18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0 */
28c2ecf20Sopenharmony_ci#ifndef __NET_FIB_RULES_H
38c2ecf20Sopenharmony_ci#define __NET_FIB_RULES_H
48c2ecf20Sopenharmony_ci
58c2ecf20Sopenharmony_ci#include <linux/types.h>
68c2ecf20Sopenharmony_ci#include <linux/slab.h>
78c2ecf20Sopenharmony_ci#include <linux/netdevice.h>
88c2ecf20Sopenharmony_ci#include <linux/fib_rules.h>
98c2ecf20Sopenharmony_ci#include <linux/refcount.h>
108c2ecf20Sopenharmony_ci#include <net/flow.h>
118c2ecf20Sopenharmony_ci#include <net/rtnetlink.h>
128c2ecf20Sopenharmony_ci#include <net/fib_notifier.h>
138c2ecf20Sopenharmony_ci#include <linux/indirect_call_wrapper.h>
148c2ecf20Sopenharmony_ci
158c2ecf20Sopenharmony_cistruct fib_kuid_range {
168c2ecf20Sopenharmony_ci	kuid_t start;
178c2ecf20Sopenharmony_ci	kuid_t end;
188c2ecf20Sopenharmony_ci};
198c2ecf20Sopenharmony_ci
208c2ecf20Sopenharmony_cistruct fib_rule {
218c2ecf20Sopenharmony_ci	struct list_head	list;
228c2ecf20Sopenharmony_ci	int			iifindex;
238c2ecf20Sopenharmony_ci	int			oifindex;
248c2ecf20Sopenharmony_ci	u32			mark;
258c2ecf20Sopenharmony_ci	u32			mark_mask;
268c2ecf20Sopenharmony_ci	u32			flags;
278c2ecf20Sopenharmony_ci	u32			table;
288c2ecf20Sopenharmony_ci	u8			action;
298c2ecf20Sopenharmony_ci	u8			l3mdev;
308c2ecf20Sopenharmony_ci	u8                      proto;
318c2ecf20Sopenharmony_ci	u8			ip_proto;
328c2ecf20Sopenharmony_ci	u32			target;
338c2ecf20Sopenharmony_ci	__be64			tun_id;
348c2ecf20Sopenharmony_ci	struct fib_rule __rcu	*ctarget;
358c2ecf20Sopenharmony_ci	struct net		*fr_net;
368c2ecf20Sopenharmony_ci
378c2ecf20Sopenharmony_ci	refcount_t		refcnt;
388c2ecf20Sopenharmony_ci	u32			pref;
398c2ecf20Sopenharmony_ci	int			suppress_ifgroup;
408c2ecf20Sopenharmony_ci	int			suppress_prefixlen;
418c2ecf20Sopenharmony_ci	char			iifname[IFNAMSIZ];
428c2ecf20Sopenharmony_ci	char			oifname[IFNAMSIZ];
438c2ecf20Sopenharmony_ci	struct fib_kuid_range	uid_range;
448c2ecf20Sopenharmony_ci	struct fib_rule_port_range	sport_range;
458c2ecf20Sopenharmony_ci	struct fib_rule_port_range	dport_range;
468c2ecf20Sopenharmony_ci	struct rcu_head		rcu;
478c2ecf20Sopenharmony_ci};
488c2ecf20Sopenharmony_ci
498c2ecf20Sopenharmony_cistruct fib_lookup_arg {
508c2ecf20Sopenharmony_ci	void			*lookup_ptr;
518c2ecf20Sopenharmony_ci	const void		*lookup_data;
528c2ecf20Sopenharmony_ci	void			*result;
538c2ecf20Sopenharmony_ci	struct fib_rule		*rule;
548c2ecf20Sopenharmony_ci	u32			table;
558c2ecf20Sopenharmony_ci	int			flags;
568c2ecf20Sopenharmony_ci#define FIB_LOOKUP_NOREF		1
578c2ecf20Sopenharmony_ci#define FIB_LOOKUP_IGNORE_LINKSTATE	2
588c2ecf20Sopenharmony_ci};
598c2ecf20Sopenharmony_ci
608c2ecf20Sopenharmony_cistruct fib_rules_ops {
618c2ecf20Sopenharmony_ci	int			family;
628c2ecf20Sopenharmony_ci	struct list_head	list;
638c2ecf20Sopenharmony_ci	int			rule_size;
648c2ecf20Sopenharmony_ci	int			addr_size;
658c2ecf20Sopenharmony_ci	int			unresolved_rules;
668c2ecf20Sopenharmony_ci	int			nr_goto_rules;
678c2ecf20Sopenharmony_ci	unsigned int		fib_rules_seq;
688c2ecf20Sopenharmony_ci
