mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-18 03:06:43 +00:00
8f2566225a
This patch wraps the dissector key and mask - that flower uses to represent the matching side - around the flow_match structure. To avoid a follow up patch that would edit the same LoCs in the drivers, this patch also wraps this new flow match structure around the flow rule object. This new structure will also contain the flow actions in follow up patches. This introduces two new interfaces: bool flow_rule_match_key(rule, dissector_id) that returns true if a given matching key is set on, and: flow_rule_match_XYZ(rule, &match); To fetch the matching side XYZ into the match container structure, to retrieve the key and the mask with one single call. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
144 lines
4.2 KiB
C
144 lines
4.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#include <linux/kernel.h>
|
|
#include <linux/slab.h>
|
|
#include <net/flow_offload.h>
|
|
|
|
struct flow_rule *flow_rule_alloc(void)
|
|
{
|
|
return kzalloc(sizeof(struct flow_rule), GFP_KERNEL);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_alloc);
|
|
|
|
#define FLOW_DISSECTOR_MATCH(__rule, __type, __out) \
|
|
const struct flow_match *__m = &(__rule)->match; \
|
|
struct flow_dissector *__d = (__m)->dissector; \
|
|
\
|
|
(__out)->key = skb_flow_dissector_target(__d, __type, (__m)->key); \
|
|
(__out)->mask = skb_flow_dissector_target(__d, __type, (__m)->mask); \
|
|
|
|
void flow_rule_match_basic(const struct flow_rule *rule,
|
|
struct flow_match_basic *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_BASIC, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_basic);
|
|
|
|
void flow_rule_match_control(const struct flow_rule *rule,
|
|
struct flow_match_control *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CONTROL, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_control);
|
|
|
|
void flow_rule_match_eth_addrs(const struct flow_rule *rule,
|
|
struct flow_match_eth_addrs *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_eth_addrs);
|
|
|
|
void flow_rule_match_vlan(const struct flow_rule *rule,
|
|
struct flow_match_vlan *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_VLAN, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_vlan);
|
|
|
|
void flow_rule_match_ipv4_addrs(const struct flow_rule *rule,
|
|
struct flow_match_ipv4_addrs *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_ipv4_addrs);
|
|
|
|
void flow_rule_match_ipv6_addrs(const struct flow_rule *rule,
|
|
struct flow_match_ipv6_addrs *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_ipv6_addrs);
|
|
|
|
void flow_rule_match_ip(const struct flow_rule *rule,
|
|
struct flow_match_ip *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IP, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_ip);
|
|
|
|
void flow_rule_match_ports(const struct flow_rule *rule,
|
|
struct flow_match_ports *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_PORTS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_ports);
|
|
|
|
void flow_rule_match_tcp(const struct flow_rule *rule,
|
|
struct flow_match_tcp *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_TCP, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_tcp);
|
|
|
|
void flow_rule_match_icmp(const struct flow_rule *rule,
|
|
struct flow_match_icmp *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ICMP, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_icmp);
|
|
|
|
void flow_rule_match_mpls(const struct flow_rule *rule,
|
|
struct flow_match_mpls *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_MPLS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_mpls);
|
|
|
|
void flow_rule_match_enc_control(const struct flow_rule *rule,
|
|
struct flow_match_control *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_enc_control);
|
|
|
|
void flow_rule_match_enc_ipv4_addrs(const struct flow_rule *rule,
|
|
struct flow_match_ipv4_addrs *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_enc_ipv4_addrs);
|
|
|
|
void flow_rule_match_enc_ipv6_addrs(const struct flow_rule *rule,
|
|
struct flow_match_ipv6_addrs *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_enc_ipv6_addrs);
|
|
|
|
void flow_rule_match_enc_ip(const struct flow_rule *rule,
|
|
struct flow_match_ip *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IP, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_enc_ip);
|
|
|
|
void flow_rule_match_enc_ports(const struct flow_rule *rule,
|
|
struct flow_match_ports *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_PORTS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_enc_ports);
|
|
|
|
void flow_rule_match_enc_keyid(const struct flow_rule *rule,
|
|
struct flow_match_enc_keyid *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_KEYID, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_enc_keyid);
|
|
|
|
void flow_rule_match_enc_opts(const struct flow_rule *rule,
|
|
struct flow_match_enc_opts *out)
|
|
{
|
|
FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_OPTS, out);
|
|
}
|
|
EXPORT_SYMBOL(flow_rule_match_enc_opts);
|