net/sched/sch_ingress.c

   1 /* net/sched/sch_ingress.c - Ingress qdisc
   2  *              This program is free software; you can redistribute it and/or
   3  *              modify it under the terms of the GNU General Public License
   4  *              as published by the Free Software Foundation; either version
   5  *              2 of the License, or (at your option) any later version.
   6  *
   7  * Authors:     Jamal Hadi Salim 1999
   8  */
   9
  10 #include <linux/module.h>
  11 #include <linux/types.h>
  12 #include <linux/list.h>
  13 #include <linux/skbuff.h>
  14 #include <linux/rtnetlink.h>
  15 #include <linux/netfilter_ipv4.h>
  16 #include <linux/netfilter_ipv6.h>
  17 #include <linux/netfilter.h>
  18 #include <net/netlink.h>
  19 #include <net/pkt_sched.h>
  20
  21
  22 /* Thanks to Doron Oz for this hack */
  23 #ifndef CONFIG_NET_CLS_ACT
  24 #ifdef CONFIG_NETFILTER
  25 static int nf_registered;
  26 #endif
  27 #endif
  28
  29 struct ingress_qdisc_data {
  30         struct Qdisc            *q;
  31         struct tcf_proto        *filter_list;
  32 };
  33
  34 /* ------------------------- Class/flow operations ------------------------- */
  35
  36 static int ingress_graft(struct Qdisc *sch, unsigned long arg,
  37                          struct Qdisc *new, struct Qdisc **old)
  38 {
  39         return 1;
  40 }
  41
  42 static struct Qdisc *ingress_leaf(struct Qdisc *sch, unsigned long arg)
  43 {
  44         return NULL;
  45 }
  46
  47 static unsigned long ingress_get(struct Qdisc *sch, u32 classid)
  48 {
  49         return TC_H_MIN(classid) + 1;
  50 }
  51
  52 static unsigned long ingress_bind_filter(struct Qdisc *sch,
  53                                          unsigned long parent, u32 classid)
  54 {
  55         return ingress_get(sch, classid);
  56 }
  57
  58 static void ingress_put(struct Qdisc *sch, unsigned long cl)
  59 {
  60 }
  61
  62 static int ingress_change(struct Qdisc *sch, u32 classid, u32 parent,
  63                           struct rtattr **tca, unsigned long *arg)
  64 {
  65         return 0;
  66 }
  67
  68 static void ingress_walk(struct Qdisc *sch, struct qdisc_walker *walker)
  69 {
  70         return;
  71 }
  72
  73 static struct tcf_proto **ingress_find_tcf(struct Qdisc *sch, unsigned long cl)
  74 {
  75         struct ingress_qdisc_data *p = qdisc_priv(sch);
  76
  77         return &p->filter_list;
  78 }
  79
  80 /* --------------------------- Qdisc operations ---------------------------- */
  81
  82 static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
  83 {
  84         struct ingress_qdisc_data *p = qdisc_priv(sch);
  85         struct tcf_result res;
  86         int result;
  87
  88         result = tc_classify(skb, p->filter_list, &res);
  89
  90         /*
  91          * Unlike normal "enqueue" functions, ingress_enqueue returns a
  92          * firewall FW_* code.
  93          */
  94 #ifdef CONFIG_NET_CLS_ACT
  95         sch->bstats.packets++;
  96         sch->bstats.bytes += skb->len;
  97         switch (result) {
  98         case TC_ACT_SHOT:
  99                 result = TC_ACT_SHOT;
 100                 sch->qstats.drops++;
 101                 break;
 102         case TC_ACT_STOLEN:
 103         case TC_ACT_QUEUED:
 104                 result = TC_ACT_STOLEN;
 105                 break;
 106         case TC_ACT_RECLASSIFY:
 107         case TC_ACT_OK:
 108                 skb->tc_index = TC_H_MIN(res.classid);
 109         default:
 110                 result = TC_ACT_OK;
 111                 break;
 112         }
 113 #else
 114         result = NF_ACCEPT;
 115         sch->bstats.packets++;
 116         sch->bstats.bytes += skb->len;
 117 #endif
 118
 119         return result;
 120 }
 121
 122 static struct sk_buff *ingress_dequeue(struct Qdisc *sch)
 123 {
 124         return NULL;
 125 }
 126
 127 static int ingress_requeue(struct sk_buff *skb, struct Qdisc *sch)
 128 {
 129         return 0;
 130 }
 131
 132 static unsigned int ingress_drop(struct Qdisc *sch)
 133 {
 134         return 0;
 135 }
 136
 137 #ifndef CONFIG_NET_CLS_ACT
 138 #ifdef CONFIG_NETFILTER
 139 static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb,
 140                              const struct net_device *indev,
 141                              const struct net_device *outdev,
 142                              int (*okfn)(struct sk_buff *))
 143 {
 144
 145         struct Qdisc *q;
 146         struct net_device *dev = skb->dev;
 147         int fwres = NF_ACCEPT;
 148
 149         if (dev->qdisc_ingress) {
 150                 spin_lock(&dev->ingress_lock);
 151                 if ((q = dev->qdisc_ingress) != NULL)