698c2ecf20Sopenharmony_ci	int			(*action)(struct fib_rule *,
708c2ecf20Sopenharmony_ci					  struct flowi *, int,
718c2ecf20Sopenharmony_ci					  struct fib_lookup_arg *);
728c2ecf20Sopenharmony_ci	bool			(*suppress)(struct fib_rule *, int,
738c2ecf20Sopenharmony_ci					    struct fib_lookup_arg *);
748c2ecf20Sopenharmony_ci	int			(*match)(struct fib_rule *,
758c2ecf20Sopenharmony_ci					 struct flowi *, int);
768c2ecf20Sopenharmony_ci	int			(*configure)(struct fib_rule *,
778c2ecf20Sopenharmony_ci					     struct sk_buff *,
788c2ecf20Sopenharmony_ci					     struct fib_rule_hdr *,
798c2ecf20Sopenharmony_ci					     struct nlattr **,
808c2ecf20Sopenharmony_ci					     struct netlink_ext_ack *);
818c2ecf20Sopenharmony_ci	int			(*delete)(struct fib_rule *);
828c2ecf20Sopenharmony_ci	int			(*compare)(struct fib_rule *,
838c2ecf20Sopenharmony_ci					   struct fib_rule_hdr *,
848c2ecf20Sopenharmony_ci					   struct nlattr **);
858c2ecf20Sopenharmony_ci	int			(*fill)(struct fib_rule *, struct sk_buff *,
868c2ecf20Sopenharmony_ci					struct fib_rule_hdr *);
878c2ecf20Sopenharmony_ci	size_t			(*nlmsg_payload)(struct fib_rule *);
888c2ecf20Sopenharmony_ci
898c2ecf20Sopenharmony_ci	/* Called after modifications to the rules set, must flush
908c2ecf20Sopenharmony_ci	 * the route cache if one exists. */
918c2ecf20Sopenharmony_ci	void			(*flush_cache)(struct fib_rules_ops *ops);
928c2ecf20Sopenharmony_ci
938c2ecf20Sopenharmony_ci	int			nlgroup;
948c2ecf20Sopenharmony_ci	const struct nla_policy	*policy;
958c2ecf20Sopenharmony_ci	struct list_head	rules_list;
968c2ecf20Sopenharmony_ci	struct module		*owner;
978c2ecf20Sopenharmony_ci	struct net		*fro_net;
988c2ecf20Sopenharmony_ci	struct rcu_head		rcu;
998c2ecf20Sopenharmony_ci};
1008c2ecf20Sopenharmony_ci
1018c2ecf20Sopenharmony_cistruct fib_rule_notifier_info {
1028c2ecf20Sopenharmony_ci	struct fib_notifier_info info; /* must be first */
1038c2ecf20Sopenharmony_ci	struct fib_rule *rule;
1048c2ecf20Sopenharmony_ci};
1058c2ecf20Sopenharmony_ci
1068c2ecf20Sopenharmony_ci#define FRA_GENERIC_POLICY \
1078c2ecf20Sopenharmony_ci	[FRA_UNSPEC]	= { .strict_start_type = FRA_DPORT_RANGE + 1 }, \
1088c2ecf20Sopenharmony_ci	[FRA_IIFNAME]	= { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
1098c2ecf20Sopenharmony_ci	[FRA_OIFNAME]	= { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, \
1108c2ecf20Sopenharmony_ci	[FRA_PRIORITY]	= { .type = NLA_U32 }, \
1118c2ecf20Sopenharmony_ci	[FRA_FWMARK]	= { .type = NLA_U32 }, \
1128c2ecf20Sopenharmony_ci	[FRA_TUN_ID]	= { .type = NLA_U64 }, \
1138c2ecf20Sopenharmony_ci	[FRA_FWMASK]	= { .type = NLA_U32 }, \
1148c2ecf20Sopenharmony_ci	[FRA_TABLE]     = { .type = NLA_U32 }, \
1158c2ecf20Sopenharmony_ci	[FRA_SUPPRESS_PREFIXLEN] = { .type = NLA_U32 }, \
1168c2ecf20Sopenharmony_ci	[FRA_SUPPRESS_IFGROUP] = { .type = NLA_U32 }, \
1178c2ecf20Sopenharmony_ci	[FRA_GOTO]	= { .type = NLA_U32 }, \
1188c2ecf20Sopenharmony_ci	[FRA_L3MDEV]	= { .type = NLA_U8 }, \
1198c2ecf20Sopenharmony_ci	[FRA_UID_RANGE]	= { .len = sizeof(struct fib_rule_uid_range) }, \
