161 static int __tcf_idr_release(struct tc_action *p, bool bind, bool strict)
165 /* Release with strict==1 and bind==0 is only called through act API
166 * interface (classifiers always bind). Only case when action with
167 * positive reference count and zero bind count can exist is when it was
168 * also created with act API (unbinding last classifier will destroy the
169 * action if it was created by classifier). So only case when bind count
170 * can be changed after initial check is when unbound action is
171 * destroyed by act API while classifier binds to action with same id
172 * concurrently. This result either creation of new action(same behavior
173 * as before), or reusing existing action if concurrent process
174 * increments reference count before action is deleted. Both scenarios
178 if (!bind && strict && atomic_read(&p->tcfa_bindcnt) > 0)
181 if (__tcf_action_put(p, bind))
188 int tcf_idr_release(struct tc_action *a, bool bind)
190 const struct tc_action_ops *ops = a->ops;
193 ret = __tcf_idr_release(a, bind, false);
194 if (ret == ACT_P_DELETED)
195 module_put(ops->owner);
198 EXPORT_SYMBOL(tcf_idr_release);
200 static size_t tcf_action_shared_attrs_size(const struct tc_action *act)
202 struct tc_cookie *act_cookie;
206 act_cookie = rcu_dereference(act->act_cookie);
209 cookie_len = nla_total_size(act_cookie->len);
212 return nla_total_size(0) /* action number nested */
213 + nla_total_size(IFNAMSIZ) /* TCA_ACT_KIND */
214 + cookie_len /* TCA_ACT_COOKIE */
215 + nla_total_size(sizeof(struct nla_bitfield32)) /* TCA_ACT_HW_STATS */
216 + nla_total_size(0) /* TCA_ACT_STATS nested */
217 + nla_total_size(sizeof(struct nla_bitfield32)) /* TCA_ACT_FLAGS */
218 /* TCA_STATS_BASIC */
219 + nla_total_size_64bit(sizeof(struct gnet_stats_basic))
220 /* TCA_STATS_PKT64 */
221 + nla_total_size_64bit(sizeof(u64))
222 /* TCA_STATS_QUEUE */
223 + nla_total_size_64bit(sizeof(struct gnet_stats_queue))
224 + nla_total_size(0) /* TCA_OPTIONS nested */
225 + nla_total_size(sizeof(struct tcf_t)); /* TCA_GACT_TM */
228 static size_t tcf_action_full_attrs_size(size_t sz)
230 return NLMSG_HDRLEN /* struct nlmsghdr */
231 + sizeof(struct tcamsg)
232 + nla_total_size(0) /* TCA_ACT_TAB nested */
236 static size_t tcf_action_fill_size(const struct tc_action *act)
238 size_t sz = tcf_action_shared_attrs_size(act);
240 if (act->ops->get_fill_size)
241 return act->ops->get_fill_size(act) + sz;
246 tcf_action_dump_terse(struct sk_buff *skb, struct tc_action *a, bool from_act)
248 unsigned char *b = skb_tail_pointer(skb);
249 struct tc_cookie *cookie;
251 if (nla_put_string(skb, TCA_KIND, a->ops->kind))
252 goto nla_put_failure;
253 if (tcf_action_copy_stats(skb, a, 0))
254 goto nla_put_failure;
255 if (from_act && nla_put_u32(skb, TCA_ACT_INDEX, a->tcfa_index))
256 goto nla_put_failure;
259 cookie = rcu_dereference(a->act_cookie);
261 if (nla_put(skb, TCA_ACT_COOKIE, cookie->len, cookie->data)) {
263 goto nla_put_failure;
275 static int tcf_dump_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb,
276 struct netlink_callback *cb)
278 int err = 0, index = -1, s_i = 0, n_i = 0;
279 u32 act_flags = cb->args[2];
280 unsigned long jiffy_since = cb->args[3];
282 struct idr *idr = &idrinfo->action_idr;
284 unsigned long id = 1;
287 mutex_lock(&idrinfo->lock);
291 idr_for_each_entry_ul(idr, p, tmp, id) {
299 time_after(jiffy_since,
300 (unsigned long)p->tcfa_tm.lastuse))
303 nest = nla_nest_start_noflag(skb, n_i);
306 goto nla_put_failure;
308 err = (act_flags & TCA_ACT_FLAG_TERSE_DUMP) ?
