2005-04-16 15:20:36 -07:00
/*
* INET An implementation of the TCP / IP protocol suite for the LINUX
* operating system . INET is implemented using the BSD Socket
* interface as the means of communication with the user level .
*
* IPv4 Forwarding Information Base : policy rules .
*
* Authors : Alexey Kuznetsov , < kuznet @ ms2 . inr . ac . ru >
2006-08-04 03:39:22 -07:00
* Thomas Graf < tgraf @ suug . ch >
2005-04-16 15:20:36 -07:00
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version
* 2 of the License , or ( at your option ) any later version .
*
* Fixes :
* Rani Assaf : local_rule cannot be deleted
* Marc Boucher : routing by fwmark
*/
# include <linux/types.h>
# include <linux/kernel.h>
# include <linux/netdevice.h>
# include <linux/netlink.h>
2006-08-04 03:39:22 -07:00
# include <linux/inetdevice.h>
2005-04-16 15:20:36 -07:00
# include <linux/init.h>
2006-03-20 17:18:53 -08:00
# include <linux/list.h>
# include <linux/rcupdate.h>
2005-04-16 15:20:36 -07:00
# include <net/ip.h>
# include <net/route.h>
# include <net/tcp.h>
# include <net/ip_fib.h>
2006-08-04 03:39:22 -07:00
# include <net/fib_rules.h>
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
struct fib4_rule
2005-04-16 15:20:36 -07:00
{
2006-08-04 03:39:22 -07:00
struct fib_rule common ;
u8 dst_len ;
u8 src_len ;
u8 tos ;
2006-09-27 18:40:00 -07:00
__be32 src ;
__be32 srcmask ;
__be32 dst ;
__be32 dstmask ;
2005-04-16 15:20:36 -07:00
# ifdef CONFIG_NET_CLS_ROUTE
2006-08-04 03:39:22 -07:00
u32 tclassid ;
2005-04-16 15:20:36 -07:00
# endif
} ;
2006-08-04 03:39:22 -07:00
# ifdef CONFIG_NET_CLS_ROUTE
u32 fib_rules_tclass ( struct fib_result * res )
{
return res - > r ? ( ( struct fib4_rule * ) res - > r ) - > tclassid : 0 ;
}
# endif
2006-03-20 17:18:53 -08:00
2008-01-21 17:31:55 -08:00
int fib_lookup ( struct net * net , struct flowi * flp , struct fib_result * res )
2006-08-04 03:39:22 -07:00
{
struct fib_lookup_arg arg = {
. result = res ,
} ;
int err ;
2005-04-16 15:20:36 -07:00
2008-01-21 17:31:55 -08:00
err = fib_rules_lookup ( net - > ipv4 . rules_ops , flp , 0 , & arg ) ;
2006-08-04 03:39:22 -07:00
res - > r = arg . rule ;
2006-03-23 01:16:06 -08:00
2006-08-04 03:39:22 -07:00
return err ;
}
2006-08-07 21:50:48 -07:00
static int fib4_rule_action ( struct fib_rule * rule , struct flowi * flp ,
int flags , struct fib_lookup_arg * arg )
2005-04-16 15:20:36 -07:00
{
2006-08-04 03:39:22 -07:00
int err = - EAGAIN ;
struct fib_table * tbl ;
switch ( rule - > action ) {
case FR_ACT_TO_TBL :
break ;
case FR_ACT_UNREACHABLE :
err = - ENETUNREACH ;
goto errout ;
case FR_ACT_PROHIBIT :
err = - EACCES ;
goto errout ;
case FR_ACT_BLACKHOLE :
default :
err = - EINVAL ;
goto errout ;
2005-04-16 15:20:36 -07:00
}
2006-08-04 03:39:22 -07:00
2008-01-20 16:47:09 -08:00
if ( ( tbl = fib_get_table ( rule - > fr_net , rule - > table ) ) = = NULL )
2006-08-04 03:39:22 -07:00
goto errout ;
err = tbl - > tb_lookup ( tbl , flp , ( struct fib_result * ) arg - > result ) ;