1208c2ecf20Sopenharmony_ci	[FRA_PROTOCOL]  = { .type = NLA_U8 }, \
1218c2ecf20Sopenharmony_ci	[FRA_IP_PROTO]  = { .type = NLA_U8 }, \
1228c2ecf20Sopenharmony_ci	[FRA_SPORT_RANGE] = { .len = sizeof(struct fib_rule_port_range) }, \
1238c2ecf20Sopenharmony_ci	[FRA_DPORT_RANGE] = { .len = sizeof(struct fib_rule_port_range) }
1248c2ecf20Sopenharmony_ci
1258c2ecf20Sopenharmony_ci
1268c2ecf20Sopenharmony_cistatic inline void fib_rule_get(struct fib_rule *rule)
1278c2ecf20Sopenharmony_ci{
1288c2ecf20Sopenharmony_ci	refcount_inc(&rule->refcnt);
1298c2ecf20Sopenharmony_ci}
1308c2ecf20Sopenharmony_ci
1318c2ecf20Sopenharmony_cistatic inline void fib_rule_put(struct fib_rule *rule)
1328c2ecf20Sopenharmony_ci{
1338c2ecf20Sopenharmony_ci	if (refcount_dec_and_test(&rule->refcnt))
1348c2ecf20Sopenharmony_ci		kfree_rcu(rule, rcu);
1358c2ecf20Sopenharmony_ci}
1368c2ecf20Sopenharmony_ci
1378c2ecf20Sopenharmony_ci#ifdef CONFIG_NET_L3_MASTER_DEV
1388c2ecf20Sopenharmony_cistatic inline u32 fib_rule_get_table(struct fib_rule *rule,
1398c2ecf20Sopenharmony_ci				     struct fib_lookup_arg *arg)
1408c2ecf20Sopenharmony_ci{
1418c2ecf20Sopenharmony_ci	return rule->l3mdev ? arg->table : rule->table;
1428c2ecf20Sopenharmony_ci}
1438c2ecf20Sopenharmony_ci#else
1448c2ecf20Sopenharmony_cistatic inline u32 fib_rule_get_table(struct fib_rule *rule,
1458c2ecf20Sopenharmony_ci				     struct fib_lookup_arg *arg)
1468c2ecf20Sopenharmony_ci{
1478c2ecf20Sopenharmony_ci	return rule->table;
1488c2ecf20Sopenharmony_ci}
1498c2ecf20Sopenharmony_ci#endif
1508c2ecf20Sopenharmony_ci
1518c2ecf20Sopenharmony_cistatic inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
1528c2ecf20Sopenharmony_ci{
1538c2ecf20Sopenharmony_ci	if (nla[FRA_TABLE])
1548c2ecf20Sopenharmony_ci		return nla_get_u32(nla[FRA_TABLE]);
1558c2ecf20Sopenharmony_ci	return frh->table;
1568c2ecf20Sopenharmony_ci}
1578c2ecf20Sopenharmony_ci
1588c2ecf20Sopenharmony_cistatic inline bool fib_rule_port_range_set(const struct fib_rule_port_range *range)
1598c2ecf20Sopenharmony_ci{
1608c2ecf20Sopenharmony_ci	return range->start != 0 && range->end != 0;
1618c2ecf20Sopenharmony_ci}
1628c2ecf20Sopenharmony_ci
1638c2ecf20Sopenharmony_cistatic inline bool fib_rule_port_inrange(const struct fib_rule_port_range *a,
1648c2ecf20Sopenharmony_ci					 __be16 port)
1658c2ecf20Sopenharmony_ci{
1668c2ecf20Sopenharmony_ci	return ntohs(port) >= a->start &&
1678c2ecf20Sopenharmony_ci		ntohs(port) <= a->end;
1688c2ecf20Sopenharmony_ci}
1698c2ecf20Sopenharmony_ci
1708c2ecf20Sopenharmony_cistatic inline bool fib_rule_port_range_valid(const struct fib_rule_port_range *a)
1718c2ecf20Sopenharmony_ci{
1728c2ecf20Sopenharmony_ci	return a->start != 0 && a->end != 0 && a->end < 0xffff &&
1738c2ecf20Sopenharmony_ci		a->start <= a->end;
1748c2ecf20Sopenharmony_ci}
1758c2ecf20Sopenharmony_ci
1768c2ecf20Sopenharmony_cistatic inline bool fib_rule_port_range_compare(struct fib_rule_port_range *a,
1778c2ecf20Sopenharmony_ci					       struct fib_rule_port_range *b)
1788c2ecf20Sopenharmony_ci{