309 tcf_action_dump_terse(skb, p, true) :
310 tcf_action_dump_1(skb, p, 0, 0);
313 nlmsg_trim(skb, nest);
316 nla_nest_end(skb, nest);
318 if (!(act_flags & TCA_ACT_FLAG_LARGE_DUMP_ON) &&
319 n_i >= TCA_ACT_MAX_PRIO)
324 cb->args[0] = index + 1;
326 mutex_unlock(&idrinfo->lock);
328 if (act_flags & TCA_ACT_FLAG_LARGE_DUMP_ON)
334 nla_nest_cancel(skb, nest);
338 static int tcf_idr_release_unsafe(struct tc_action *p)
340 if (atomic_read(&p->tcfa_bindcnt) > 0)
343 if (refcount_dec_and_test(&p->tcfa_refcnt)) {
344 idr_remove(&p->idrinfo->action_idr, p->tcfa_index);
345 tcf_action_cleanup(p);
346 return ACT_P_DELETED;
352 static int tcf_del_walker(struct tcf_idrinfo *idrinfo, struct sk_buff *skb,
353 const struct tc_action_ops *ops)
358 struct idr *idr = &idrinfo->action_idr;
360 unsigned long id = 1;
363 nest = nla_nest_start_noflag(skb, 0);
365 goto nla_put_failure;
366 if (nla_put_string(skb, TCA_KIND, ops->kind))
367 goto nla_put_failure;
369 mutex_lock(&idrinfo->lock);
370 idr_for_each_entry_ul(idr, p, tmp, id) {
373 ret = tcf_idr_release_unsafe(p);
374 if (ret == ACT_P_DELETED) {
375 module_put(ops->owner);
377 } else if (ret < 0) {
378 mutex_unlock(&idrinfo->lock);
379 goto nla_put_failure;
382 mutex_unlock(&idrinfo->lock);
384 ret = nla_put_u32(skb, TCA_FCNT, n_i);
386 goto nla_put_failure;
387 nla_nest_end(skb, nest);
391 nla_nest_cancel(skb, nest);
395 int tcf_generic_walker(struct tc_action_net *tn, struct sk_buff *skb,
396 struct netlink_callback *cb, int type,
397 const struct tc_action_ops *ops,
398 struct netlink_ext_ack *extack)
400 struct tcf_idrinfo *idrinfo = tn->idrinfo;
402 if (type == RTM_DELACTION) {
403 return tcf_del_walker(idrinfo, skb, ops);
404 } else if (type == RTM_GETACTION) {
405 return tcf_dump_walker(idrinfo, skb, cb);
407 WARN(1, "tcf_generic_walker: unknown command %d\n", type);
408 NL_SET_ERR_MSG(extack, "tcf_generic_walker: unknown command");
412 EXPORT_SYMBOL(tcf_generic_walker);
414 int tcf_idr_search(struct tc_action_net *tn, struct tc_action **a, u32 index)
416 struct tcf_idrinfo *idrinfo = tn->idrinfo;
419 mutex_lock(&idrinfo->lock);
420 p = idr_find(&idrinfo->action_idr, index);
424 refcount_inc(&p->tcfa_refcnt);
425 mutex_unlock(&idrinfo->lock);
433 EXPORT_SYMBOL(tcf_idr_search);
435 static int tcf_idr_delete_index(struct tcf_idrinfo *idrinfo, u32 index)
440 mutex_lock(&idrinfo->lock);
441 p = idr_find(&idrinfo->action_idr, index);
443 mutex_unlock(&idrinfo->lock);
447 if (!atomic_read(&p->tcfa_bindcnt)) {
448 if (refcount_dec_and_test(&p->tcfa_refcnt)) {
449 struct module *owner = p->ops->owner;
451 WARN_ON(p != idr_remove(&idrinfo->action_idr,
453 mutex_unlock(&idrinfo->lock);
455 tcf_action_cleanup(p);
464 mutex_unlock(&idrinfo->lock);
468 int tcf_idr_create(struct tc_action_net *tn, u32 index, struct nlattr *est,
469 struct tc_action **a, const struct tc_action_ops *ops,
470 int bind, bool cpustats, u32 flags)
472 struct tc_action *p = kzalloc(ops->size, GFP_KERNEL);
473 struct tcf_idrinfo *idrinfo = tn->idrinfo;
478 refcount_set(&p->tcfa_refcnt, 1);
480 atomic_set(&p->tcfa_bindcnt, 1);
483 p->cpu_bstats = netdev_alloc_pcpu_stats(struct gnet_stats_basic_sync);
486 p->cpu_bstats_hw = netdev_alloc_pcpu_stats(struct gnet_stats_basic_sync);
487 if (!p->cpu_bstats_hw)
489 p->cpu_qstats = alloc_percpu(struct gnet_stats_queue);
493 gnet_stats_basic_sync_init(&p->tcfa_bstats);
494 gnet_stats_basic_sync_init(&p->tcfa_bstats_hw);
495 spin_lock_init(&p->tcfa_lock);
496 p->tcfa_index = index;
497 p->tcfa_tm.install = jiffies;
498 p->tcfa_tm.lastuse = jiffies;
499 p->tcfa_tm.firstuse = 0;
500 p->tcfa_flags = flags & TCA_ACT_FLAGS_USER_MASK;
502 err = gen_new_estimator(&p->tcfa_bstats, p->cpu_bstats,
504 &p->tcfa_lock, false, est);
509 p->idrinfo = idrinfo;
510 __module_get(ops->owner);
515 free_percpu(p->cpu_qstats);
517 free_percpu(p->cpu_bstats_hw);
519 free_percpu(p->cpu_bstats);
524 EXPORT_SYMBOL(tcf_idr_create);
526 int tcf_idr_create_from_flags(struct tc_action_net *tn, u32 index,
527 struct nlattr *est, struct tc_action **a,
528 const struct tc_action_ops *ops, int bind,
531 /* Set cpustats according to actions flags. */
532 return tcf_idr_create(tn, index, est, a, ops, bind,
533 !(flags & TCA_ACT_FLAGS_NO_PERCPU_STATS), flags);
535 EXPORT_SYMBOL(tcf_idr_create_from_flags);
537 /* Cleanup idr index that was allocated but not initialized. */
539 void tcf_idr_cleanup(struct tc_action_net *tn, u32 index)
541 struct tcf_idrinfo *idrinfo = tn->idrinfo;
543 mutex_lock(&idrinfo->lock);
544 /* Remove ERR_PTR(-EBUSY) allocated by tcf_idr_check_alloc */
545 WARN_ON(!IS_ERR(idr_remove(&idrinfo->action_idr, index)));
546 mutex_unlock(&idrinfo->lock);
548 EXPORT_SYMBOL(tcf_idr_cleanup);
550 /* Check if action with specified index exists. If actions is found, increments
551 * its reference and bind counters, and return 1. Otherwise insert temporary
552 * error pointer (to prevent concurrent users from inserting actions with same
553 * index) and return 0.
