2006-08-04 14:38:38 +04:00
|
|
|
#ifndef __NET_FIB_RULES_H
|
|
|
|
#define __NET_FIB_RULES_H
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 11:04:11 +03:00
|
|
|
#include <linux/slab.h>
|
2006-08-04 14:38:38 +04:00
|
|
|
#include <linux/netdevice.h>
|
|
|
|
#include <linux/fib_rules.h>
|
2017-06-30 13:08:06 +03:00
|
|
|
#include <linux/refcount.h>
|
2006-08-04 14:38:38 +04:00
|
|
|
#include <net/flow.h>
|
2007-03-26 10:20:05 +04:00
|
|
|
#include <net/rtnetlink.h>
|
2017-08-03 14:28:14 +03:00
|
|
|
#include <net/fib_notifier.h>
|
2006-08-04 14:38:38 +04:00
|
|
|
|
2016-11-03 20:23:42 +03:00
|
|
|
struct fib_kuid_range {
|
|
|
|
kuid_t start;
|
|
|
|
kuid_t end;
|
|
|
|
};
|
|
|
|
|
2009-11-03 06:26:03 +03:00
|
|
|
struct fib_rule {
|
2006-08-04 14:38:38 +04:00
|
|
|
struct list_head list;
|
2009-12-03 04:25:54 +03:00
|
|
|
int iifindex;
|
2009-12-03 04:25:56 +03:00
|
|
|
int oifindex;
|
2006-11-10 02:22:18 +03:00
|
|
|
u32 mark;
|
|
|
|
u32 mark_mask;
|
2006-08-04 14:38:38 +04:00
|
|
|
u32 flags;
|
|
|
|
u32 table;
|
|
|
|
u8 action;
|
2016-06-08 20:55:39 +03:00
|
|
|
u8 l3mdev;
|
|
|
|
/* 2 bytes hole, try to use */
|
2007-03-27 04:14:15 +04:00
|
|
|
u32 target;
|
2015-07-21 11:44:01 +03:00
|
|
|
__be64 tun_id;
|
2010-10-26 13:24:55 +04:00
|
|
|
struct fib_rule __rcu *ctarget;
|
2013-08-03 22:50:35 +04:00
|
|
|
struct net *fr_net;
|
|
|
|
|
2017-06-30 13:08:06 +03:00
|
|
|
refcount_t refcnt;
|
2013-08-03 22:50:35 +04:00
|
|
|
u32 pref;
|
|
|
|
int suppress_ifgroup;
|
|
|
|
int suppress_prefixlen;
|
2009-12-03 04:25:54 +03:00
|
|
|
char iifname[IFNAMSIZ];
|
2009-12-03 04:25:56 +03:00
|
|
|
char oifname[IFNAMSIZ];
|
2016-11-03 20:23:42 +03:00
|
|
|
struct fib_kuid_range uid_range;
|
2006-08-04 14:38:38 +04:00
|
|
|
struct rcu_head rcu;
|
|
|
|
};
|
|
|
|
|
2009-11-03 06:26:03 +03:00
|
|
|
struct fib_lookup_arg {
|
2006-08-04 14:38:38 +04:00
|
|
|
void *lookup_ptr;
|
|
|
|
void *result;
|
|
|
|
struct fib_rule *rule;
|
2016-06-08 20:55:39 +03:00
|
|
|
u32 table;
|
2010-10-05 14:41:36 +04:00
|
|
|
int flags;
|
2015-06-23 20:45:37 +03:00
|
|
|
#define FIB_LOOKUP_NOREF 1
|
|
|
|
#define FIB_LOOKUP_IGNORE_LINKSTATE 2
|
2006-08-04 14:38:38 +04:00
|
|
|
};
|
|
|
|
|
2009-11-03 06:26:03 +03:00
|
|
|
struct fib_rules_ops {
|
2006-08-04 14:38:38 +04:00
|
|
|
int family;
|
|
|
|
struct list_head list;
|
|
|
|
int rule_size;
|
2007-03-24 22:46:02 +03:00
|
|
|
int addr_size;
|
2007-03-27 04:14:15 +04:00
|
|
|
int unresolved_rules;
|
|
|
|
int nr_goto_rules;
|
2017-08-03 14:28:14 +03:00
|
|
|
unsigned int fib_rules_seq;
|
2006-08-04 14:38:38 +04:00
|
|
|
|
|
|
|
int (*action)(struct fib_rule *,
|
|
|
|
struct flowi *, int,
|
|
|
|
struct fib_lookup_arg *);
|
2013-08-01 04:17:15 +04:00
|
|
|
bool (*suppress)(struct fib_rule *,
|
|
|
|
struct fib_lookup_arg *);
|
2006-08-04 14:38:38 +04:00
|
|
|
int (*match)(struct fib_rule *,
|
|
|
|
struct flowi *, int);
|
|
|
|
int (*configure)(struct fib_rule *,
|
|
|
|
struct sk_buff *,
|
|
|
|
struct fib_rule_hdr *,
|
|
|
|
struct nlattr **);
|
2015-03-07 00:47:00 +03:00
|
|
|
