2019-05-27 08:55:01 +02:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2014-11-19 14:05:03 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014 Jiri Pirko <jiri@resnulli.us>
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <linux/module.h>
|
|
|
|
|
#include <linux/init.h>
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
#include <linux/skbuff.h>
|
|
|
|
|
#include <linux/rtnetlink.h>
|
|
|
|
|
#include <linux/if_vlan.h>
|
|
|
|
|
#include <net/netlink.h>
|
|
|
|
|
#include <net/pkt_sched.h>
|
2019-03-20 15:00:14 +01:00
|
|
|
#include <net/pkt_cls.h>
|
2022-12-06 10:55:12 -03:00
|
|
|
#include <net/tc_wrapper.h>
|
2014-11-19 14:05:03 +01:00
|
|
|
|
|
|
|
|
#include <linux/tc_act/tc_vlan.h>
|
|
|
|
|
#include <net/tc_act/tc_vlan.h>
|
|
|
|
|
|
2016-07-25 16:09:41 -07:00
|
|
|
static struct tc_action_ops act_vlan_ops;
|
2016-02-22 15:57:53 -08:00
|
|
|
|
2022-12-06 10:55:12 -03:00
|
|
|
TC_INDIRECT_SCOPE int tcf_vlan_act(struct sk_buff *skb,
|
|
|
|
|
const struct tc_action *a,
|
|
|
|
|
struct tcf_result *res)
|
2014-11-19 14:05:03 +01:00
|
|
|
{
|
2016-07-25 16:09:41 -07:00
|
|
|
struct tcf_vlan *v = to_vlan(a);
|
2017-11-07 15:49:05 -05:00
|
|
|
struct tcf_vlan_params *p;
|
2014-11-19 14:05:03 +01:00
|
|
|
int action;
|
|
|
|
|
int err;
|
2016-09-19 19:11:10 +03:00
|
|
|
u16 tci;
|
2014-11-19 14:05:03 +01:00
|
|
|
|
2016-06-06 06:32:53 -04:00
|
|
|
tcf_lastuse_update(&v->tcf_tm);
|
2019-10-30 16:09:01 +02:00
|
|
|
tcf_action_update_bstats(&v->common, skb);
|
2017-11-07 15:48:15 -05:00
|
|
|
|
2016-09-29 12:10:40 +03:00
|
|
|
/* Ensure 'data' points at mac_header prior calling vlan manipulating
|
|
|
|
|
* functions.
|
|
|
|
|
*/
|
|
|
|
|
if (skb_at_tc_ingress(skb))
|
|
|
|
|
skb_push_rcsum(skb, skb->mac_len);
|
|
|
|
|
|
2017-11-07 15:49:05 -05:00
|
|
|
action = READ_ONCE(v->tcf_action);
|
|
|
|
|
|
2018-07-30 14:30:43 +02:00
|
|
|
p = rcu_dereference_bh(v->vlan_p);
|
2017-11-07 15:49:05 -05:00
|
|
|
|
|
|
|
|
switch (p->tcfv_action) {
|
2014-11-19 14:05:03 +01:00
|
|
|
case TCA_VLAN_ACT_POP:
|
|
|
|
|
err = skb_vlan_pop(skb);
|
|
|
|
|
if (err)
|
|
|
|
|
goto drop;
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_PUSH:
|
2017-11-07 15:49:05 -05:00
|
|
|
err = skb_vlan_push(skb, p->tcfv_push_proto, p->tcfv_push_vid |
|
|
|
|
|
(p->tcfv_push_prio << VLAN_PRIO_SHIFT));
|
2014-11-19 14:05:03 +01:00
|
|
|
if (err)
|
|
|
|
|
goto drop;
|
|
|
|
|
break;
|
2016-09-19 19:11:10 +03:00
|
|
|
case TCA_VLAN_ACT_MODIFY:
|
|
|
|
|
/* No-op if no vlan tag (either hw-accel or in-payload) */
|
|
|
|
|
if (!skb_vlan_tagged(skb))
|
2018-07-30 14:30:43 +02:00
|
|
|
goto out;
|
2016-09-19 19:11:10 +03:00
|
|
|
/* extract existing tag (and guarantee no hw-accel tag) */
|
|
|
|
|
if (skb_vlan_tag_present(skb)) {
|
|
|
|
|
tci = skb_vlan_tag_get(skb);
|
2018-11-09 00:18:02 +01:00
|
|
|
__vlan_hwaccel_clear_tag(skb);
|
2016-09-19 19:11:10 +03:00
|
|
|
} else {
|
|
|
|
|
/* in-payload vlan tag, pop it */
|
|
|
|
|
err = __skb_vlan_pop(skb, &tci);
|
|
|
|
|
if (err)
|
|
|
|
|
goto drop;
|
|
|
|
|
}
|
|
|
|
|
/* replace the vid */
|
2017-11-07 15:49:05 -05:00
|
|
|
tci = (tci & ~VLAN_VID_MASK) | p->tcfv_push_vid;
|
2016-09-19 19:11:10 +03:00
|
|
|
/* replace prio bits, if tcfv_push_prio specified */
|
2021-06-01 15:30:50 +03:00
|
|
|
if (p->tcfv_push_prio_exists) {
|
2016-09-19 19:11:10 +03:00
|
|
|
tci &= ~VLAN_PRIO_MASK;
|
2017-11-07 15:49:05 -05:00
|
|
|
tci |= p->tcfv_push_prio << VLAN_PRIO_SHIFT;
|
2016-09-19 19:11:10 +03:00
|
|
|
}
|
|
|
|
|
/* put updated tci as hwaccel tag */
|
2017-11-07 15:49:05 -05:00
|
|
|
__vlan_hwaccel_put_tag(skb, p->tcfv_push_proto, tci);
|
2016-09-19 19:11:10 +03:00
|
|
|
break;
|
2020-10-03 00:44:28 +02:00
|
|
|
case TCA_VLAN_ACT_POP_ETH:
|
|
|
|