556 int tcf_idr_check_alloc(struct tc_action_net *tn, u32 *index,
557 struct tc_action **a, int bind)
559 struct tcf_idrinfo *idrinfo = tn->idrinfo;
564 mutex_lock(&idrinfo->lock);
566 p = idr_find(&idrinfo->action_idr, *index);
568 /* This means that another process allocated
569 * index but did not assign the pointer yet.
571 mutex_unlock(&idrinfo->lock);
576 refcount_inc(&p->tcfa_refcnt);
578 atomic_inc(&p->tcfa_bindcnt);
583 ret = idr_alloc_u32(&idrinfo->action_idr, NULL, index,
586 idr_replace(&idrinfo->action_idr,
587 ERR_PTR(-EBUSY), *index);
592 ret = idr_alloc_u32(&idrinfo->action_idr, NULL, index,
593 UINT_MAX, GFP_KERNEL);
595 idr_replace(&idrinfo->action_idr, ERR_PTR(-EBUSY),
598 mutex_unlock(&idrinfo->lock);
601 EXPORT_SYMBOL(tcf_idr_check_alloc);
603 void tcf_idrinfo_destroy(const struct tc_action_ops *ops,
604 struct tcf_idrinfo *idrinfo)
606 struct idr *idr = &idrinfo->action_idr;
609 unsigned long id = 1;
612 idr_for_each_entry_ul(idr, p, tmp, id) {
613 ret = __tcf_idr_release(p, false, true);
614 if (ret == ACT_P_DELETED)
615 module_put(ops->owner);
619 idr_destroy(&idrinfo->action_idr);
621 EXPORT_SYMBOL(tcf_idrinfo_destroy);
623 static LIST_HEAD(act_base);
624 static DEFINE_RWLOCK(act_mod_lock);
626 int tcf_register_action(struct tc_action_ops *act,
627 struct pernet_operations *ops)
629 struct tc_action_ops *a;
632 if (!act->act || !act->dump || !act->init || !act->walk || !act->lookup)
635 /* We have to register pernet ops before making the action ops visible,
636 * otherwise tcf_action_init_1() could get a partially initialized
639 ret = register_pernet_subsys(ops);
643 write_lock(&act_mod_lock);
644 list_for_each_entry(a, &act_base, head) {
645 if (act->id == a->id || (strcmp(act->kind, a->kind) == 0)) {
646 write_unlock(&act_mod_lock);
647 unregister_pernet_subsys(ops);
651 list_add_tail(&act->head, &act_base);
652 write_unlock(&act_mod_lock);
656 EXPORT_SYMBOL(tcf_register_action);
658 int tcf_unregister_action(struct tc_action_ops *act,
659 struct pernet_operations *ops)
661 struct tc_action_ops *a;
664 write_lock(&act_mod_lock);
665 list_for_each_entry(a, &act_base, head) {
667 list_del(&act->head);
672 write_unlock(&act_mod_lock);
674 unregister_pernet_subsys(ops);
677 EXPORT_SYMBOL(tcf_unregister_action);
680 static struct tc_action_ops *tc_lookup_action_n(char *kind)
682 struct tc_action_ops *a, *res = NULL;
685 read_lock(&act_mod_lock);
686 list_for_each_entry(a, &act_base, head) {
687 if (strcmp(kind, a->kind) == 0) {
688 if (try_module_get(a->owner))
693 read_unlock(&act_mod_lock);
698 /* lookup by nlattr */
699 static struct tc_action_ops *tc_lookup_action(struct nlattr *kind)
701 struct tc_action_ops *a, *res = NULL;
704 read_lock(&act_mod_lock);
705 list_for_each_entry(a, &act_base, head) {
706 if (nla_strcmp(kind, a->kind) == 0) {
707 if (try_module_get(a->owner))
712 read_unlock(&act_mod_lock);
717 /*TCA_ACT_MAX_PRIO is 32, there count up to 32 */
718 #define TCA_ACT_MAX_PRIO_MASK 0x1FF
719 int tcf_action_exec(struct sk_buff *skb, struct tc_action **actions,
720 int nr_actions, struct tcf_result *res)
723 u32 jmp_ttl = TCA_ACT_MAX_PRIO; /*matches actions per filter */
727 if (skb_skip_tc_classify(skb))
731 for (i = 0; i < nr_actions; i++) {
732 const struct tc_action *a = actions[i];
734 if (jmp_prgcnt > 0) {
739 ret = a->ops->act(skb, a, res);
740 if (ret == TC_ACT_REPEAT)
741 goto repeat; /* we need a ttl - JHS */
743 if (TC_ACT_EXT_CMP(ret, TC_ACT_JUMP)) {
744 jmp_prgcnt = ret & TCA_ACT_MAX_PRIO_MASK;
745 if (!jmp_prgcnt || (jmp_prgcnt > nr_actions)) {
746 /* faulty opcode, stop pipeline */
751 goto restart_act_graph;
752 else /* faulty graph, stop pipeline */