1798c2ecf20Sopenharmony_ci	return a->start == b->start &&
1808c2ecf20Sopenharmony_ci		a->end == b->end;
1818c2ecf20Sopenharmony_ci}
1828c2ecf20Sopenharmony_ci
1838c2ecf20Sopenharmony_cistatic inline bool fib_rule_requires_fldissect(struct fib_rule *rule)
1848c2ecf20Sopenharmony_ci{
1858c2ecf20Sopenharmony_ci	return rule->iifindex != LOOPBACK_IFINDEX && (rule->ip_proto ||
1868c2ecf20Sopenharmony_ci		fib_rule_port_range_set(&rule->sport_range) ||
1878c2ecf20Sopenharmony_ci		fib_rule_port_range_set(&rule->dport_range));
1888c2ecf20Sopenharmony_ci}
1898c2ecf20Sopenharmony_ci
1908c2ecf20Sopenharmony_cistruct fib_rules_ops *fib_rules_register(const struct fib_rules_ops *,
1918c2ecf20Sopenharmony_ci					 struct net *);
1928c2ecf20Sopenharmony_civoid fib_rules_unregister(struct fib_rules_ops *);
1938c2ecf20Sopenharmony_ci
1948c2ecf20Sopenharmony_ciint fib_rules_lookup(struct fib_rules_ops *, struct flowi *, int flags,
1958c2ecf20Sopenharmony_ci		     struct fib_lookup_arg *);
1968c2ecf20Sopenharmony_ciint fib_default_rule_add(struct fib_rules_ops *, u32 pref, u32 table,
1978c2ecf20Sopenharmony_ci			 u32 flags);
1988c2ecf20Sopenharmony_cibool fib_rule_matchall(const struct fib_rule *rule);
1998c2ecf20Sopenharmony_ciint fib_rules_dump(struct net *net, struct notifier_block *nb, int family,
2008c2ecf20Sopenharmony_ci		   struct netlink_ext_ack *extack);
2018c2ecf20Sopenharmony_ciunsigned int fib_rules_seq_read(struct net *net, int family);
2028c2ecf20Sopenharmony_ci
2038c2ecf20Sopenharmony_ciint fib_nl_newrule(struct sk_buff *skb, struct nlmsghdr *nlh,
2048c2ecf20Sopenharmony_ci		   struct netlink_ext_ack *extack);
2058c2ecf20Sopenharmony_ciint fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr *nlh,
2068c2ecf20Sopenharmony_ci		   struct netlink_ext_ack *extack);
2078c2ecf20Sopenharmony_ci
2088c2ecf20Sopenharmony_ciINDIRECT_CALLABLE_DECLARE(int fib6_rule_match(struct fib_rule *rule,
2098c2ecf20Sopenharmony_ci					    struct flowi *fl, int flags));
2108c2ecf20Sopenharmony_ciINDIRECT_CALLABLE_DECLARE(int fib4_rule_match(struct fib_rule *rule,
2118c2ecf20Sopenharmony_ci					    struct flowi *fl, int flags));
2128c2ecf20Sopenharmony_ci
2138c2ecf20Sopenharmony_ciINDIRECT_CALLABLE_DECLARE(int fib6_rule_action(struct fib_rule *rule,
2148c2ecf20Sopenharmony_ci			    struct flowi *flp, int flags,
2158c2ecf20Sopenharmony_ci			    struct fib_lookup_arg *arg));
2168c2ecf20Sopenharmony_ciINDIRECT_CALLABLE_DECLARE(int fib4_rule_action(struct fib_rule *rule,
2178c2ecf20Sopenharmony_ci			    struct flowi *flp, int flags,
2188c2ecf20Sopenharmony_ci			    struct fib_lookup_arg *arg));
2198c2ecf20Sopenharmony_ci
2208c2ecf20Sopenharmony_ciINDIRECT_CALLABLE_DECLARE(bool fib6_rule_suppress(struct fib_rule *rule,
2218c2ecf20Sopenharmony_ci						int flags,
2228c2ecf20Sopenharmony_ci						struct fib_lookup_arg *arg));
2238c2ecf20Sopenharmony_ciINDIRECT_CALLABLE_DECLARE(bool fib4_rule_suppress(struct fib_rule *rule,
2248c2ecf20Sopenharmony_ci						int flags,
2258c2ecf20Sopenharmony_ci						struct fib_lookup_arg *arg));
2268c2ecf20Sopenharmony_ci#endif
227