|
err = skb_eth_pop(skb);
|
|
|
|
|
if (err)
|
|
|
|
|
goto drop;
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_PUSH_ETH:
|
|
|
|
|
err = skb_eth_push(skb, p->tcfv_push_dst, p->tcfv_push_src);
|
|
|
|
|
if (err)
|
|
|
|
|
goto drop;
|
|
|
|
|
break;
|
2014-11-19 14:05:03 +01:00
|
|
|
default:
|
|
|
|
|
BUG();
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-30 14:30:43 +02:00
|
|
|
out:
|
2016-09-29 12:10:40 +03:00
|
|
|
if (skb_at_tc_ingress(skb))
|
|
|
|
|
skb_pull_rcsum(skb, skb->mac_len);
|
|
|
|
|
|
tc: adjust network header after 2nd vlan push
<tldr>
skb network header of the single-tagged vlan packet continues to point the
vlan payload (e.g. IP) after second vlan tag is pushed by tc act_vlan. This
causes problem at the dissector which expects double-tagged packet network
header to point to the inner vlan.
The fix is to adjust network header in tcf_act_vlan.c but requires
refactoring of skb_vlan_push function.
</tldr>
Consider the following shell script snippet configuring TC rules on the
veth interface:
ip link add veth0 type veth peer veth1
ip link set veth0 up
ip link set veth1 up
tc qdisc add dev veth0 clsact
tc filter add dev veth0 ingress pref 10 chain 0 flower \
num_of_vlans 2 cvlan_ethtype 0x800 action goto chain 5
tc filter add dev veth0 ingress pref 20 chain 0 flower \
num_of_vlans 1 action vlan push id 100 \
protocol 0x8100 action goto chain 5
tc filter add dev veth0 ingress pref 30 chain 5 flower \
num_of_vlans 2 cvlan_ethtype 0x800 action simple sdata "success"
Sending double-tagged vlan packet with the IP payload inside:
cat <<ENDS | text2pcap - - | tcpreplay -i veth1 -
0000 00 00 00 00 00 11 00 00 00 00 00 22 81 00 00 64 ..........."...d
0010 81 00 00 14 08 00 45 04 00 26 04 d2 00 00 7f 11 ......E..&......
0020 18 ef 0a 00 00 01 14 00 00 02 00 00 00 00 00 12 ................
0030 e1 c7 00 00 00 00 00 00 00 00 00 00 ............
ENDS
will match rule 10, goto rule 30 in chain 5 and correctly emit "success" to
the dmesg.
OTOH, sending single-tagged vlan packet:
cat <<ENDS | text2pcap - - | tcpreplay -i veth1 -
0000 00 00 00 00 00 11 00 00 00 00 00 22 81 00 00 14 ..........."....
0010 08 00 45 04 00 2a 04 d2 00 00 7f 11 18 eb 0a 00 ..E..*..........
0020 00 01 14 00 00 02 00 00 00 00 00 16 e1 bf 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 ............
ENDS
will match rule 20, will push the second vlan tag but will *not* match
rule 30. IOW, the match at rule 30 fails if the second vlan was freshly
pushed by the kernel.
Lets look at __skb_flow_dissect working on the double-tagged vlan packet.
Here is the relevant code from around net/core/flow_dissector.c:1277
copy-pasted here for convenience:
if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX &&
skb && skb_vlan_tag_present(skb)) {
proto = skb->protocol;
} else {
vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
data, hlen, &_vlan);
if (!vlan) {
fdret = FLOW_DISSECT_RET_OUT_BAD;
break;
}
proto = vlan->h_vlan_encapsulated_proto;
nhoff += sizeof(*vlan);
}
The "else" clause above gets the protocol of the encapsulated packet from
the skb data at the network header location. printk debugging has showed
that in the good double-tagged packet case proto is
htons(0x800 == ETH_P_IP) as expected. However in the single-tagged packet
case proto is garbage leading to the failure to match tc filter 30.
proto is being set from the skb header pointed by nhoff parameter which is
defined at the beginning of __skb_flow_dissect
(net/core/flow_dissector.c:1055 in the current version):
nhoff = skb_network_offset(skb);
Therefore the culprit seems to be that the skb network offset is different
between double-tagged packet received from the interface and single-tagged
packet having its vlan tag pushed by TC.