int (*delete)(struct fib_rule *);
|
2006-08-04 14:38:38 +04:00
|
|
|
int (*compare)(struct fib_rule *,
|
|
|
|
struct fib_rule_hdr *,
|
|
|
|
struct nlattr **);
|
|
|
|
int (*fill)(struct fib_rule *, struct sk_buff *,
|
|
|
|
struct fib_rule_hdr *);
|
2006-11-11 01:10:15 +03:00
|
|
|
size_t (*nlmsg_payload)(struct fib_rule *);
|
2006-08-04 14:38:38 +04:00
|
|
|
|
2007-03-28 00:56:52 +04:00
|
|
|
/* Called after modifications to the rules set, must flush
|
|
|
|
* the route cache if one exists. */
|
2008-07-06 06:01:28 +04:00
|
|
|
void (*flush_cache)(struct fib_rules_ops *ops);
|
2007-03-28 00:56:52 +04:00
|
|
|
|
2006-08-04 14:38:38 +04:00
|
|
|
int nlgroup;
|
2007-06-05 23:38:30 +04:00
|
|
|
const struct nla_policy *policy;
|
2007-09-17 02:44:27 +04:00
|
|
|
struct list_head rules_list;
|
2006-08-04 14:38:38 +04:00
|
|
|
struct module *owner;
|
2008-01-21 03:46:01 +03:00
|
|
|
struct net *fro_net;
|
2009-12-03 23:22:55 +03:00
|
|
|
struct rcu_head rcu;
|
2006-08-04 14:38:38 +04:00
|
|
|
};
|
|
|
|
|
2017-08-03 14:28:14 +03:00
|
|
|
struct fib_rule_notifier_info {
|
|
|
|
struct fib_notifier_info info; /* must be first */
|
|
|
|
struct fib_rule *rule;
|
|
|
|
};
|
|
|
|
|
2006-11-10 02:22:48 +03:00
|
|
|
#define FRA_GENERIC_POLICY \
|
2009-12-03 04:25:54 +03:00
|
|
|
[FRA_IIFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
|
2009-12-03 04:25:56 +03:00
|
|
|
[FRA_OIFNAME] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
|
2006-11-10 02:22:48 +03:00
|
|
|
[FRA_PRIORITY] = { .type = NLA_U32 }, \
|
|
|
|
[FRA_FWMARK] = { .type = NLA_U32 }, \
|
|
|
|
[FRA_FWMASK] = { .type = NLA_U32 }, \
|
2007-03-27 04:14:15 +04:00
|
|
|
[FRA_TABLE] = { .type = NLA_U32 }, \
|
2013-08-03 16:14:43 +04:00
|
|
|
[FRA_SUPPRESS_PREFIXLEN] = { .type = NLA_U32 }, \
|
2013-08-02 19:19:56 +04:00
|
|
|
[FRA_SUPPRESS_IFGROUP] = { .type = NLA_U32 }, \
|
2016-06-08 20:55:39 +03:00
|
|
|
[FRA_GOTO] = { .type = NLA_U32 }, \
|
2016-11-03 20:23:42 +03:00
|
|
|
[FRA_L3MDEV] = { .type = NLA_U8 }, \
|
|
|
|
[FRA_UID_RANGE] = { .len = sizeof(struct fib_rule_uid_range) }
|
2006-11-10 02:22:48 +03:00
|
|
|
|
2006-08-04 14:38:38 +04:00
|
|
|
static inline void fib_rule_get(struct fib_rule *rule)
|
|
|
|
{
|
2017-06-30 13:08:06 +03:00
|
|
|
refcount_inc(&rule->refcnt);
|
2006-08-04 14:38:38 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static inline void fib_rule_put(struct fib_rule *rule)
|
|
|
|
{
|
2017-06-30 13:08:06 +03:00
|
|
|
if (refcount_dec_and_test(&rule->refcnt))
|
2015-03-12 07:04:08 +03:00
|
|
|
kfree_rcu(rule, rcu);
|
2006-08-04 14:38:38 +04:00
|
|
|
}
|
|
|
|
|
2016-06-08 20:55:39 +03:00
|
|
|
#ifdef CONFIG_NET_L3_MASTER_DEV
|
|
|
|
static inline u32 fib_rule_get_table(struct fib_rule *rule,
|
|
|
|
struct fib_lookup_arg *arg)
|
|
|
|
{
|
|
|
|
return rule->l3mdev ? arg->table : rule->table;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
static inline u32 fib_rule_get_table(struct fib_rule *rule,
|
|
|
|
struct fib_lookup_arg *arg)
|
|
|
|
{
|
|
|
|
return rule->table;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2006-08-11 10:09:48 +04:00
