net/sched/sch_ingress.c

   1 /* net/sched/sch_ingress.c - Ingress qdisc
   2  *              This program is free software; you can redistribute it and/or
   3  *              modify it under the terms of the GNU General Public License
   4  *              as published by the Free Software Foundation; either version
   5  *              2 of the License, or (at your option) any later version.
   6  *
   7  * Authors:     Jamal Hadi Salim 1999
   8  */
   9
  10 #include <linux/module.h>
  11 #include <linux/types.h>
  12 #include <linux/list.h>
  13 #include <linux/skbuff.h>
  14 #include <linux/rtnetlink.h>
  15 #include <linux/netfilter_ipv4.h>
  16 #include <linux/netfilter_ipv6.h>
  17 #include <linux/netfilter.h>
  18 #include <net/netlink.h>
  19 #include <net/pkt_sched.h>
  20
  21
  22 /* Thanks to Doron Oz for this hack */
  23 #ifndef CONFIG_NET_CLS_ACT
  24 #ifdef CONFIG_NETFILTER
  25 static int nf_registered;
  26 #endif
  27 #endif
  28
  29 struct ingress_qdisc_data {
  30         struct tcf_proto        *filter_list;
  31 };
  32
  33 /* ------------------------- Class/flow operations ------------------------- */
  34
  35 static int ingress_graft(struct Qdisc *sch, unsigned long arg,
  36                          struct Qdisc *new, struct Qdisc **old)
  37 {
  38         return -EOPNOTSUPP;
  39 }
  40
  41 static struct Qdisc *ingress_leaf(struct Qdisc *sch, unsigned long arg)
  42 {
  43         return NULL;
  44 }
  45
  46 static unsigned long ingress_get(struct Qdisc *sch, u32 classid)
  47 {
  48         return TC_H_MIN(classid) + 1;
  49 }
  50
  51 static unsigned long ingress_bind_filter(struct Qdisc *sch,
  52                                          unsigned long parent, u32 classid)
  53 {
  54         return ingress_get(sch, classid);
  55 }
  56
  57 static void ingress_put(struct Qdisc *sch, unsigned long cl)
  58 {
  59 }
  60
  61 static int ingress_change(struct Qdisc *sch, u32 classid, u32 parent,
  62                           struct rtattr **tca, unsigned long *arg)
  63 {
  64         return 0;
  65 }
  66
  67 static void ingress_walk(struct Qdisc *sch, struct qdisc_walker *walker)
  68 {
  69         return;
  70 }
  71
  72 static struct tcf_proto **ingress_find_tcf(struct Qdisc *sch, unsigned long cl)
  73 {
  74         struct ingress_qdisc_data *p = qdisc_priv(sch);
  75
  76         return &p->filter_list;
  77 }
  78
  79 /* --------------------------- Qdisc operations ---------------------------- */
  80
  81 static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
  82 {
  83         struct ingress_qdisc_data *p = qdisc_priv(sch);
  84         struct tcf_result res;
  85         int result;
  86
  87         result = tc_classify(skb, p->filter_list, &res);
  88
  89         /*
  90          * Unlike normal "enqueue" functions, ingress_enqueue returns a
  91          * firewall FW_* code.
