extern int register_tcf_proto_ops(struct tcf_proto_ops *ops);
extern int unregister_tcf_proto_ops(struct tcf_proto_ops *ops);
-extern int ing_filter(struct sk_buff *skb);
static inline unsigned long
__cls_set_class(unsigned long *clp, unsigned long cl)
tp->q->ops->cl_ops->unbind_tcf(tp->q, cl);
}
+struct tcf_exts
+{
#ifdef CONFIG_NET_CLS_ACT
+ struct tc_action *action;
+#elif defined CONFIG_NET_CLS_POLICE
+ struct tcf_police *police;
+#endif
+};
+
+/* Map to export classifier specific extension TLV types to the
+ * generic extensions API. Unsupported extensions must be set to 0.
+ */
+struct tcf_ext_map
+{
+ int action;
+ int police;
+};
+
+/**
+ * tcf_exts_is_predicative - check if a predicative extension is present
+ * @exts: tc filter extensions handle
+ *
+ * Returns 1 if a predicative extension is present, i.e. an extension which
+ * might cause further actions and thus overrule the regular tcf_result.
+ */
static inline int
-tcf_change_act_police(struct tcf_proto *tp, struct tc_action **action,
- struct rtattr *act_police_tlv, struct rtattr *rate_tlv)
+tcf_exts_is_predicative(struct tcf_exts *exts)
{
- int ret;
- struct tc_action *act;
+#ifdef CONFIG_NET_CLS_ACT
+ return !!exts->action;
+#elif defined CONFIG_NET_CLS_POLICE
+ return !!exts->police;
+#else
+ return 0;
+#endif
+}
- act = kmalloc(sizeof(*act), GFP_KERNEL);
- if (NULL == act)
- return -ENOMEM;
- memset(act, 0, sizeof(*act));
-
- ret = tcf_action_init_1(act_police_tlv, rate_tlv, act, "police",
- TCA_ACT_NOREPLACE, TCA_ACT_BIND);
- if (ret < 0) {
- tcf_action_destroy(act, TCA_ACT_UNBIND);
- return ret;
- }
+/**
+ * tcf_exts_is_available - check if at least one extension is present
+ * @exts: tc filter extensions handle
+ *
+ * Returns 1 if at least one extension is present.
+ */
+static inline int
+tcf_exts_is_available(struct tcf_exts *exts)
+{
+ /* All non-predicative extensions must be added here. */
+ return tcf_exts_is_predicative(exts);
+}
+
+/**
+ * tcf_exts_exec - execute tc filter extensions
+ * @skb: socket buffer
+ * @exts: tc filter extensions handle
+ * @res: desired result
+ *
+ * Executes all configured extensions. Returns 0 on a normal execution,
+ * a negative number if the filter must be considered unmatched or
+ * a positive action code (TC_ACT_*) which must be returned to the
+ * underlying layer.
+ */
+static inline int
+tcf_exts_exec(struct sk_buff *skb, struct tcf_exts *exts,
+ struct tcf_result *res)
+{
+#ifdef CONFIG_NET_CLS_ACT
+ if (exts->action)
+ return tcf_action_exec(skb, exts->action, res);
+#elif defined CONFIG_NET_CLS_POLICE
+ if (exts->police)
+ return tcf_police(skb, exts->police);
+#endif
+
+ return 0;
+}
- act->type = TCA_OLD_COMPAT;
+extern int tcf_exts_validate(struct tcf_proto *tp, struct rtattr **tb,
+ struct rtattr *rate_tlv, struct tcf_exts *exts,
+ struct tcf_ext_map *map);
+extern void tcf_exts_destroy(struct tcf_proto *tp, struct tcf_exts *exts);
+extern void tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst,
+ struct tcf_exts *src);
+extern int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts,
+ struct tcf_ext_map *map);
+extern int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts,
+ struct tcf_ext_map *map);
+
+/**
+ * struct tcf_pkt_info - packet information
+ */
+struct tcf_pkt_info
+{
+ unsigned char * ptr;
+ int nexthdr;
+};
- if (*action) {
- tcf_tree_lock(tp);
- act = xchg(action, act);
- tcf_tree_unlock(tp);
+#ifdef CONFIG_NET_EMATCH
- tcf_action_destroy(act, TCA_ACT_UNBIND);
- } else
- *action = act;
+struct tcf_ematch_ops;
- return 0;
+/**
+ * struct tcf_ematch - extended match (ematch)
+ *
+ * @matchid: identifier to allow userspace to reidentify a match
+ * @flags: flags specifying attributes and the relation to other matches
+ * @ops: the operations lookup table of the corresponding ematch module
+ * @datalen: length of the ematch specific configuration data
+ * @data: ematch specific data
+ */
+struct tcf_ematch
+{
+ struct tcf_ematch_ops * ops;
+ unsigned long data;