755 } else if (TC_ACT_EXT_CMP(ret, TC_ACT_GOTO_CHAIN)) {
756 if (unlikely(!rcu_access_pointer(a->goto_chain))) {
757 net_warn_ratelimited("can't go to NULL chain!\n");
760 tcf_action_goto_chain_exec(a, res);
763 if (ret != TC_ACT_PIPE)
769 EXPORT_SYMBOL(tcf_action_exec);
771 int tcf_action_destroy(struct tc_action *actions[], int bind)
773 const struct tc_action_ops *ops;
777 for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) {
781 ret = __tcf_idr_release(a, bind, true);
782 if (ret == ACT_P_DELETED)
783 module_put(ops->owner);
790 static int tcf_action_put(struct tc_action *p)
792 return __tcf_action_put(p, false);
795 /* Put all actions in this array, skip those NULL's. */
796 static void tcf_action_put_many(struct tc_action *actions[])
800 for (i = 0; i < TCA_ACT_MAX_PRIO; i++) {
801 struct tc_action *a = actions[i];
802 const struct tc_action_ops *ops;
807 if (tcf_action_put(a))
808 module_put(ops->owner);
813 tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
815 return a->ops->dump(skb, a, bind, ref);
819 tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
822 unsigned char *b = skb_tail_pointer(skb);
825 if (tcf_action_dump_terse(skb, a, false))
826 goto nla_put_failure;
828 if (a->hw_stats != TCA_ACT_HW_STATS_ANY &&
829 nla_put_bitfield32(skb, TCA_ACT_HW_STATS,
830 a->hw_stats, TCA_ACT_HW_STATS_ANY))
831 goto nla_put_failure;
833 if (a->used_hw_stats_valid &&
834 nla_put_bitfield32(skb, TCA_ACT_USED_HW_STATS,
835 a->used_hw_stats, TCA_ACT_HW_STATS_ANY))
836 goto nla_put_failure;
839 nla_put_bitfield32(skb, TCA_ACT_FLAGS,
840 a->tcfa_flags, a->tcfa_flags))
841 goto nla_put_failure;
843 nest = nla_nest_start_noflag(skb, TCA_OPTIONS);
845 goto nla_put_failure;
846 err = tcf_action_dump_old(skb, a, bind, ref);
848 nla_nest_end(skb, nest);
856 EXPORT_SYMBOL(tcf_action_dump_1);
858 int tcf_action_dump(struct sk_buff *skb, struct tc_action *actions[],
859 int bind, int ref, bool terse)
862 int err = -EINVAL, i;
865 for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) {
867 nest = nla_nest_start_noflag(skb, i + 1);
869 goto nla_put_failure;
870 err = terse ? tcf_action_dump_terse(skb, a, false) :
871 tcf_action_dump_1(skb, a, bind, ref);
874 nla_nest_end(skb, nest);
882 nla_nest_cancel(skb, nest);
886 static struct tc_cookie *nla_memdup_cookie(struct nlattr **tb)
888 struct tc_cookie *c = kzalloc(sizeof(*c), GFP_KERNEL);
892 c->data = nla_memdup(tb[TCA_ACT_COOKIE], GFP_KERNEL);
897 c->len = nla_len(tb[TCA_ACT_COOKIE]);
902 static u8 tcf_action_hw_stats_get(struct nlattr *hw_stats_attr)
904 struct nla_bitfield32 hw_stats_bf;
906 /* If the user did not pass the attr, that means he does
907 * not care about the type. Return "any" in that case
908 * which is setting on all supported types.
911 return TCA_ACT_HW_STATS_ANY;
912 hw_stats_bf = nla_get_bitfield32(hw_stats_attr);
913 return hw_stats_bf.value;
916 static const struct nla_policy tcf_action_policy[TCA_ACT_MAX + 1] = {
917 [TCA_ACT_KIND] = { .type = NLA_STRING },
918 [TCA_ACT_INDEX] = { .type = NLA_U32 },
919 [TCA_ACT_COOKIE] = { .type = NLA_BINARY,
920 .len = TC_COOKIE_MAX_SIZE },
921 [TCA_ACT_OPTIONS] = { .type = NLA_NESTED },
922 [TCA_ACT_FLAGS] = NLA_POLICY_BITFIELD32(TCA_ACT_FLAGS_NO_PERCPU_STATS),
923 [TCA_ACT_HW_STATS] = NLA_POLICY_BITFIELD32(TCA_ACT_HW_STATS_ANY),
926 void tcf_idr_insert_many(struct tc_action *actions[])
930 for (i = 0; i < TCA_ACT_MAX_PRIO; i++) {
931 struct tc_action *a = actions[i];
932 struct tcf_idrinfo *idrinfo;
936 idrinfo = a->idrinfo;
937 mutex_lock(&idrinfo->lock);
938 /* Replace ERR_PTR(-EBUSY) allocated by tcf_idr_check_alloc if
939 * it is just created, otherwise this is just a nop.