Lets look at the interesting points of the lifetime of the single/double
tagged packets as they traverse our packet flow.
Both of them will start at __netif_receive_skb_core where the first vlan
tag will be stripped:
if (eth_type_vlan(skb->protocol)) {
skb = skb_vlan_untag(skb);
if (unlikely(!skb))
goto out;
}
At this stage in double-tagged case skb->data points to the second vlan tag
while in single-tagged case skb->data points to the network (eg. IP)
header.
Looking at TC vlan push action (net/sched/act_vlan.c) we have the following
code at tcf_vlan_act (interesting points are in square brackets):
if (skb_at_tc_ingress(skb))
[1] skb_push_rcsum(skb, skb->mac_len);
....
case TCA_VLAN_ACT_PUSH:
err = skb_vlan_push(skb, p->tcfv_push_proto, p->tcfv_push_vid |
(p->tcfv_push_prio << VLAN_PRIO_SHIFT),
0);
if (err)
goto drop;
break;
....
out:
if (skb_at_tc_ingress(skb))
[3] skb_pull_rcsum(skb, skb->mac_len);
And skb_vlan_push (net/core/skbuff.c:6204) function does:
err = __vlan_insert_tag(skb, skb->vlan_proto,
skb_vlan_tag_get(skb));
if (err)
return err;
skb->protocol = skb->vlan_proto;
[2] skb->mac_len += VLAN_HLEN;
in the case of pushing the second tag. Lets look at what happens with
skb->data of the single-tagged packet at each of the above points:
1. As a result of the skb_push_rcsum, skb->data is moved back to the start
of the packet.
2. First VLAN tag is moved from the skb into packet buffer, skb->mac_len is
incremented, skb->data still points to the start of the packet.
3. As a result of the skb_pull_rcsum, skb->data is moved forward by the
modified skb->mac_len, thus pointing to the network header again.
Then __skb_flow_dissect will get confused by having double-tagged vlan
packet with the skb->data at the network header.
The solution for the bug is to preserve "skb->data at second vlan header"
semantics in the skb_vlan_push function. We do this by manipulating
skb->network_header rather than skb->mac_len. skb_vlan_push callers are
updated to do skb_reset_mac_len.
Signed-off-by: Boris Sukholitko <boris.sukholitko@broadcom.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-08-22 13:35:08 +03:00
|
|
|
skb_reset_mac_len(skb);
|
2014-11-19 14:05:03 +01:00
|
|
|
return action;
|
2018-07-30 14:30:43 +02:00
|
|
|
|
|
|
|
|
drop:
|
2019-10-30 16:09:02 +02:00
|
|
|
tcf_action_inc_drop_qstats(&v->common);
|
2018-07-30 14:30:43 +02:00
|
|
|
return TC_ACT_SHOT;
|
2014-11-19 14:05:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const struct nla_policy vlan_policy[TCA_VLAN_MAX + 1] = {
|
2020-10-03 00:44:28 +02:00
|
|
|
[TCA_VLAN_UNSPEC] = { .strict_start_type = TCA_VLAN_PUSH_ETH_DST },
|
2014-11-19 14:05:03 +01:00
|
|
|
[TCA_VLAN_PARMS] = { .len = sizeof(struct tc_vlan) },
|
|
|
|
|
[TCA_VLAN_PUSH_VLAN_ID] = { .type = NLA_U16 },
|
|
|
|
|
[TCA_VLAN_PUSH_VLAN_PROTOCOL] = { .type = NLA_U16 },
|
2016-08-17 13:36:14 +03:00
|
|
|
[TCA_VLAN_PUSH_VLAN_PRIORITY] = { .type = NLA_U8 },
|
2020-10-03 00:44:28 +02:00
|
|
|
[TCA_VLAN_PUSH_ETH_DST] = NLA_POLICY_ETH_ADDR,
|
|
|
|
|
[TCA_VLAN_PUSH_ETH_SRC] = NLA_POLICY_ETH_ADDR,
|
2014-11-19 14:05:03 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int tcf_vlan_init(struct net *net, struct nlattr *nla,