 152                         fwres = q->enqueue(skb, q);
 153                 spin_unlock(&dev->ingress_lock);
 154         }
 155
 156         return fwres;
 157 }
 158
 159 /* after ipt_filter */
 160 static struct nf_hook_ops ing_ops[] __read_mostly = {
 161         {
 162                 .hook           = ing_hook,
 163                 .owner          = THIS_MODULE,
 164                 .pf             = PF_INET,
 165                 .hooknum        = NF_INET_PRE_ROUTING,
 166                 .priority       = NF_IP_PRI_FILTER + 1,
 167         },
 168         {
 169                 .hook           = ing_hook,
 170                 .owner          = THIS_MODULE,
 171                 .pf             = PF_INET6,
 172                 .hooknum        = NF_INET_PRE_ROUTING,
 173                 .priority       = NF_IP6_PRI_FILTER + 1,
 174         },
 175 };
 176 #endif
 177 #endif
 178
 179 static int ingress_init(struct Qdisc *sch, struct rtattr *opt)
 180 {
 181         struct ingress_qdisc_data *p = qdisc_priv(sch);
 182
 183         /* Make sure either netfilter or preferably CLS_ACT is
 184          * compiled in */
 185 #ifndef CONFIG_NET_CLS_ACT
 186 #ifndef CONFIG_NETFILTER
 187         printk("You MUST compile classifier actions into the kernel\n");
 188         return -EINVAL;
 189 #else
 190         printk("Ingress scheduler: Classifier actions prefered over netfilter\n");
 191 #endif
 192 #endif
 193
 194 #ifndef CONFIG_NET_CLS_ACT
 195 #ifdef CONFIG_NETFILTER
 196         if (!nf_registered) {
 197                 if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
 198                         printk("ingress qdisc registration error \n");
 199                         return -EINVAL;
 200                 }
 201                 nf_registered++;
 202         }
 203 #endif
 204 #endif
 205         p->q = &noop_qdisc;
 206         return 0;
 207 }
 208
 209 static void ingress_reset(struct Qdisc *sch)
 210 {
 211         return;
 212 }
 213
 214 /* ------------------------------------------------------------- */
 215
 216 static void ingress_destroy(struct Qdisc *sch)
 217 {
 218         struct ingress_qdisc_data *p = qdisc_priv(sch);
 219
 220         tcf_destroy_chain(p->filter_list);
 221 }
 222
 223 static int ingress_dump(struct Qdisc *sch, struct sk_buff *skb)
 224 {
 225         unsigned char *b = skb_tail_pointer(skb);
 226         struct rtattr *rta;
 227
 228         rta = (struct rtattr *)b;
 229         RTA_PUT(skb, TCA_OPTIONS, 0, NULL);
 230         rta->rta_len = skb_tail_pointer(skb) - b;
 231         return skb->len;
 232
 233 rtattr_failure:
 234         nlmsg_trim(skb, b);
 235         return -1;
 236 }
 237
 238 static const struct Qdisc_class_ops ingress_class_ops = {
 239         .graft          =       ingress_graft,
 240         .leaf           =       ingress_leaf,
 241         .get            =       ingress_get,
 242         .put            =       ingress_put,
 243         .change         =       ingress_change,
 244         .walk           =       ingress_walk,
 245         .tcf_chain      =       ingress_find_tcf,
 246         .bind_tcf       =       ingress_bind_filter,
 247         .unbind_tcf     =       ingress_put,
 248 };
 249
 250 static struct Qdisc_ops ingress_qdisc_ops __read_mostly = {
 251         .cl_ops         =       &ingress_class_ops,
 252         .id             =       "ingress",
 253         .priv_size      =       sizeof(struct ingress_qdisc_data),
 254         .enqueue        =       ingress_enqueue,
 255         .dequeue        =       ingress_dequeue,
 256         .requeue        =       ingress_requeue,
 257         .drop           =       ingress_drop,
 258         .init           =       ingress_init,
 259         .reset          =       ingress_reset,
 260         .destroy        =       ingress_destroy,
 261         .dump           =       ingress_dump,
 262         .owner          =       THIS_MODULE,
 263 };
 264
 265 static int __init ingress_module_init(void)
 266 {
 267         int ret = 0;
 268
 269         if ((ret = register_qdisc(&ingress_qdisc_ops)) < 0) {
 270                 printk("Unable to register Ingress qdisc\n");
 271                 return ret;
 272         }
 273
 274         return ret;
 275 }
 276
 277 static void __exit ingress_module_exit(void)
 278 {
 279         unregister_qdisc(&ingress_qdisc_ops);
 280 #ifndef CONFIG_NET_CLS_ACT
 281 #ifdef CONFIG_NETFILTER
 282         if (nf_registered)
 283                 nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
 284 #endif
 285 #endif
 286 }
 287
 288 module_init(ingress_module_init)
 289 module_exit(ingress_module_exit)
 290 MODULE_LICENSE("GPL");