1 /* 2 * net/sched/police.c Input police filter. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 10 * J Hadi Salim (action changes) 11 */ 12 13 #include <linux/module.h> 14 #include <linux/types.h> 15 #include <linux/kernel.h> 16 #include <linux/string.h> 17 #include <linux/errno.h> 18 #include <linux/skbuff.h> 19 #include <linux/rtnetlink.h> 20 #include <linux/init.h> 21 #include <linux/slab.h> 22 #include <net/act_api.h> 23 #include <net/netlink.h> 24 25 #define L2T(p, L) qdisc_l2t((p)->tcfp_R_tab, L) 26 #define L2T_P(p, L) qdisc_l2t((p)->tcfp_P_tab, L) 27 28 #define POL_TAB_MASK 15 29 static struct tcf_common *tcf_police_ht[POL_TAB_MASK + 1]; 30 static u32 police_idx_gen; 31 static DEFINE_RWLOCK(police_lock); 32 33 static struct tcf_hashinfo police_hash_info = { 34 .htab = tcf_police_ht, 35 .hmask = POL_TAB_MASK, 36 .lock = &police_lock, 37 }; 38 39 /* old policer structure from before tc actions */ 40 struct tc_police_compat { 41 u32 index; 42 int action; 43 u32 limit; 44 u32 burst; 45 u32 mtu; 46 struct tc_ratespec rate; 47 struct tc_ratespec peakrate; 48 }; 49 50 /* Each policer is serialized by its individual spinlock */ 51 52 static int tcf_act_police_walker(struct sk_buff *skb, struct netlink_callback *cb, 53 int type, struct tc_action *a) 54 { 55 struct tcf_common *p; 56 int err = 0, index = -1, i = 0, s_i = 0, n_i = 0; 57 struct nlattr *nest; 58 59 read_lock_bh(&police_lock); 60 61 s_i = cb->args[0]; 62 63 for (i = 0; i < (POL_TAB_MASK + 1); i++) { 64 p = tcf_police_ht[tcf_hash(i, POL_TAB_MASK)]; 65 66 for (; p; p = p->tcfc_next) { 67 index++; 68 if (index < s_i) 69 continue; 70 a->priv = p; 71 a->order = index; 72 nest = nla_nest_start(skb, a->order); 73 if (nest == NULL) 74 goto nla_put_failure; 75 if (type == RTM_DELACTION) 76 err = tcf_action_dump_1(skb, a, 0, 1); 77 else 78 err = tcf_action_dump_1(skb, a, 0, 0); 79 if (err < 0) { 80 index--; 81 nla_nest_cancel(skb, nest); 82 goto done; 83 } 84 nla_nest_end(skb, nest); 85 n_i++; 86 } 87 } 88 done: 89 read_unlock_bh(&police_lock); 90 if (n_i) 91 cb->args[0] += n_i; 92 return n_i; 93 94 nla_put_failure: 95 nla_nest_cancel(skb, nest); 96 goto done; 97 } 98 99 static void tcf_police_free_rcu(struct rcu_head *head) 100 { 101 kfree(container_of(head, struct tcf_police, tcf_rcu)); 102 } 103 104 static void tcf_police_destroy(struct tcf_police *p) 105 { 106 unsigned int h = tcf_hash(p->tcf_index, POL_TAB_MASK); 107 struct tcf_common **p1p; 108 109 for (p1p = &tcf_police_ht[h]; *p1p; p1p = &(*p1p)->tcfc_next) { 110 if (*p1p == &p->common) { 111 write_lock_bh(&police_lock); 112 *p1p = p->tcf_next; 113 write_unlock_bh(&police_lock); 114 gen_kill_estimator(&p->tcf_bstats, 115 &p->tcf_rate_est); 116 if (p->tcfp_R_tab) 117 qdisc_put_rtab(p->tcfp_R_tab); 118 if (p->tcfp_P_tab) 119 qdisc_put_rtab(p->tcfp_P_tab); 120 /* 121 * gen_estimator est_timer() might access p->tcf_lock 122 * or bstats, wait a RCU grace period before freeing p 123 */ 124 call_rcu(&p->tcf_rcu, tcf_police_free_rcu); 125 return; 126 } 127 } 128 WARN_ON(1); 129 } 130 131 static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = { 132 [TCA_POLICE_RATE] = { .len = TC_RTAB_SIZE }, 133 [TCA_POLICE_PEAKRATE] = { .len = TC_RTAB_SIZE }, 134 [TCA_POLICE_AVRATE] = { .type = NLA_U32 }, 135 [TCA_POLICE_RESULT] = { .type = NLA_U32 }, 136 }; 137 138 static int tcf_act_police_locate(struct nlattr *nla, struct nlattr *est, 139 struct tc_action *a, int ovr, int bind) 140 { 141 unsigned int h; 142 int ret = 0, err; 143 struct nlattr *tb[TCA_POLICE_MAX + 1]; 144 struct tc_police *parm; 145 struct tcf_police *police; 146 struct qdisc_rate_table *R_tab = NULL, *P_tab = NULL; 147 int size; 148 149 if (nla == NULL) 150 return -EINVAL; 151 152 err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, police_policy); 153 if (err < 0) 154 return err; 155 156 if (tb[TCA_POLICE_TBF] == NULL) 157 return -EINVAL; 158 size = nla_len(tb[TCA_POLICE_TBF]); 159 if (size != sizeof(*parm) && size != sizeof(struct tc_police_compat)) 160 return -EINVAL; 161 parm = nla_data(tb[TCA_POLICE_TBF]); 162 163 if (parm->index) { 164 struct tcf_common *pc; 165 166 pc = tcf_hash_lookup(parm->index, &police_hash_info); 167 if (pc != NULL) { 168 a->priv = pc; 169 police = to_police(pc); 170 if (bind) { 171 police->tcf_bindcnt += 1; 172 police->tcf_refcnt += 1; 173 } 174 if (ovr) 175 goto override; 176 return ret; 177 } 178 } 179 180 police = kzalloc(sizeof(*police), GFP_KERNEL); 181 if (police == NULL) 182 return -ENOMEM; 183 ret = ACT_P_CREATED; 184 police->tcf_refcnt = 1; 185 spin_lock_init(&police->tcf_lock); 186 if (bind) 187 police->tcf_bindcnt = 1; 188 override: 189 if (parm->rate.rate) { 190 err = -ENOMEM; 191 R_tab = qdisc_get_rtab(&parm->rate, tb[TCA_POLICE_RATE]); 192 if (R_tab == NULL) 193 goto failure; 194 195 if (parm->peakrate.rate) { 196 P_tab = qdisc_get_rtab(&parm->peakrate, 197 tb[TCA_POLICE_PEAKRATE]); 198 if (P_tab == NULL) 199 goto failure; 200 } 201 } 202 203 spin_lock_bh(&police->tcf_lock); 204 if (est) { 205 err = gen_replace_estimator(&police->tcf_bstats, 206 &police->tcf_rate_est, 207 &police->tcf_lock, est); 208 if (err) 209 goto failure_unlock; 210 } else if (tb[TCA_POLICE_AVRATE] && 211 (ret == ACT_P_CREATED || 212 !gen_estimator_active(&police->tcf_bstats, 213 &police->tcf_rate_est))) { 214 err = -EINVAL; 215 goto failure_unlock; 216 } 217 218 /* No failure allowed after this point */ 219 if (R_tab != NULL) { 220 qdisc_put_rtab(police->tcfp_R_tab); 221 police->tcfp_R_tab = R_tab; 222 } 223 if (P_tab != NULL) { 224 qdisc_put_rtab(police->tcfp_P_tab); 225 police->tcfp_P_tab = P_tab; 226 } 227 228 if (tb[TCA_POLICE_RESULT]) 229 police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]); 230 police->tcfp_toks = police->tcfp_burst = parm->burst; 231 police->tcfp_mtu = parm->mtu; 232 if (police->tcfp_mtu == 0) { 233 police->tcfp_mtu = ~0; 234 if (police->tcfp_R_tab) 235 police->tcfp_mtu = 255<<police->tcfp_R_tab->rate.cell_log; 236 } 237 if (police->tcfp_P_tab) 238 police->tcfp_ptoks = L2T_P(police, police->tcfp_mtu); 239 police->tcf_action = parm->action; 240 241 if (tb[TCA_POLICE_AVRATE]) 242 police->tcfp_ewma_rate = nla_get_u32(tb[TCA_POLICE_AVRATE]); 243 244 spin_unlock_bh(&police->tcf_lock); 245 if (ret != ACT_P_CREATED) 246 return ret; 247 248 police->tcfp_t_c = psched_get_time(); 249 police->tcf_index = parm->index ? parm->index : 250 tcf_hash_new_index(&police_idx_gen, &police_hash_info); 251 h = tcf_hash(police->tcf_index, POL_TAB_MASK); 252 write_lock_bh(&police_lock); 253 police->tcf_next = tcf_police_ht[h]; 254 tcf_police_ht[h] = &police->common; 255 write_unlock_bh(&police_lock); 256 257 a->priv = police; 258 return ret; 259 260 failure_unlock: 261 spin_unlock_bh(&police->tcf_lock); 262 failure: 263 if (P_tab) 264 qdisc_put_rtab(P_tab); 265 if (R_tab) 266 qdisc_put_rtab(R_tab); 267 if (ret == ACT_P_CREATED) 268 kfree(police); 269 return err; 270 } 271 272 static int tcf_act_police_cleanup(struct tc_action *a, int bind) 273 { 274 struct tcf_police *p = a->priv; 275 int ret = 0; 276 277 if (p != NULL) { 278 if (bind) 279 p->tcf_bindcnt--; 280 281 p->tcf_refcnt--; 