|
2016-07-25 16:09:41 -07:00
|
|
|
struct nlattr *est, struct tc_action **a,
|
2019-10-30 16:09:05 +02:00
|
|
|
struct tcf_proto *tp, u32 flags,
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2014-11-19 14:05:03 +01:00
|
|
|
{
|
2022-09-08 12:14:33 +08:00
|
|
|
struct tc_action_net *tn = net_generic(net, act_vlan_ops.net_id);
|
2021-07-29 16:12:14 -07:00
|
|
|
bool bind = flags & TCA_ACT_FLAGS_BIND;
|
2014-11-19 14:05:03 +01:00
|
|
|
struct nlattr *tb[TCA_VLAN_MAX + 1];
|
2019-03-20 15:00:14 +01:00
|
|
|
struct tcf_chain *goto_ch = NULL;
|
2021-06-01 15:30:50 +03:00
|
|
|
bool push_prio_exists = false;
|
2018-08-10 20:51:51 +03:00
|
|
|
struct tcf_vlan_params *p;
|
2014-11-19 14:05:03 +01:00
|
|
|
struct tc_vlan *parm;
|
|
|
|
|
struct tcf_vlan *v;
|
|
|
|
|
int action;
|
2018-03-23 19:31:30 +01:00
|
|
|
u16 push_vid = 0;
|
2014-11-19 14:05:03 +01:00
|
|
|
__be16 push_proto = 0;
|
2016-08-17 13:36:14 +03:00
|
|
|
u8 push_prio = 0;
|
2016-06-13 13:46:28 -07:00
|
|
|
bool exists = false;
|
|
|
|
|
int ret = 0, err;
|
2019-08-01 13:02:51 +00:00
|
|
|
u32 index;
|
2014-11-19 14:05:03 +01:00
|
|
|
|
|
|
|
|
if (!nla)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 14:07:28 +02:00
|
|
|
err = nla_parse_nested_deprecated(tb, TCA_VLAN_MAX, nla, vlan_policy,
|
|
|
|
|
NULL);
|
2014-11-19 14:05:03 +01:00
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
if (!tb[TCA_VLAN_PARMS])
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
parm = nla_data(tb[TCA_VLAN_PARMS]);
|
2019-08-01 13:02:51 +00:00
|
|
|
index = parm->index;
|
|
|
|
|
err = tcf_idr_check_alloc(tn, &index, a, bind);
|
2018-07-05 17:24:32 +03:00
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
exists = err;
|
2016-05-10 16:49:26 -04:00
|
|
|
if (exists && bind)
|
2023-12-29 10:26:41 -03:00
|
|
|
return ACT_P_BOUND;
|
2016-05-10 16:49:26 -04:00
|
|
|
|
2014-11-19 14:05:03 +01:00
|
|
|
switch (parm->v_action) {
|
|
|
|
|
case TCA_VLAN_ACT_POP:
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_PUSH:
|
2016-09-19 19:11:10 +03:00
|
|
|
case TCA_VLAN_ACT_MODIFY:
|
2016-05-10 16:49:26 -04:00
|
|
|
if (!tb[TCA_VLAN_PUSH_VLAN_ID]) {
|
|
|
|
|
if (exists)
|
2017-08-30 02:31:59 -04:00
|
|
|
tcf_idr_release(*a, bind);
|
2018-07-05 17:24:32 +03:00
|
|
|
else
|
2019-08-01 13:02:51 +00:00
|
|
|
tcf_idr_cleanup(tn, index);
|
2014-11-19 14:05:03 +01:00
|
|
|
return -EINVAL;
|
2016-05-10 16:49:26 -04:00
|
|
|
}
|
2014-11-19 14:05:03 +01:00
|
|
|
push_vid = nla_get_u16(tb[TCA_VLAN_PUSH_VLAN_ID]);
|
2016-05-10 16:49:26 -04:00
|
|
|
if (push_vid >= VLAN_VID_MASK) {
|
|
|
|
|
if (exists)
|
2017-08-30 02:31:59 -04:00
|
|
|
tcf_idr_release(*a, bind);
|
2018-07-05 17:24:32 +03:00
|
|
|
else
|
2019-08-01 13:02:51 +00:00
|
|
|
tcf_idr_cleanup(tn, index);
|
2014-11-19 14:05:03 +01:00
|
|
|
return -ERANGE;
|
2016-05-10 16:49:26 -04:00
|
|
|
}
|
2014-11-19 14:05:03 +01:00
|
|
|
|
|
|
|
|
if (tb[TCA_VLAN_PUSH_VLAN_PROTOCOL]) {
|
|
|
|
|
push_proto = nla_get_be16(tb[TCA_VLAN_PUSH_VLAN_PROTOCOL]);
|
|
|
|
|
switch (push_proto) {
|
|
|
|
|
case htons(ETH_P_8021Q):
|
|
|
|
|
case htons(ETH_P_8021AD):
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2018-05-16 12:54:29 +02:00