941 idr_replace(&idrinfo->action_idr, a, a->tcfa_index);
942 mutex_unlock(&idrinfo->lock);
946 struct tc_action_ops *tc_action_load_ops(struct nlattr *nla, bool police,
948 struct netlink_ext_ack *extack)
950 struct nlattr *tb[TCA_ACT_MAX + 1];
951 struct tc_action_ops *a_o;
952 char act_name[IFNAMSIZ];
957 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,
958 tcf_action_policy, extack);
962 kind = tb[TCA_ACT_KIND];
964 NL_SET_ERR_MSG(extack, "TC action kind must be specified");
967 if (nla_strscpy(act_name, kind, IFNAMSIZ) < 0) {
968 NL_SET_ERR_MSG(extack, "TC action name too long");
972 if (strlcpy(act_name, "police", IFNAMSIZ) >= IFNAMSIZ) {
973 NL_SET_ERR_MSG(extack, "TC action name too long");
974 return ERR_PTR(-EINVAL);
978 a_o = tc_lookup_action_n(act_name);
980 #ifdef CONFIG_MODULES
983 request_module("act_%s", act_name);
987 a_o = tc_lookup_action_n(act_name);
989 /* We dropped the RTNL semaphore in order to
990 * perform the module load. So, even if we
991 * succeeded in loading the module we have to
992 * tell the caller to replay the request. We
993 * indicate this using -EAGAIN.
996 module_put(a_o->owner);
997 return ERR_PTR(-EAGAIN);
1000 NL_SET_ERR_MSG(extack, "Failed to load TC action module");
1001 return ERR_PTR(-ENOENT);
1007 struct tc_action *tcf_action_init_1(struct net *net, struct tcf_proto *tp,
1008 struct nlattr *nla, struct nlattr *est,
1009 struct tc_action_ops *a_o, int *init_res,
1010 u32 flags, struct netlink_ext_ack *extack)
1012 bool police = flags & TCA_ACT_FLAGS_POLICE;
1013 struct nla_bitfield32 userflags = { 0, 0 };
1014 u8 hw_stats = TCA_ACT_HW_STATS_ANY;
1015 struct nlattr *tb[TCA_ACT_MAX + 1];
1016 struct tc_cookie *cookie = NULL;
1017 struct tc_action *a;
1020 /* backward compatibility for policer */
1022 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,
1023 tcf_action_policy, extack);
1025 return ERR_PTR(err);
1026 if (tb[TCA_ACT_COOKIE]) {
1027 cookie = nla_memdup_cookie(tb);
1029 NL_SET_ERR_MSG(extack, "No memory to generate TC cookie");
1034 hw_stats = tcf_action_hw_stats_get(tb[TCA_ACT_HW_STATS]);
1035 if (tb[TCA_ACT_FLAGS])
1036 userflags = nla_get_bitfield32(tb[TCA_ACT_FLAGS]);
1038 err = a_o->init(net, tb[TCA_ACT_OPTIONS], est, &a, tp,
1039 userflags.value | flags, extack);
1041 err = a_o->init(net, nla, est, &a, tp, userflags.value | flags,
1048 if (!police && tb[TCA_ACT_COOKIE])
1049 tcf_set_action_cookie(&a->act_cookie, cookie);
1052 a->hw_stats = hw_stats;
1058 kfree(cookie->data);
1061 return ERR_PTR(err);
1064 /* Returns numbers of initialized actions or negative error. */
1066 int tcf_action_init(struct net *net, struct tcf_proto *tp, struct nlattr *nla,
1067 struct nlattr *est, struct tc_action *actions[],
1068 int init_res[], size_t *attr_size, u32 flags,
1069 struct netlink_ext_ack *extack)
1071 struct tc_action_ops *ops[TCA_ACT_MAX_PRIO] = {};
1072 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1];
1073 struct tc_action *act;
1078 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX_PRIO, nla, NULL,
1083 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) {
1084 struct tc_action_ops *a_o;
1086 a_o = tc_action_load_ops(tb[i], flags & TCA_ACT_FLAGS_POLICE,
1087 !(flags & TCA_ACT_FLAGS_NO_RTNL),
1096 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) {
1097 act = tcf_action_init_1(net, tp, tb[i], est, ops[i - 1],
1098 &init_res[i - 1], flags, extack);
1103 sz += tcf_action_fill_size(act);
1104 /* Start from index 0 */
1105 actions[i - 1] = act;
1108 /* We have to commit them all together, because if any error happened in
1109 * between, we could not handle the failure gracefully.
1111 tcf_idr_insert_many(actions);
1113 *attr_size = tcf_action_full_attrs_size(sz);
1118 tcf_action_destroy(actions, flags & TCA_ACT_FLAGS_BIND);
1120 for (i = 0; i < TCA_ACT_MAX_PRIO; i++) {
1122 module_put(ops[i]->owner);
1127 void tcf_action_update_stats(struct tc_action *a, u64 bytes, u64 packets,
1130 if (a->cpu_bstats) {
1131 _bstats_update(this_cpu_ptr(a->cpu_bstats), bytes, packets);
1133 this_cpu_ptr(a->cpu_qstats)->drops += drops;
1136 _bstats_update(this_cpu_ptr(a->cpu_bstats_hw),
1141 _bstats_update(&a->tcfa_bstats, bytes, packets);
1142 a->tcfa_qstats.drops += drops;
1144 _bstats_update(&a->tcfa_bstats_hw, bytes, packets);
1146 EXPORT_SYMBOL(tcf_action_update_stats);
1148 int tcf_action_copy_stats(struct sk_buff *skb, struct tc_action *p,
1157 /* compat_mode being true specifies a call that is supposed
1158 * to add additional backward compatibility statistic TLVs.