+ unsigned int datalen;
+ u16 matchid;
+ u16 flags;
+};
+
+static inline int tcf_em_is_container(struct tcf_ematch *em)
+{
+ return !em->ops;
}
-static inline int
-tcf_change_act(struct tcf_proto *tp, struct tc_action **action,
- struct rtattr *act_tlv, struct rtattr *rate_tlv)
-{
- int ret;
- struct tc_action *act;
-
- act = kmalloc(sizeof(*act), GFP_KERNEL);
- if (NULL == act)
- return -ENOMEM;
- memset(act, 0, sizeof(*act));
-
- ret = tcf_action_init(act_tlv, rate_tlv, act, NULL,
- TCA_ACT_NOREPLACE, TCA_ACT_BIND);
- if (ret < 0) {
- tcf_action_destroy(act, TCA_ACT_UNBIND);
- return ret;
- }
+static inline int tcf_em_is_simple(struct tcf_ematch *em)
+{
+ return em->flags & TCF_EM_SIMPLE;
+}
- if (*action) {
- tcf_tree_lock(tp);
- act = xchg(action, act);
- tcf_tree_unlock(tp);
+static inline int tcf_em_is_inverted(struct tcf_ematch *em)
+{
+ return em->flags & TCF_EM_INVERT;
+}
+
+static inline int tcf_em_last_match(struct tcf_ematch *em)
+{
+ return (em->flags & TCF_EM_REL_MASK) == TCF_EM_REL_END;
+}
- tcf_action_destroy(act, TCA_ACT_UNBIND);
- } else
- *action = act;
+static inline int tcf_em_early_end(struct tcf_ematch *em, int result)
+{
+ if (tcf_em_last_match(em))
+ return 1;
+
+ if (result == 0 && em->flags & TCF_EM_REL_AND)
+ return 1;
+
+ if (result != 0 && em->flags & TCF_EM_REL_OR)
+ return 1;
return 0;
}
+
+/**
+ * struct tcf_ematch_tree - ematch tree handle
+ *
+ * @hdr: ematch tree header supplied by userspace
+ * @matches: array of ematches
+ */
+struct tcf_ematch_tree
+{
+ struct tcf_ematch_tree_hdr hdr;
+ struct tcf_ematch * matches;
+
+};
-static inline int
-tcf_dump_act(struct sk_buff *skb, struct tc_action *action,
- int act_type, int compat_type)
-{
- /*
- * again for backward compatible mode - we want
- * to work with both old and new modes of entering
- * tc data even if iproute2 was newer - jhs
- */
- if (action) {
- struct rtattr * p_rta = (struct rtattr*) skb->tail;
-
- if (action->type != TCA_OLD_COMPAT) {
- RTA_PUT(skb, act_type, 0, NULL);
- if (tcf_action_dump(skb, action, 0, 0) < 0)
- goto rtattr_failure;
- } else {
- RTA_PUT(skb, compat_type, 0, NULL);
- if (tcf_action_dump_old(skb, action, 0, 0) < 0)
- goto rtattr_failure;
- }
-
- p_rta->rta_len = skb->tail - (u8*)p_rta;
+/**
+ * struct tcf_ematch_ops - ematch module operations
+ *
+ * @kind: identifier (kind) of this ematch module
+ * @datalen: length of expected configuration data (optional)
+ * @change: called during validation (optional)
+ * @match: called during ematch tree evaluation, must return 1/0
+ * @destroy: called during destroyage (optional)
+ * @dump: called during dumping process (optional)
+ * @owner: owner, must be set to THIS_MODULE
+ * @link: link to previous/next ematch module (internal use)
+ */
+struct tcf_ematch_ops
+{
+ int kind;
+ int datalen;
+ int (*change)(struct tcf_proto *, void *,
+ int, struct tcf_ematch *);
+ int (*match)(struct sk_buff *, struct tcf_ematch *,
+ struct tcf_pkt_info *);
+ void (*destroy)(struct tcf_proto *,
+ struct tcf_ematch *);
+ int (*dump)(struct sk_buff *, struct tcf_ematch *);
+ struct module *owner;
+ struct list_head link;
+};
+
+extern int tcf_em_register(struct tcf_ematch_ops *);
+extern int tcf_em_unregister(struct tcf_ematch_ops *);
+extern int tcf_em_tree_validate(struct tcf_proto *, struct rtattr *,
+ struct tcf_ematch_tree *);
+extern void tcf_em_tree_destroy(struct tcf_proto *, struct tcf_ematch_tree *);
+extern int tcf_em_tree_dump(struct sk_buff *, struct tcf_ematch_tree *, int);
+extern int __tcf_em_tree_match(struct sk_buff *, struct tcf_ematch_tree *,
+ struct tcf_pkt_info *);
+
+/**
+ * tcf_em_tree_change - replace ematch tree of a running classifier
+ *
+ * @tp: classifier kind handle
+ * @dst: destination ematch tree variable
+ * @src: source ematch tree (temporary tree from tcf_em_tree_validate)
+ *
+ * This functions replaces the ematch tree in @dst with the ematch
+ * tree in @src. The classifier in charge of the ematch tree may be
+ * running.