if ( err > 0 )
err = - EAGAIN ;
errout :
2005-04-16 15:20:36 -07:00
return err ;
}
2006-08-04 03:39:22 -07:00
static int fib4_rule_match ( struct fib_rule * rule , struct flowi * fl , int flags )
{
struct fib4_rule * r = ( struct fib4_rule * ) rule ;
2006-09-27 18:40:00 -07:00
__be32 daddr = fl - > fl4_dst ;
__be32 saddr = fl - > fl4_src ;
2006-08-04 03:39:22 -07:00
if ( ( ( saddr ^ r - > src ) & r - > srcmask ) | |
( ( daddr ^ r - > dst ) & r - > dstmask ) )
return 0 ;
if ( r - > tos & & ( r - > tos ! = fl - > fl4_tos ) )
return 0 ;
return 1 ;
}
2005-04-16 15:20:36 -07:00
2008-01-10 03:24:11 -08:00
static struct fib_table * fib_empty_table ( struct net * net )
2005-04-16 15:20:36 -07:00
{
2006-08-10 23:08:33 -07:00
u32 id ;
2005-04-16 15:20:36 -07:00
for ( id = 1 ; id < = RT_TABLE_MAX ; id + + )
2008-01-10 03:24:11 -08:00
if ( fib_get_table ( net , id ) = = NULL )
return fib_new_table ( net , id ) ;
2005-04-16 15:20:36 -07:00
return NULL ;
}
2007-06-05 12:38:30 -07:00
static const struct nla_policy fib4_rule_policy [ FRA_MAX + 1 ] = {
2006-11-09 15:22:48 -08:00
FRA_GENERIC_POLICY ,
2006-08-04 03:39:22 -07:00
[ FRA_FLOW ] = { . type = NLA_U32 } ,
} ;
2006-03-20 17:18:53 -08:00
2006-08-04 03:39:22 -07:00
static int fib4_rule_configure ( struct fib_rule * rule , struct sk_buff * skb ,
struct nlmsghdr * nlh , struct fib_rule_hdr * frh ,
struct nlattr * * tb )
2005-04-16 15:20:36 -07:00
{
2008-01-10 03:27:51 -08:00
struct net * net = skb - > sk - > sk_net ;
2006-08-04 03:39:22 -07:00
int err = - EINVAL ;
struct fib4_rule * rule4 = ( struct fib4_rule * ) rule ;
2005-04-16 15:20:36 -07:00
2007-03-24 12:46:02 -07:00
if ( frh - > tos & ~ IPTOS_TOS_MASK )
2006-08-04 03:39:22 -07:00
goto errout ;
2006-03-20 17:18:53 -08:00
2006-08-04 03:39:22 -07:00
if ( rule - > table = = RT_TABLE_UNSPEC ) {
if ( rule - > action = = FR_ACT_TO_TBL ) {
struct fib_table * table ;
2005-04-16 15:20:36 -07:00
2008-01-10 03:27:51 -08:00
table = fib_empty_table ( net ) ;
2006-08-04 03:39:22 -07:00
if ( table = = NULL ) {
err = - ENOBUFS ;
goto errout ;
}
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
rule - > table = table - > tb_id ;
2005-04-16 15:20:36 -07:00
}
}
2007-03-24 12:46:02 -07:00
if ( frh - > src_len )
2006-09-27 18:40:27 -07:00
rule4 - > src = nla_get_be32 ( tb [ FRA_SRC ] ) ;
2006-03-20 17:18:53 -08:00
2007-03-24 12:46:02 -07:00
if ( frh - > dst_len )
2006-09-27 18:40:27 -07:00
rule4 - > dst = nla_get_be32 ( tb [ FRA_DST ] ) ;
2006-03-20 17:18:53 -08:00
2005-04-16 15:20:36 -07:00
# ifdef CONFIG_NET_CLS_ROUTE
2006-08-04 03:39:22 -07:00
if ( tb [ FRA_FLOW ] )
rule4 - > tclassid = nla_get_u32 ( tb [ FRA_FLOW ] ) ;
2005-04-16 15:20:36 -07:00
# endif
2006-08-04 03:39:22 -07:00
rule4 - > src_len = frh - > src_len ;
rule4 - > srcmask = inet_make_mask ( rule4 - > src_len ) ;
rule4 - > dst_len = frh - > dst_len ;
rule4 - > dstmask = inet_make_mask ( rule4 - > dst_len ) ;
rule4 - > tos = frh - > tos ;
2006-03-20 17:18:53 -08:00