|
|
|
if (exists)
|
|
|
|
|
tcf_idr_release(*a, bind);
|
2018-07-05 17:24:32 +03:00
|
|
|
else
|
2019-08-01 13:02:51 +00:00
|
|
|
tcf_idr_cleanup(tn, index);
|
2014-11-19 14:05:03 +01:00
|
|
|
return -EPROTONOSUPPORT;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
push_proto = htons(ETH_P_8021Q);
|
|
|
|
|
}
|
2016-08-17 13:36:14 +03:00
|
|
|
|
2021-06-01 15:30:50 +03:00
|
|
|
push_prio_exists = !!tb[TCA_VLAN_PUSH_VLAN_PRIORITY];
|
|
|
|
|
if (push_prio_exists)
|
2016-08-17 13:36:14 +03:00
|
|
|
push_prio = nla_get_u8(tb[TCA_VLAN_PUSH_VLAN_PRIORITY]);
|
2014-11-19 14:05:03 +01:00
|
|
|
break;
|
2020-10-03 00:44:28 +02:00
|
|
|
case TCA_VLAN_ACT_POP_ETH:
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_PUSH_ETH:
|
|
|
|
|
if (!tb[TCA_VLAN_PUSH_ETH_DST] || !tb[TCA_VLAN_PUSH_ETH_SRC]) {
|
|
|
|
|
if (exists)
|
|
|
|
|
tcf_idr_release(*a, bind);
|
|
|
|
|
else
|
|
|
|
|
tcf_idr_cleanup(tn, index);
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2014-11-19 14:05:03 +01:00
|
|
|
default:
|
2016-05-10 16:49:26 -04:00
|
|
|
if (exists)
|
2017-08-30 02:31:59 -04:00
|
|
|
tcf_idr_release(*a, bind);
|
2018-07-05 17:24:32 +03:00
|
|
|
else
|
2019-08-01 13:02:51 +00:00
|
|
|
tcf_idr_cleanup(tn, index);
|
2014-11-19 14:05:03 +01:00
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
action = parm->v_action;
|
|
|
|
|
|
2016-05-10 16:49:26 -04:00
|
|
|
if (!exists) {
|
2019-10-30 16:09:06 +02:00
|
|
|
ret = tcf_idr_create_from_flags(tn, index, est, a,
|
|
|
|
|
&act_vlan_ops, bind, flags);
|
2018-07-05 17:24:32 +03:00
|
|
|
if (ret) {
|
2019-08-01 13:02:51 +00:00
|
|
|
tcf_idr_cleanup(tn, index);
|
2014-11-19 14:05:03 +01:00
|
|
|
return ret;
|
2018-07-05 17:24:32 +03:00
|
|
|
}
|
2014-11-19 14:05:03 +01:00
|
|
|
|
|
|
|
|
ret = ACT_P_CREATED;
|
2021-07-29 16:12:14 -07:00
|
|
|
} else if (!(flags & TCA_ACT_FLAGS_REPLACE)) {
|
2017-08-30 02:31:59 -04:00
|
|
|
tcf_idr_release(*a, bind);
|
2018-07-05 17:24:30 +03:00
|
|
|
return -EEXIST;
|
2014-11-19 14:05:03 +01:00
|
|
|
}
|
|
|
|
|
|
2019-03-20 15:00:14 +01:00
|
|
|
err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto release_idr;
|
|
|
|
|
|
2016-07-25 16:09:41 -07:00
|
|
|
v = to_vlan(*a);
|
2014-11-19 14:05:03 +01:00
|
|
|
|
2017-11-07 15:49:05 -05:00
|
|
|
p = kzalloc(sizeof(*p), GFP_KERNEL);
|
|
|
|
|
if (!p) {
|
2019-03-20 15:00:14 +01:00
|
|
|
err = -ENOMEM;
|
|
|
|
|
goto put_chain;
|
2017-11-07 15:49:05 -05:00
|
|
|
}
|
2014-11-19 14:05:03 +01:00
|
|
|
|
2017-11-07 15:49:05 -05:00
|
|
|
p->tcfv_action = action;
|
|
|
|
|
p->tcfv_push_vid = push_vid;
|
|
|
|
|
p->tcfv_push_prio = push_prio;
|
2021-06-01 15:30:50 +03:00
|
|
|
p->tcfv_push_prio_exists = push_prio_exists || action == TCA_VLAN_ACT_PUSH;
|
2017-11-07 15:49:05 -05:00
|
|
|
p->tcfv_push_proto = push_proto;
|
|
|
|
|
|
2020-10-03 00:44:28 +02:00
|
|
|
if (action == TCA_VLAN_ACT_PUSH_ETH) {
|
|
|
|
|
nla_memcpy(&p->tcfv_push_dst, tb[TCA_VLAN_PUSH_ETH_DST],
|
|
|
|
|
ETH_ALEN);
|
|
|
|
|
nla_memcpy(&p->tcfv_push_src, tb[TCA_VLAN_PUSH_ETH_SRC],
|
|
|
|
|
ETH_ALEN);
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-14 21:46:16 +03:00
|
|
|
spin_lock_bh(&v->tcf_lock);
|
2019-03-20 15:00:14 +01:00
