Commit 4c13eda7 authored by Ratheesh Kannoth's avatar Ratheesh Kannoth Committed by David S. Miller
Browse files

tc: flower: support for SPI 



tc flower rules support to classify ESP/AH
packets matching SPI field.

Signed-off-by: default avatarRatheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a57c34a8

include/uapi/linux/pkt_cls.h

+3 −0
Original line number Diff line number Diff line
@@ -598,6 +598,9 @@ enum { 


	TCA_FLOWER_KEY_CFM,		/* nested */



	TCA_FLOWER_KEY_SPI,		/* be32 */

	TCA_FLOWER_KEY_SPI_MASK,	/* be32 */



	__TCA_FLOWER_MAX,

};

net/sched/cls_flower.c

+35 −0
Original line number Diff line number Diff line
@@ -72,6 +72,7 @@ struct fl_flow_key { 
	struct flow_dissector_key_num_of_vlans num_of_vlans;

	struct flow_dissector_key_pppoe pppoe;

	struct flow_dissector_key_l2tpv3 l2tpv3;

	struct flow_dissector_key_ipsec ipsec;

	struct flow_dissector_key_cfm cfm;

} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
@@ -726,6 +727,8 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = { 
	[TCA_FLOWER_KEY_PPPOE_SID]	= { .type = NLA_U16 },

	[TCA_FLOWER_KEY_PPP_PROTO]	= { .type = NLA_U16 },

	[TCA_FLOWER_KEY_L2TPV3_SID]	= { .type = NLA_U32 },

	[TCA_FLOWER_KEY_SPI]		= { .type = NLA_U32 },

	[TCA_FLOWER_KEY_SPI_MASK]	= { .type = NLA_U32 },

	[TCA_FLOWER_L2_MISS]		= NLA_POLICY_MAX(NLA_U8, 1),

	[TCA_FLOWER_KEY_CFM]		= { .type = NLA_NESTED },

};
@@ -795,6 +798,24 @@ static void fl_set_key_val(struct nlattr **tb, 
		nla_memcpy(mask, tb[mask_type], len);

}



static int fl_set_key_spi(struct nlattr **tb, struct fl_flow_key *key,

			  struct fl_flow_key *mask,

			  struct netlink_ext_ack *extack)

{

	if (key->basic.ip_proto != IPPROTO_ESP &&

	    key->basic.ip_proto != IPPROTO_AH) {

		NL_SET_ERR_MSG(extack,

			       "Protocol must be either ESP or AH");

		return -EINVAL;

	}



	fl_set_key_val(tb, &key->ipsec.spi,

		       TCA_FLOWER_KEY_SPI,

		       &mask->ipsec.spi, TCA_FLOWER_KEY_SPI_MASK,

		       sizeof(key->ipsec.spi));

	return 0;

}



static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,

				 struct fl_flow_key *mask,

				 struct netlink_ext_ack *extack)
@@ -1894,6 +1915,12 @@ static int fl_set_key(struct net *net, struct nlattr **tb, 
			return ret;

	}



	if (tb[TCA_FLOWER_KEY_SPI]) {

		ret = fl_set_key_spi(tb, key, mask, extack);

		if (ret)

			return ret;

	}



	if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] ||

	    tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) {

		key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
@@ -2066,6 +2093,8 @@ static void fl_init_dissector(struct flow_dissector *dissector, 
			     FLOW_DISSECTOR_KEY_PPPOE, pppoe);

	FL_KEY_SET_IF_MASKED(mask, keys, cnt,

			     FLOW_DISSECTOR_KEY_L2TPV3, l2tpv3);

	FL_KEY_SET_IF_MASKED(mask, keys, cnt,

			     FLOW_DISSECTOR_KEY_IPSEC, ipsec);

	FL_KEY_SET_IF_MASKED(mask, keys, cnt,

			     FLOW_DISSECTOR_KEY_CFM, cfm);
@@ -3364,6 +3393,12 @@ static int fl_dump_key(struct sk_buff *skb, struct net *net, 
				 sizeof(key->l2tpv3.session_id)))

		goto nla_put_failure;



	if (key->ipsec.spi &&

	    fl_dump_key_val(skb, &key->ipsec.spi, TCA_FLOWER_KEY_SPI,

			    &mask->ipsec.spi, TCA_FLOWER_KEY_SPI_MASK,

			    sizeof(key->ipsec.spi)))

		goto nla_put_failure;



	if ((key->basic.ip_proto == IPPROTO_TCP ||

	     key->basic.ip_proto == IPPROTO_UDP ||

	     key->basic.ip_proto == IPPROTO_SCTP) &&