+ */
+static inline void tcf_em_tree_change(struct tcf_proto *tp,
+ struct tcf_ematch_tree *dst,
+ struct tcf_ematch_tree *src)
+{
+ tcf_tree_lock(tp);
+ memcpy(dst, src, sizeof(*dst));
+ tcf_tree_unlock(tp);
+}
+
+/**
+ * tcf_em_tree_match - evaulate an ematch tree
+ *
+ * @skb: socket buffer of the packet in question
+ * @tree: ematch tree to be used for evaluation
+ * @info: packet information examined by classifier
+ *
+ * This function matches @skb against the ematch tree in @tree by going
+ * through all ematches respecting their logic relations returning
+ * as soon as the result is obvious.
+ *
+ * Returns 1 if the ematch tree as-one matches, no ematches are configured
+ * or ematch is not enabled in the kernel, otherwise 0 is returned.
+ */
+static inline int tcf_em_tree_match(struct sk_buff *skb,
+ struct tcf_ematch_tree *tree,
+ struct tcf_pkt_info *info)
+{
+ if (tree->hdr.nmatches)
+ return __tcf_em_tree_match(skb, tree, info);
+ else
+ return 1;
+}
+
+#else /* CONFIG_NET_EMATCH */
+
+struct tcf_ematch_tree
+{
+};
+
+#define tcf_em_tree_validate(tp, tb, t) ((void)(t), 0)
+#define tcf_em_tree_destroy(tp, t) do { (void)(t); } while(0)
+#define tcf_em_tree_dump(skb, t, tlv) (0)
+#define tcf_em_tree_change(tp, dst, src) do { } while(0)
+#define tcf_em_tree_match(skb, t, info) ((void)(info), 1)
+
+#endif /* CONFIG_NET_EMATCH */
+
+static inline unsigned char * tcf_get_base_ptr(struct sk_buff *skb, int layer)
+{
+ switch (layer) {
+ case TCF_LAYER_LINK:
+ return skb->data;
+ case TCF_LAYER_NETWORK:
+ return skb->nh.raw;
+ case TCF_LAYER_TRANSPORT:
+ return skb->h.raw;
}
- return 0;
-rtattr_failure:
- return -1;
+ return NULL;
+}
+
+static inline int tcf_valid_offset(struct sk_buff *skb, unsigned char *ptr,
+ int len)
+{
+ return unlikely((ptr + len) < skb->tail && ptr > skb->head);
}
-#endif /* CONFIG_NET_CLS_ACT */
#ifdef CONFIG_NET_CLS_IND
static inline int
tcf_change_indev(struct tcf_proto *tp, char *indev, struct rtattr *indev_tlv)
{
- if (RTA_PAYLOAD(indev_tlv) >= IFNAMSIZ) {
- printk("cls: bad indev name %s\n", (char *) RTA_DATA(indev_tlv));
+ if (rtattr_strlcpy(indev, indev_tlv, IFNAMSIZ) >= IFNAMSIZ)
return -EINVAL;
- }
-
- memset(indev, 0, IFNAMSIZ);
- sprintf(indev, "%s", (char *) RTA_DATA(indev_tlv));
-
return 0;
}
}
#endif /* CONFIG_NET_CLS_IND */
-#ifdef CONFIG_NET_CLS_POLICE
-static inline int
-tcf_change_police(struct tcf_proto *tp, struct tcf_police **police,
- struct rtattr *police_tlv, struct rtattr *rate_tlv)
-{
- struct tcf_police *p = tcf_police_locate(police_tlv, rate_tlv);
-
- if (*police) {
- tcf_tree_lock(tp);
- p = xchg(police, p);
- tcf_tree_unlock(tp);
-
- tcf_police_release(p, TCA_ACT_UNBIND);
- } else
- *police = p;
-
- return 0;
-}
-
-static inline int
-tcf_dump_police(struct sk_buff *skb, struct tcf_police *police,
- int police_type)
-{
- if (police) {
- struct rtattr * p_rta = (struct rtattr*) skb->tail;
-
- RTA_PUT(skb, police_type, 0, NULL);
-
- if (tcf_police_dump(skb, police) < 0)
- goto rtattr_failure;
-
- p_rta->rta_len = skb->tail - (u8*)p_rta;
- }
- return 0;
-
-rtattr_failure:
- return -1;
-}
-#endif /* CONFIG_NET_CLS_POLICE */
-
#endif
git://git.onelab.eu / linux-2.6.git / blobdiff