|
|
|
static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
|
|
|
|
{
|
|
|
|
if (nla[FRA_TABLE])
|
|
|
|
return nla_get_u32(nla[FRA_TABLE]);
|
|
|
|
return frh->table;
|
|
|
|
}
|
|
|
|
|
2013-09-20 22:23:23 +04:00
|
|
|
struct fib_rules_ops *fib_rules_register(const struct fib_rules_ops *,
|
|
|
|
struct net *);
|
|
|
|
void fib_rules_unregister(struct fib_rules_ops *);
|
2006-08-04 14:38:38 +04:00
|
|
|
|
2013-09-20 22:23:23 +04:00
|
|
|
int fib_rules_lookup(struct fib_rules_ops *, struct flowi *, int flags,
|
|
|
|
struct fib_lookup_arg *);
|
|
|
|
int fib_default_rule_add(struct fib_rules_ops *, u32 pref, u32 table,
|
|
|
|
u32 flags);
|
ipv4: fib_rules: Check if rule is a default rule
Currently, when non-default (custom) FIB rules are used, devices capable
of layer 3 offloading flush their tables and let the kernel do the
forwarding instead.
When these devices' drivers are loaded they register to the FIB
notification chain, which lets them know about the existence of any
custom FIB rules. This is done by sending a RULE_ADD notification based
on the value of 'net->ipv4.fib_has_custom_rules'.
This approach is problematic when VRF offload is taken into account, as
upon the creation of the first VRF netdev, a l3mdev rule is programmed
to direct skbs to the VRF's table.
Instead of merely reading the above value and sending a single RULE_ADD
notification, we should iterate over all the FIB rules and send a
detailed notification for each, thereby allowing offloading drivers to
sanitize the rules they don't support and potentially flush their
tables.
While l3mdev rules are uniquely marked, the default rules are not.
Therefore, when they are being notified they might invoke offloading
drivers to unnecessarily flush their tables.
Solve this by adding an helper to check if a FIB rule is a default rule.
Namely, its selector should match all packets and its action should
point to the local, main or default tables.
As noted by David Ahern, uniquely marking the default rules is
insufficient. When using VRFs, it's common to avoid false hits by moving
the rule for the local table to just before the main table:
Default configuration:
$ ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Common configuration with VRFs:
$ ip rule show
1000: from all lookup [l3mdev-table]
32765: from all lookup local
32766: from all lookup main
32767: from all lookup default
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-16 11:08:12 +03:00
|
|
|
bool fib_rule_matchall(const struct fib_rule *rule);
|
2017-08-03 14:28:14 +03:00
|
|
|
int fib_rules_dump(struct net *net, struct notifier_block *nb, int family);
|
|
|
|
unsigned int fib_rules_seq_read(struct net *net, int family);
|
2016-06-08 20:55:39 +03:00
|
|
|
|
2017-04-16 19:48:24 +03:00
|
|
|
int fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr *nlh,
|
|
|
|
struct netlink_ext_ack *extack);
|
|
|
|
int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr *nlh,
|
|
|
|
struct netlink_ext_ack *extack);
|
2006-08-04 14:38:38 +04:00
|
|
|
#endif
|