1161 if (p->type == TCA_OLD_COMPAT)
1162 err = gnet_stats_start_copy_compat(skb, 0,
1170 err = gnet_stats_start_copy(skb, TCA_ACT_STATS,
1171 &p->tcfa_lock, &d, TCA_ACT_PAD);
1176 if (gnet_stats_copy_basic(&d, p->cpu_bstats,
1177 &p->tcfa_bstats, false) < 0 ||
1178 gnet_stats_copy_basic_hw(&d, p->cpu_bstats_hw,
1179 &p->tcfa_bstats_hw, false) < 0 ||
1180 gnet_stats_copy_rate_est(&d, &p->tcfa_rate_est) < 0 ||
1181 gnet_stats_copy_queue(&d, p->cpu_qstats,
1183 p->tcfa_qstats.qlen) < 0)
1186 if (gnet_stats_finish_copy(&d) < 0)
1195 static int tca_get_fill(struct sk_buff *skb, struct tc_action *actions[],
1196 u32 portid, u32 seq, u16 flags, int event, int bind,
1200 struct nlmsghdr *nlh;
1201 unsigned char *b = skb_tail_pointer(skb);
1202 struct nlattr *nest;
1204 nlh = nlmsg_put(skb, portid, seq, event, sizeof(*t), flags);
1206 goto out_nlmsg_trim;
1207 t = nlmsg_data(nlh);
1208 t->tca_family = AF_UNSPEC;
1212 nest = nla_nest_start_noflag(skb, TCA_ACT_TAB);
1214 goto out_nlmsg_trim;
1216 if (tcf_action_dump(skb, actions, bind, ref, false) < 0)
1217 goto out_nlmsg_trim;
1219 nla_nest_end(skb, nest);
1221 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1230 tcf_get_notify(struct net *net, u32 portid, struct nlmsghdr *n,
1231 struct tc_action *actions[], int event,
1232 struct netlink_ext_ack *extack)
1234 struct sk_buff *skb;
1236 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1239 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, event,
1241 NL_SET_ERR_MSG(extack, "Failed to fill netlink attributes while adding TC action");
1246 return rtnl_unicast(skb, net, portid);
1249 static struct tc_action *tcf_action_get_1(struct net *net, struct nlattr *nla,
1250 struct nlmsghdr *n, u32 portid,
1251 struct netlink_ext_ack *extack)
1253 struct nlattr *tb[TCA_ACT_MAX + 1];
1254 const struct tc_action_ops *ops;
1255 struct tc_action *a;
1259 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,
1260 tcf_action_policy, extack);
1265 if (tb[TCA_ACT_INDEX] == NULL ||
1266 nla_len(tb[TCA_ACT_INDEX]) < sizeof(index)) {
1267 NL_SET_ERR_MSG(extack, "Invalid TC action index value");
1270 index = nla_get_u32(tb[TCA_ACT_INDEX]);
1273 ops = tc_lookup_action(tb[TCA_ACT_KIND]);
1274 if (!ops) { /* could happen in batch of actions */
1275 NL_SET_ERR_MSG(extack, "Specified TC action kind not found");
1279 if (ops->lookup(net, &a, index) == 0) {
1280 NL_SET_ERR_MSG(extack, "TC action with specified index not found");
1284 module_put(ops->owner);
1288 module_put(ops->owner);
1290 return ERR_PTR(err);
1293 static int tca_action_flush(struct net *net, struct nlattr *nla,
1294 struct nlmsghdr *n, u32 portid,
1295 struct netlink_ext_ack *extack)
1297 struct sk_buff *skb;
1299 struct nlmsghdr *nlh;
1301 struct netlink_callback dcb;
1302 struct nlattr *nest;
1303 struct nlattr *tb[TCA_ACT_MAX + 1];
1304 const struct tc_action_ops *ops;
1305 struct nlattr *kind;
1308 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1312 b = skb_tail_pointer(skb);
1314 err = nla_parse_nested_deprecated(tb, TCA_ACT_MAX, nla,
1315 tcf_action_policy, extack);
1320 kind = tb[TCA_ACT_KIND];
1321 ops = tc_lookup_action(kind);
1322 if (!ops) { /*some idjot trying to flush unknown action */
1323 NL_SET_ERR_MSG(extack, "Cannot flush unknown TC action");
1327 nlh = nlmsg_put(skb, portid, n->nlmsg_seq, RTM_DELACTION,
1330 NL_SET_ERR_MSG(extack, "Failed to create TC action flush notification");
1331 goto out_module_put;
1333 t = nlmsg_data(nlh);
1334 t->tca_family = AF_UNSPEC;
1338 nest = nla_nest_start_noflag(skb, TCA_ACT_TAB);
1340 NL_SET_ERR_MSG(extack, "Failed to add new netlink message");
1341 goto out_module_put;
1344 err = ops->walk(net, skb, &dcb, RTM_DELACTION, ops, extack);
1346 nla_nest_cancel(skb, nest);
1347 goto out_module_put;
1350 nla_nest_end(skb, nest);
1352 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1353 nlh->nlmsg_flags |= NLM_F_ROOT;
1354 module_put(ops->owner);
1355 err = rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1356 n->nlmsg_flags & NLM_F_ECHO);
1358 NL_SET_ERR_MSG(extack, "Failed to send TC action flush notification");
1363 module_put(ops->owner);
1369 static int tcf_action_delete(struct net *net, struct tc_action *actions[])
1373 for (i = 0; i < TCA_ACT_MAX_PRIO && actions[i]; i++) {
1374 struct tc_action *a = actions[i];
1375 const struct tc_action_ops *ops = a->ops;
1376 /* Actions can be deleted concurrently so we must save their
1377 * type and id to search again after reference is released.