2006-08-04 03:39:22 -07:00
err = 0 ;
errout :
return err ;
2005-04-16 15:20:36 -07:00
}
2006-08-04 03:39:22 -07:00
static int fib4_rule_compare ( struct fib_rule * rule , struct fib_rule_hdr * frh ,
struct nlattr * * tb )
2005-04-16 15:20:36 -07:00
{
2006-08-04 03:39:22 -07:00
struct fib4_rule * rule4 = ( struct fib4_rule * ) rule ;
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
if ( frh - > src_len & & ( rule4 - > src_len ! = frh - > src_len ) )
return 0 ;
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
if ( frh - > dst_len & & ( rule4 - > dst_len ! = frh - > dst_len ) )
return 0 ;
2006-03-20 17:18:53 -08:00
2006-08-04 03:39:22 -07:00
if ( frh - > tos & & ( rule4 - > tos ! = frh - > tos ) )
return 0 ;
2006-03-20 17:18:53 -08:00
2006-08-04 03:39:22 -07:00
# ifdef CONFIG_NET_CLS_ROUTE
if ( tb [ FRA_FLOW ] & & ( rule4 - > tclassid ! = nla_get_u32 ( tb [ FRA_FLOW ] ) ) )
return 0 ;
# endif
2005-04-16 15:20:36 -07:00
2007-03-24 12:46:02 -07:00
if ( frh - > src_len & & ( rule4 - > src ! = nla_get_be32 ( tb [ FRA_SRC ] ) ) )
2006-08-04 03:39:22 -07:00
return 0 ;
2005-04-16 15:20:36 -07:00
2007-03-24 12:46:02 -07:00
if ( frh - > dst_len & & ( rule4 - > dst ! = nla_get_be32 ( tb [ FRA_DST ] ) ) )
2006-08-04 03:39:22 -07:00
return 0 ;
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
return 1 ;
2005-04-16 15:20:36 -07:00
}
2006-08-04 03:39:22 -07:00
static int fib4_rule_fill ( struct fib_rule * rule , struct sk_buff * skb ,
struct nlmsghdr * nlh , struct fib_rule_hdr * frh )
{
struct fib4_rule * rule4 = ( struct fib4_rule * ) rule ;
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
frh - > family = AF_INET ;
frh - > dst_len = rule4 - > dst_len ;
frh - > src_len = rule4 - > src_len ;
frh - > tos = rule4 - > tos ;
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
if ( rule4 - > dst_len )
2006-09-27 18:40:27 -07:00
NLA_PUT_BE32 ( skb , FRA_DST , rule4 - > dst ) ;
2006-08-04 03:39:22 -07:00
if ( rule4 - > src_len )
2006-09-27 18:40:27 -07:00
NLA_PUT_BE32 ( skb , FRA_SRC , rule4 - > src ) ;
2006-08-04 03:39:22 -07:00
2005-04-16 15:20:36 -07:00
# ifdef CONFIG_NET_CLS_ROUTE
2006-08-04 03:39:22 -07:00
if ( rule4 - > tclassid )
NLA_PUT_U32 ( skb , FRA_FLOW , rule4 - > tclassid ) ;
2005-04-16 15:20:36 -07:00
# endif
2006-08-04 03:39:22 -07:00
return 0 ;
2005-04-16 15:20:36 -07:00
2006-08-04 03:39:22 -07:00
nla_put_failure :
return - ENOBUFS ;
2005-04-16 15:20:36 -07:00
}
2008-01-10 03:18:25 -08:00
static u32 fib4_rule_default_pref ( struct fib_rules_ops * ops )
2006-03-23 01:16:06 -08:00
{
2006-08-04 03:39:22 -07:00
struct list_head * pos ;
struct fib_rule * rule ;
2008-01-10 03:27:51 -08:00
if ( ! list_empty ( & ops - > rules_list ) ) {
pos = ops - > rules_list . next ;
if ( pos - > next ! = & ops - > rules_list ) {
2006-08-04 03:39:22 -07:00
rule = list_entry ( pos - > next , struct fib_rule , list ) ;
if ( rule - > pref )
return rule - > pref - 1 ;
}
2006-03-23 01:16:06 -08:00
}