282 if (p->tcf_refcnt <= 0 && !p->tcf_bindcnt) { 283 tcf_police_destroy(p); 284 ret = 1; 285 } 286 } 287 return ret; 288 } 289 290 static int tcf_act_police(struct sk_buff *skb, struct tc_action *a, 291 struct tcf_result *res) 292 { 293 struct tcf_police *police = a->priv; 294 psched_time_t now; 295 long toks; 296 long ptoks = 0; 297 298 spin_lock(&police->tcf_lock); 299 300 bstats_update(&police->tcf_bstats, skb); 301 302 if (police->tcfp_ewma_rate && 303 police->tcf_rate_est.bps >= police->tcfp_ewma_rate) { 304 police->tcf_qstats.overlimits++; 305 if (police->tcf_action == TC_ACT_SHOT) 306 police->tcf_qstats.drops++; 307 spin_unlock(&police->tcf_lock); 308 return police->tcf_action; 309 } 310 311 if (qdisc_pkt_len(skb) <= police->tcfp_mtu) { 312 if (police->tcfp_R_tab == NULL) { 313 spin_unlock(&police->tcf_lock); 314 return police->tcfp_result; 315 } 316 317 now = psched_get_time(); 318 toks = psched_tdiff_bounded(now, police->tcfp_t_c, 319 police->tcfp_burst); 320 if (police->tcfp_P_tab) { 321 ptoks = toks + police->tcfp_ptoks; 322 if (ptoks > (long)L2T_P(police, police->tcfp_mtu)) 323 ptoks = (long)L2T_P(police, police->tcfp_mtu); 324 ptoks -= L2T_P(police, qdisc_pkt_len(skb)); 325 } 326 toks += police->tcfp_toks; 327 if (toks > (long)police->tcfp_burst) 328 toks = police->tcfp_burst; 329 toks -= L2T(police, qdisc_pkt_len(skb)); 330 if ((toks|ptoks) >= 0) { 331 police->tcfp_t_c = now; 332 police->tcfp_toks = toks; 333 police->tcfp_ptoks = ptoks; 334 spin_unlock(&police->tcf_lock); 335 return police->tcfp_result; 336 } 337 } 338 339 police->tcf_qstats.overlimits++; 340 if (police->tcf_action == TC_ACT_SHOT) 341 police->tcf_qstats.drops++; 342 spin_unlock(&police->tcf_lock); 343 return police->tcf_action; 344 } 345 346 static int 347 tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) 348 { 349 unsigned char *b = skb_tail_pointer(skb); 350 struct tcf_police *police = a->priv; 351 struct tc_police opt = { 352 .index = police->tcf_index, 353 .action = police->tcf_action, 354 .mtu = police->tcfp_mtu, 355 .burst = police->tcfp_burst, 356 .refcnt = police->tcf_refcnt - ref, 357 .bindcnt = police->tcf_bindcnt - bind, 358 }; 359 360 if (police->tcfp_R_tab) 361 opt.rate = police->tcfp_R_tab->rate; 362 if (police->tcfp_P_tab) 363 opt.peakrate = police->tcfp_P_tab->rate; 364 NLA_PUT(skb, TCA_POLICE_TBF, sizeof(opt), &opt); 365 if (police->tcfp_result) 366 NLA_PUT_U32(skb, TCA_POLICE_RESULT, police->tcfp_result); 367 if (police->tcfp_ewma_rate) 368 NLA_PUT_U32(skb, TCA_POLICE_AVRATE, police->tcfp_ewma_rate); 369 return skb->len; 370 371 nla_put_failure: 372 nlmsg_trim(skb, b); 373 return -1; 374 } 375 376 MODULE_AUTHOR("Alexey Kuznetsov"); 377 MODULE_DESCRIPTION("Policing actions"); 378 MODULE_LICENSE("GPL"); 379 380 static struct tc_action_ops act_police_ops = { 381 .kind = "police", 382 .hinfo = &police_hash_info, 383 .type = TCA_ID_POLICE, 384 .capab = TCA_CAP_NONE, 385 .owner = THIS_MODULE, 386 .act = tcf_act_police, 387 .dump = tcf_act_police_dump, 388 .cleanup = tcf_act_police_cleanup, 389 .lookup = tcf_hash_search, 390 .init = tcf_act_police_locate, 391 .walk = tcf_act_police_walker 392 }; 393 394 static int __init 395 police_init_module(void) 396 { 397 return tcf_register_action(&act_police_ops); 398 } 399 400 static void __exit 401 police_cleanup_module(void) 402 { 403 tcf_unregister_action(&act_police_ops); 404 rcu_barrier(); /* Wait for completion of call_rcu()'s (tcf_police_free_rcu) */ 405 } 406 407 module_init(police_init_module); 408 module_exit(police_cleanup_module); 409