1379 struct tcf_idrinfo *idrinfo = a->idrinfo;
1380 u32 act_index = a->tcfa_index;
1383 if (tcf_action_put(a)) {
1384 /* last reference, action was deleted concurrently */
1385 module_put(ops->owner);
1389 /* now do the delete */
1390 ret = tcf_idr_delete_index(idrinfo, act_index);
1399 tcf_del_notify(struct net *net, struct nlmsghdr *n, struct tc_action *actions[],
1400 u32 portid, size_t attr_size, struct netlink_ext_ack *extack)
1403 struct sk_buff *skb;
1405 skb = alloc_skb(attr_size <= NLMSG_GOODSIZE ? NLMSG_GOODSIZE : attr_size,
1410 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, 0, RTM_DELACTION,
1412 NL_SET_ERR_MSG(extack, "Failed to fill netlink TC action attributes");
1417 /* now do the delete */
1418 ret = tcf_action_delete(net, actions);
1420 NL_SET_ERR_MSG(extack, "Failed to delete TC action");
1425 ret = rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1426 n->nlmsg_flags & NLM_F_ECHO);
1431 tca_action_gd(struct net *net, struct nlattr *nla, struct nlmsghdr *n,
1432 u32 portid, int event, struct netlink_ext_ack *extack)
1435 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1];
1436 struct tc_action *act;
1437 size_t attr_size = 0;
1438 struct tc_action *actions[TCA_ACT_MAX_PRIO] = {};
1440 ret = nla_parse_nested_deprecated(tb, TCA_ACT_MAX_PRIO, nla, NULL,
1445 if (event == RTM_DELACTION && n->nlmsg_flags & NLM_F_ROOT) {
1447 return tca_action_flush(net, tb[1], n, portid, extack);
1449 NL_SET_ERR_MSG(extack, "Invalid netlink attributes while flushing TC action");
1453 for (i = 1; i <= TCA_ACT_MAX_PRIO && tb[i]; i++) {
1454 act = tcf_action_get_1(net, tb[i], n, portid, extack);
1459 attr_size += tcf_action_fill_size(act);
1460 actions[i - 1] = act;
1463 attr_size = tcf_action_full_attrs_size(attr_size);
1465 if (event == RTM_GETACTION)
1466 ret = tcf_get_notify(net, portid, n, actions, event, extack);
1468 ret = tcf_del_notify(net, n, actions, portid, attr_size, extack);
1474 tcf_action_put_many(actions);
1479 tcf_add_notify(struct net *net, struct nlmsghdr *n, struct tc_action *actions[],
1480 u32 portid, size_t attr_size, struct netlink_ext_ack *extack)
1482 struct sk_buff *skb;
1484 skb = alloc_skb(attr_size <= NLMSG_GOODSIZE ? NLMSG_GOODSIZE : attr_size,
1489 if (tca_get_fill(skb, actions, portid, n->nlmsg_seq, n->nlmsg_flags,
1490 RTM_NEWACTION, 0, 0) <= 0) {
1491 NL_SET_ERR_MSG(extack, "Failed to fill netlink attributes while adding TC action");
1496 return rtnetlink_send(skb, net, portid, RTNLGRP_TC,
1497 n->nlmsg_flags & NLM_F_ECHO);
1500 static int tcf_action_add(struct net *net, struct nlattr *nla,
1501 struct nlmsghdr *n, u32 portid, u32 flags,
1502 struct netlink_ext_ack *extack)
1504 size_t attr_size = 0;
1506 struct tc_action *actions[TCA_ACT_MAX_PRIO] = {};
1507 int init_res[TCA_ACT_MAX_PRIO] = {};
1509 for (loop = 0; loop < 10; loop++) {
1510 ret = tcf_action_init(net, NULL, nla, NULL, actions, init_res,
1511 &attr_size, flags, extack);
1518 ret = tcf_add_notify(net, n, actions, portid, attr_size, extack);
1520 /* only put existing actions */
1521 for (i = 0; i < TCA_ACT_MAX_PRIO; i++)
1522 if (init_res[i] == ACT_P_CREATED)
1524 tcf_action_put_many(actions);
1529 static const struct nla_policy tcaa_policy[TCA_ROOT_MAX + 1] = {
1530 [TCA_ROOT_FLAGS] = NLA_POLICY_BITFIELD32(TCA_ACT_FLAG_LARGE_DUMP_ON |
1531 TCA_ACT_FLAG_TERSE_DUMP),
1532 [TCA_ROOT_TIME_DELTA] = { .type = NLA_U32 },
1535 static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n,
1536 struct netlink_ext_ack *extack)
1538 struct net *net = sock_net(skb->sk);
1539 struct nlattr *tca[TCA_ROOT_MAX + 1];