|
|
|
goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch);
|
2019-09-23 16:09:18 -07:00
|
|
|
p = rcu_replace_pointer(v->vlan_p, p, lockdep_is_held(&v->tcf_lock));
|
2018-08-14 21:46:16 +03:00
|
|
|
spin_unlock_bh(&v->tcf_lock);
|
2017-11-07 15:49:05 -05:00
|
|
|
|
2019-03-20 15:00:14 +01:00
|
|
|
if (goto_ch)
|
|
|
|
|
tcf_chain_put_by_act(goto_ch);
|
2018-08-10 20:51:51 +03:00
|
|
|
if (p)
|
|
|
|
|
kfree_rcu(p, rcu);
|
2014-11-19 14:05:03 +01:00
|
|
|
|
|
|
|
|
return ret;
|
2019-03-20 15:00:14 +01:00
|
|
|
put_chain:
|
|
|
|
|
if (goto_ch)
|
|
|
|
|
tcf_chain_put_by_act(goto_ch);
|
|
|
|
|
release_idr:
|
|
|
|
|
tcf_idr_release(*a, bind);
|
|
|
|
|
return err;
|
2014-11-19 14:05:03 +01:00
|
|
|
}
|
|
|
|
|
|
2017-12-05 12:53:07 -08:00
|
|
|
static void tcf_vlan_cleanup(struct tc_action *a)
|
2017-11-07 15:49:05 -05:00
|
|
|
{
|
|
|
|
|
struct tcf_vlan *v = to_vlan(a);
|
|
|
|
|
struct tcf_vlan_params *p;
|
|
|
|
|
|
|
|
|
|
p = rcu_dereference_protected(v->vlan_p, 1);
|
2018-03-16 00:00:53 +01:00
|
|
|
if (p)
|
|
|
|
|
kfree_rcu(p, rcu);
|
2017-11-07 15:49:05 -05:00
|
|
|
}
|
|
|
|
|
|
2014-11-19 14:05:03 +01:00
|
|
|
static int tcf_vlan_dump(struct sk_buff *skb, struct tc_action *a,
|
|
|
|
|
int bind, int ref)
|
|
|
|
|
{
|
|
|
|
|
unsigned char *b = skb_tail_pointer(skb);
|
2016-07-25 16:09:41 -07:00
|
|
|
struct tcf_vlan *v = to_vlan(a);
|
2018-08-10 20:51:51 +03:00
|
|
|
struct tcf_vlan_params *p;
|
2014-11-19 14:05:03 +01:00
|
|
|
struct tc_vlan opt = {
|
|
|
|
|
.index = v->tcf_index,
|
2018-07-05 17:24:24 +03:00
|
|
|
.refcnt = refcount_read(&v->tcf_refcnt) - ref,
|
|
|
|
|
.bindcnt = atomic_read(&v->tcf_bindcnt) - bind,
|
2014-11-19 14:05:03 +01:00
|
|
|
};
|
|
|
|
|
struct tcf_t t;
|
|
|
|
|
|
2018-08-14 21:46:16 +03:00
|
|
|
spin_lock_bh(&v->tcf_lock);
|
2018-08-10 20:51:51 +03:00
|
|
|
opt.action = v->tcf_action;
|
|
|
|
|
p = rcu_dereference_protected(v->vlan_p, lockdep_is_held(&v->tcf_lock));
|
|
|
|
|
opt.v_action = p->tcfv_action;
|
2014-11-19 14:05:03 +01:00
|
|
|
if (nla_put(skb, TCA_VLAN_PARMS, sizeof(opt), &opt))
|
|
|
|
|
goto nla_put_failure;
|
|
|
|
|
|
2017-11-07 15:49:05 -05:00
|
|
|
if ((p->tcfv_action == TCA_VLAN_ACT_PUSH ||
|
|
|
|
|
p->tcfv_action == TCA_VLAN_ACT_MODIFY) &&
|
|
|
|
|
(nla_put_u16(skb, TCA_VLAN_PUSH_VLAN_ID, p->tcfv_push_vid) ||
|
2016-06-05 10:41:32 -04:00
|
|
|
nla_put_be16(skb, TCA_VLAN_PUSH_VLAN_PROTOCOL,
|
2017-11-07 15:49:05 -05:00
|
|
|
p->tcfv_push_proto) ||
|
2021-06-01 15:30:51 +03:00
|
|
|
(p->tcfv_push_prio_exists &&
|
|
|
|
|
nla_put_u8(skb, TCA_VLAN_PUSH_VLAN_PRIORITY, p->tcfv_push_prio))))
|
2014-11-19 14:05:03 +01:00
|
|
|
goto nla_put_failure;
|
|
|
|
|
|
2020-10-03 00:44:28 +02:00
|
|
|
if (p->tcfv_action == TCA_VLAN_ACT_PUSH_ETH) {
|
|
|
|
|
if (nla_put(skb, TCA_VLAN_PUSH_ETH_DST, ETH_ALEN,
|
|
|
|
|
p->tcfv_push_dst))
|
|
|
|
|
goto nla_put_failure;
|
|
|
|
|
if (nla_put(skb, TCA_VLAN_PUSH_ETH_SRC, ETH_ALEN,
|
|
|
|
|
p->tcfv_push_src))
|
|
|
|
|
goto nla_put_failure;
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-06 06:32:55 -04:00
|
|
|
tcf_tm_dump(&t, &v->tcf_tm);
|
2016-04-26 10:06:18 +02:00
|
|
|
if (nla_put_64bit(skb, TCA_VLAN_TM, sizeof(t), &t, TCA_VLAN_PAD))