2006-08-04 03:39:22 -07:00
return 0 ;
2006-03-23 01:16:06 -08:00
}
2006-11-10 14:10:15 -08:00
static size_t fib4_rule_nlmsg_payload ( struct fib_rule * rule )
{
return nla_total_size ( 4 ) /* dst */
+ nla_total_size ( 4 ) /* src */
+ nla_total_size ( 4 ) ; /* flow */
}
2007-03-27 13:56:52 -07:00
static void fib4_rule_flush_cache ( void )
{
2007-03-28 14:18:52 -07:00
rt_cache_flush ( - 1 ) ;
2007-03-27 13:56:52 -07:00
}
2008-01-10 03:27:51 -08:00
static struct fib_rules_ops fib4_rules_ops_template = {
2006-08-04 03:39:22 -07:00
. family = AF_INET ,
. rule_size = sizeof ( struct fib4_rule ) ,
2007-03-24 12:46:02 -07:00
. addr_size = sizeof ( u32 ) ,
2006-08-04 03:39:22 -07:00
. action = fib4_rule_action ,
. match = fib4_rule_match ,
. configure = fib4_rule_configure ,
. compare = fib4_rule_compare ,
. fill = fib4_rule_fill ,
. default_pref = fib4_rule_default_pref ,
2006-11-10 14:10:15 -08:00
. nlmsg_payload = fib4_rule_nlmsg_payload ,
2007-03-27 13:56:52 -07:00
. flush_cache = fib4_rule_flush_cache ,
2006-08-04 03:39:22 -07:00
. nlgroup = RTNLGRP_IPV4_RULE ,
. policy = fib4_rule_policy ,
. owner = THIS_MODULE ,
} ;
2008-01-10 03:27:51 -08:00
static int fib_default_rules_init ( struct fib_rules_ops * ops )
2005-04-16 15:20:36 -07:00
{
2007-11-10 22:12:03 -08:00
int err ;
2008-01-10 03:27:51 -08:00
err = fib_default_rule_add ( ops , 0 , RT_TABLE_LOCAL , FIB_RULE_PERMANENT ) ;
2007-11-10 22:12:03 -08:00
if ( err < 0 )
return err ;
2008-01-10 03:27:51 -08:00
err = fib_default_rule_add ( ops , 0x7FFE , RT_TABLE_MAIN , 0 ) ;
2007-11-10 22:12:03 -08:00
if ( err < 0 )
return err ;
2008-01-10 03:27:51 -08:00
err = fib_default_rule_add ( ops , 0x7FFF , RT_TABLE_DEFAULT , 0 ) ;
2007-11-10 22:12:03 -08:00
if ( err < 0 )
return err ;
return 0 ;
}
2005-04-16 15:20:36 -07:00
2008-01-10 03:22:17 -08:00
int __net_init fib4_rules_init ( struct net * net )
2007-11-10 22:12:03 -08:00
{
2008-01-10 03:21:49 -08:00
int err ;
2008-01-10 03:27:51 -08:00
struct fib_rules_ops * ops ;
ops = kmemdup ( & fib4_rules_ops_template , sizeof ( * ops ) , GFP_KERNEL ) ;
if ( ops = = NULL )
return - ENOMEM ;
INIT_LIST_HEAD ( & ops - > rules_list ) ;
2008-01-20 16:46:01 -08:00
ops - > fro_net = net ;
2008-01-20 16:46:41 -08:00
fib_rules_register ( ops ) ;
2008-01-10 03:21:49 -08:00
2008-01-10 03:27:51 -08:00
err = fib_default_rules_init ( ops ) ;
2008-01-10 03:21:49 -08:00
if ( err < 0 )
goto fail ;
2008-01-10 03:27:51 -08:00
net - > ipv4 . rules_ops = ops ;
2008-01-10 03:21:49 -08:00
return 0 ;
fail :
/* also cleans all rules already added */
2008-01-20 16:46:41 -08:00
fib_rules_unregister ( ops ) ;
2008-01-10 03:27:51 -08:00
kfree ( ops ) ;
2008-01-10 03:21:49 -08:00
return err ;
2005-04-16 15:20:36 -07:00
}
2008-01-10 03:22:17 -08:00
void __net_exit fib4_rules_exit ( struct net * net )
{
2008-01-20 16:46:41 -08:00
fib_rules_unregister ( net - > ipv4 . rules_ops ) ;
2008-01-10 03:27:51 -08:00
kfree ( net - > ipv4 . rules_ops ) ;
2008-01-10 03:22:17 -08:00
}