1540 u32 portid = NETLINK_CB(skb).portid;
1544 if ((n->nlmsg_type != RTM_GETACTION) &&
1545 !netlink_capable(skb, CAP_NET_ADMIN))
1548 ret = nlmsg_parse_deprecated(n, sizeof(struct tcamsg), tca,
1549 TCA_ROOT_MAX, NULL, extack);
1553 if (tca[TCA_ACT_TAB] == NULL) {
1554 NL_SET_ERR_MSG(extack, "Netlink action attributes missing");
1558 /* n->nlmsg_flags & NLM_F_CREATE */
1559 switch (n->nlmsg_type) {
1561 /* we are going to assume all other flags
1562 * imply create only if it doesn't exist
1563 * Note that CREATE | EXCL implies that
1564 * but since we want avoid ambiguity (eg when flags
1565 * is zero) then just set this
1567 if (n->nlmsg_flags & NLM_F_REPLACE)
1568 flags = TCA_ACT_FLAGS_REPLACE;
1569 ret = tcf_action_add(net, tca[TCA_ACT_TAB], n, portid, flags,
1573 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n,
1574 portid, RTM_DELACTION, extack);
1577 ret = tca_action_gd(net, tca[TCA_ACT_TAB], n,
1578 portid, RTM_GETACTION, extack);
1587 static struct nlattr *find_dump_kind(struct nlattr **nla)
1589 struct nlattr *tb1, *tb2[TCA_ACT_MAX + 1];
1590 struct nlattr *tb[TCA_ACT_MAX_PRIO + 1];
1591 struct nlattr *kind;
1593 tb1 = nla[TCA_ACT_TAB];
1597 if (nla_parse_deprecated(tb, TCA_ACT_MAX_PRIO, nla_data(tb1), NLMSG_ALIGN(nla_len(tb1)), NULL, NULL) < 0)
1602 if (nla_parse_nested_deprecated(tb2, TCA_ACT_MAX, tb[1], tcf_action_policy, NULL) < 0)
1604 kind = tb2[TCA_ACT_KIND];
1609 static int tc_dump_action(struct sk_buff *skb, struct netlink_callback *cb)
1611 struct net *net = sock_net(skb->sk);
1612 struct nlmsghdr *nlh;
1613 unsigned char *b = skb_tail_pointer(skb);
1614 struct nlattr *nest;
1615 struct tc_action_ops *a_o;
1617 struct tcamsg *t = (struct tcamsg *) nlmsg_data(cb->nlh);
1618 struct nlattr *tb[TCA_ROOT_MAX + 1];
1619 struct nlattr *count_attr = NULL;
1620 unsigned long jiffy_since = 0;
1621 struct nlattr *kind = NULL;
1622 struct nla_bitfield32 bf;
1623 u32 msecs_since = 0;
1626 ret = nlmsg_parse_deprecated(cb->nlh, sizeof(struct tcamsg), tb,
1627 TCA_ROOT_MAX, tcaa_policy, cb->extack);
1631 kind = find_dump_kind(tb);
1633 pr_info("tc_dump_action: action bad kind\n");
1637 a_o = tc_lookup_action(kind);
1642 if (tb[TCA_ROOT_FLAGS]) {
1643 bf = nla_get_bitfield32(tb[TCA_ROOT_FLAGS]);
1644 cb->args[2] = bf.value;
1647 if (tb[TCA_ROOT_TIME_DELTA]) {
1648 msecs_since = nla_get_u32(tb[TCA_ROOT_TIME_DELTA]);
1651 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
1652 cb->nlh->nlmsg_type, sizeof(*t), 0);
1654 goto out_module_put;
1657 jiffy_since = jiffies - msecs_to_jiffies(msecs_since);
1659 t = nlmsg_data(nlh);
1660 t->tca_family = AF_UNSPEC;
1663 cb->args[3] = jiffy_since;
1664 count_attr = nla_reserve(skb, TCA_ROOT_COUNT, sizeof(u32));
1666 goto out_module_put;
1668 nest = nla_nest_start_noflag(skb, TCA_ACT_TAB);
1670 goto out_module_put;
1672 ret = a_o->walk(net, skb, cb, RTM_GETACTION, a_o, NULL);
1674 goto out_module_put;
1677 nla_nest_end(skb, nest);
1679 act_count = cb->args[1];
1680 memcpy(nla_data(count_attr), &act_count, sizeof(u32));
1685 nlh->nlmsg_len = skb_tail_pointer(skb) - b;
1686 if (NETLINK_CB(cb->skb).portid && ret)
1687 nlh->nlmsg_flags |= NLM_F_MULTI;
1688 module_put(a_o->owner);
1692 module_put(a_o->owner);
1697 static int __init tc_action_init(void)
1699 rtnl_register(PF_UNSPEC, RTM_NEWACTION, tc_ctl_action, NULL, 0);
1700 rtnl_register(PF_UNSPEC, RTM_DELACTION, tc_ctl_action, NULL, 0);
1701 rtnl_register(PF_UNSPEC, RTM_GETACTION, tc_ctl_action, tc_dump_action,
1707 subsys_initcall(tc_action_init);
projects / linux.git / blob