|
2014-11-19 14:05:03 +01:00
|
|
|
goto nla_put_failure;
|
2018-08-14 21:46:16 +03:00
|
|
|
spin_unlock_bh(&v->tcf_lock);
|
2018-08-10 20:51:51 +03:00
|
|
|
|
2014-11-19 14:05:03 +01:00
|
|
|
return skb->len;
|
|
|
|
|
|
|
|
|
|
nla_put_failure:
|
2018-08-14 21:46:16 +03:00
|
|
|
spin_unlock_bh(&v->tcf_lock);
|
2014-11-19 14:05:03 +01:00
|
|
|
nlmsg_trim(skb, b);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-19 14:01:07 +08:00
|
|
|
static void tcf_vlan_stats_update(struct tc_action *a, u64 bytes, u64 packets,
|
|
|
|
|
u64 drops, u64 lastuse, bool hw)
|
2019-08-29 15:38:42 +02:00
|
|
|
{
|
|
|
|
|
struct tcf_vlan *v = to_vlan(a);
|
|
|
|
|
struct tcf_t *tm = &v->tcf_tm;
|
|
|
|
|
|
2020-06-19 14:01:07 +08:00
|
|
|
tcf_action_update_stats(a, bytes, packets, drops, hw);
|
2019-08-29 15:38:42 +02:00
|
|
|
tm->lastuse = max_t(u64, tm->lastuse, lastuse);
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-02 15:16:46 -04:00
|
|
|
static size_t tcf_vlan_get_fill_size(const struct tc_action *act)
|
|
|
|
|
{
|
|
|
|
|
return nla_total_size(sizeof(struct tc_vlan))
|
|
|
|
|
+ nla_total_size(sizeof(u16)) /* TCA_VLAN_PUSH_VLAN_ID */
|
|
|
|
|
+ nla_total_size(sizeof(u16)) /* TCA_VLAN_PUSH_VLAN_PROTOCOL */
|
|
|
|
|
+ nla_total_size(sizeof(u8)); /* TCA_VLAN_PUSH_VLAN_PRIORITY */
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-17 19:16:21 +01:00
|
|
|
static int tcf_vlan_offload_act_setup(struct tc_action *act, void *entry_data,
|
2022-04-07 10:35:22 +03:00
|
|
|
u32 *index_inc, bool bind,
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2021-12-17 19:16:21 +01:00
|
|
|
{
|
|
|
|
|
if (bind) {
|
|
|
|
|
struct flow_action_entry *entry = entry_data;
|
|
|
|
|
|
|
|
|
|
switch (tcf_vlan_action(act)) {
|
|
|
|
|
case TCA_VLAN_ACT_PUSH:
|
|
|
|
|
entry->id = FLOW_ACTION_VLAN_PUSH;
|
|
|
|
|
entry->vlan.vid = tcf_vlan_push_vid(act);
|
|
|
|
|
entry->vlan.proto = tcf_vlan_push_proto(act);
|
|
|
|
|
entry->vlan.prio = tcf_vlan_push_prio(act);
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_POP:
|
|
|
|
|
entry->id = FLOW_ACTION_VLAN_POP;
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_MODIFY:
|
|
|
|
|
entry->id = FLOW_ACTION_VLAN_MANGLE;
|
|
|
|
|
entry->vlan.vid = tcf_vlan_push_vid(act);
|
|
|
|
|
entry->vlan.proto = tcf_vlan_push_proto(act);
|
|
|
|
|
entry->vlan.prio = tcf_vlan_push_prio(act);
|
|
|
|
|
break;
|
2022-03-15 13:02:09 +02:00
|
|
|
case TCA_VLAN_ACT_POP_ETH:
|
|
|
|
|
entry->id = FLOW_ACTION_VLAN_POP_ETH;
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_PUSH_ETH:
|
|
|
|
|
entry->id = FLOW_ACTION_VLAN_PUSH_ETH;
|
|
|
|
|
tcf_vlan_push_eth(entry->vlan_push_eth.src, entry->vlan_push_eth.dst, act);
|
|
|
|
|
break;
|
2021-12-17 19:16:21 +01:00
|
|
|
default:
|
2022-04-07 10:35:30 +03:00
|
|
|
NL_SET_ERR_MSG_MOD(extack, "Unsupported vlan action mode offload");
|
2021-12-17 19:16:21 +01:00
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
*index_inc = 1;
|
|
|
|
|
} else {
|
2021-12-17 19:16:22 +01:00
|
|
|
struct flow_offload_action *fl_action = entry_data;
|
|
|
|
|
|
|
|
|
|
switch (tcf_vlan_action(act)) {
|
|
|
|
|
case TCA_VLAN_ACT_PUSH:
|
|
|
|
|