  92          */
  93 #ifdef CONFIG_NET_CLS_ACT
  94         sch->bstats.packets++;
  95         sch->bstats.bytes += skb->len;
  96         switch (result) {
  97         case TC_ACT_SHOT:
  98                 result = TC_ACT_SHOT;
  99                 sch->qstats.drops++;
 100                 break;
 101         case TC_ACT_STOLEN:
 102         case TC_ACT_QUEUED:
 103                 result = TC_ACT_STOLEN;
 104                 break;
 105         case TC_ACT_RECLASSIFY:
 106         case TC_ACT_OK:
 107                 skb->tc_index = TC_H_MIN(res.classid);
 108         default:
 109                 result = TC_ACT_OK;
 110                 break;
 111         }
 112 #else
 113         result = NF_ACCEPT;
 114         sch->bstats.packets++;
 115         sch->bstats.bytes += skb->len;
 116 #endif
 117
 118         return result;
 119 }
 120
 121 #ifndef CONFIG_NET_CLS_ACT
 122 #ifdef CONFIG_NETFILTER
 123 static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb,
 124                              const struct net_device *indev,
 125                              const struct net_device *outdev,
 126                              int (*okfn)(struct sk_buff *))
 127 {
 128
 129         struct Qdisc *q;
 130         struct net_device *dev = skb->dev;
 131         int fwres = NF_ACCEPT;
 132
 133         if (dev->qdisc_ingress) {
 134                 spin_lock(&dev->ingress_lock);
 135                 if ((q = dev->qdisc_ingress) != NULL)
 136                         fwres = q->enqueue(skb, q);
 137                 spin_unlock(&dev->ingress_lock);
 138         }
 139
 140         return fwres;
 141 }
 142
 143 /* after ipt_filter */
 144 static struct nf_hook_ops ing_ops[] __read_mostly = {
 145         {
 146                 .hook           = ing_hook,
 147                 .owner          = THIS_MODULE,
 148                 .pf             = PF_INET,
 149                 .hooknum        = NF_INET_PRE_ROUTING,
 150                 .priority       = NF_IP_PRI_FILTER + 1,
 151         },
 152         {
 153                 .hook           = ing_hook,
 154                 .owner          = THIS_MODULE,
 155                 .pf             = PF_INET6,
 156                 .hooknum        = NF_INET_PRE_ROUTING,
 157                 .priority       = NF_IP6_PRI_FILTER + 1,
 158         },
 159 };
 160 #endif
 161 #endif
 162
 163 static int ingress_init(struct Qdisc *sch, struct rtattr *opt)
 164 {
 165 #ifndef CONFIG_NET_CLS_ACT
 166 #ifdef CONFIG_NETFILTER
 167         printk("Ingress scheduler: Classifier actions prefered over netfilter\n");
 168
 169         if (!nf_registered) {
 170                 if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
 171                         printk("ingress qdisc registration error \n");
 172                         return -EINVAL;
 173                 }
 174                 nf_registered++;
 175         }
 176 #endif
 177 #endif
 178         return 0;
 179 }
 180
 181 /* ------------------------------------------------------------- */
 182
 183 static void ingress_destroy(struct Qdisc *sch)
 184 {
 185         struct ingress_qdisc_data *p = qdisc_priv(sch);
 186
 187         tcf_destroy_chain(p->filter_list);
 188 }
 189
 190 static int ingress_dump(struct Qdisc *sch, struct sk_buff *skb)
 191 {
 192         unsigned char *b = skb_tail_pointer(skb);
 193         struct rtattr *rta;
 194
 195         rta = (struct rtattr *)b;
 196         RTA_PUT(skb, TCA_OPTIONS, 0, NULL);
 197         rta->rta_len = skb_tail_pointer(skb) - b;
 198         return skb->len;
 199
 200 rtattr_failure:
 201         nlmsg_trim(skb, b);
 202         return -1;
 203 }
 204
 205 static const struct Qdisc_class_ops ingress_class_ops = {
 206         .graft          =       ingress_graft,
 207         .leaf           =       ingress_leaf,
 208         .get            =       ingress_get,
 209         .put            =       ingress_put,
 210         .change         =       ingress_change,
 211         .walk           =       ingress_walk,
 212         .tcf_chain      =       ingress_find_tcf,
 213         .bind_tcf       =       ingress_bind_filter,
 214         .unbind_tcf     =       ingress_put,
 215 };
 216
 217 static struct Qdisc_ops ingress_qdisc_ops __read_mostly = {
 218         .cl_ops         =       &ingress_class_ops,
 219         .id             =       "ingress",
 220         .priv_size      =       sizeof(struct ingress_qdisc_data),
 221         .enqueue        =       ingress_enqueue,
 222         .init           =       ingress_init,
 223         .destroy        =       ingress_destroy,
 224         .dump           =       ingress_dump,
 225         .owner          =       THIS_MODULE,
 226 };
 227
 228 static int __init ingress_module_init(void)
 229 {
 230         int ret = 0;
 231
 232         if ((ret = register_qdisc(&ingress_qdisc_ops)) < 0) {
 233                 printk("Unable to register Ingress qdisc\n");
 234                 return ret;
 235         }
 236
 237         return ret;
 238 }
 239
 240 static void __exit ingress_module_exit(void)
 241 {
 242         unregister_qdisc(&ingress_qdisc_ops);
 243 #ifndef CONFIG_NET_CLS_ACT
 244 #ifdef CONFIG_NETFILTER
 245         if (nf_registered)
 246                 nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
 247 #endif
 248 #endif
 249 }
 250
 251 module_init(ingress_module_init)
 252 module_exit(ingress_module_exit)
 253 MODULE_LICENSE("GPL");