fl_action->id = FLOW_ACTION_VLAN_PUSH;
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_POP:
|
|
|
|
|
fl_action->id = FLOW_ACTION_VLAN_POP;
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_MODIFY:
|
|
|
|
|
fl_action->id = FLOW_ACTION_VLAN_MANGLE;
|
|
|
|
|
break;
|
2022-03-15 13:02:09 +02:00
|
|
|
case TCA_VLAN_ACT_POP_ETH:
|
|
|
|
|
fl_action->id = FLOW_ACTION_VLAN_POP_ETH;
|
|
|
|
|
break;
|
|
|
|
|
case TCA_VLAN_ACT_PUSH_ETH:
|
|
|
|
|
fl_action->id = FLOW_ACTION_VLAN_PUSH_ETH;
|
|
|
|
|
break;
|
2021-12-17 19:16:22 +01:00
|
|
|
default:
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
}
|
2021-12-17 19:16:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-19 14:05:03 +01:00
|
|
|
static struct tc_action_ops act_vlan_ops = {
|
|
|
|
|
.kind = "vlan",
|
2019-02-10 14:25:00 +02:00
|
|
|
.id = TCA_ID_VLAN,
|
2014-11-19 14:05:03 +01:00
|
|
|
.owner = THIS_MODULE,
|
2018-08-12 09:35:00 -04:00
|
|
|
.act = tcf_vlan_act,
|
2014-11-19 14:05:03 +01:00
|
|
|
.dump = tcf_vlan_dump,
|
|
|
|
|
.init = tcf_vlan_init,
|
2017-11-07 15:49:05 -05:00
|
|
|
.cleanup = tcf_vlan_cleanup,
|
2019-08-29 15:38:42 +02:00
|
|
|
.stats_update = tcf_vlan_stats_update,
|
2019-08-02 15:16:46 -04:00
|
|
|
.get_fill_size = tcf_vlan_get_fill_size,
|
2021-12-17 19:16:21 +01:00
|
|
|
.offload_act_setup = tcf_vlan_offload_act_setup,
|
2016-07-25 16:09:41 -07:00
|
|
|
.size = sizeof(struct tcf_vlan),
|
2016-02-22 15:57:53 -08:00
|
|
|
};
|
2024-02-01 14:09:41 +01:00
|
|
|
MODULE_ALIAS_NET_ACT("vlan");
|
2016-02-22 15:57:53 -08:00
|
|
|
|
|
|
|
|
static __net_init int vlan_init_net(struct net *net)
|
|
|
|
|
{
|
2022-09-08 12:14:33 +08:00
|
|
|
struct tc_action_net *tn = net_generic(net, act_vlan_ops.net_id);
|
2016-02-22 15:57:53 -08:00
|
|
|
|
2019-08-25 10:01:32 -07:00
|
|
|
return tc_action_net_init(net, tn, &act_vlan_ops);
|
2016-02-22 15:57:53 -08:00
|
|
|
}
|
|
|
|
|
|
2017-12-11 15:35:03 -08:00
|
|
|
static void __net_exit vlan_exit_net(struct list_head *net_list)
|
2016-02-22 15:57:53 -08:00
|
|
|
{
|
2022-09-08 12:14:33 +08:00
|
|
|
tc_action_net_exit(net_list, act_vlan_ops.net_id);
|
2016-02-22 15:57:53 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct pernet_operations vlan_net_ops = {
|
|
|
|
|
.init = vlan_init_net,
|
2017-12-11 15:35:03 -08:00
|
|
|
.exit_batch = vlan_exit_net,
|
2022-09-08 12:14:33 +08:00
|
|
|
.id = &act_vlan_ops.net_id,
|
2016-02-22 15:57:53 -08:00
|
|
|
.size = sizeof(struct tc_action_net),
|
2014-11-19 14:05:03 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int __init vlan_init_module(void)
|
|
|
|
|
{
|
2016-02-22 15:57:53 -08:00
|
|
|
return tcf_register_action(&act_vlan_ops, &vlan_net_ops);
|
2014-11-19 14:05:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void __exit vlan_cleanup_module(void)
|
|
|
|
|
{
|
2016-02-22 15:57:53 -08:00
|
|
|
tcf_unregister_action(&act_vlan_ops, &vlan_net_ops);
|
2014-11-19 14:05:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module_init(vlan_init_module);
|
|
|
|
|
module_exit(vlan_cleanup_module);
|
|
|
|
|
|
|
|
|
|
MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
|
|
|
|
|
MODULE_DESCRIPTION("vlan manipulation actions");
|
|
|
|
|
MODULE_LICENSE("GPL v2");
|