~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/sched/act_police.c

Version: ~ [ linux-5.6-rc1 ] ~ [ linux-5.5.2 ] ~ [ linux-5.4.17 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.102 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.170 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.213 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.213 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.81 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * net/sched/act_police.c       Input police filter
  3  *
  4  *              This program is free software; you can redistribute it and/or
  5  *              modify it under the terms of the GNU General Public License
  6  *              as published by the Free Software Foundation; either version
  7  *              2 of the License, or (at your option) any later version.
  8  *
  9  * Authors:     Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
 10  *              J Hadi Salim (action changes)
 11  */
 12 
 13 #include <linux/module.h>
 14 #include <linux/types.h>
 15 #include <linux/kernel.h>
 16 #include <linux/string.h>
 17 #include <linux/errno.h>
 18 #include <linux/skbuff.h>
 19 #include <linux/rtnetlink.h>
 20 #include <linux/init.h>
 21 #include <linux/slab.h>
 22 #include <net/act_api.h>
 23 #include <net/netlink.h>
 24 
 25 struct tcf_police {
 26         struct tc_action        common;
 27         int                     tcfp_result;
 28         u32                     tcfp_ewma_rate;
 29         s64                     tcfp_burst;
 30         u32                     tcfp_mtu;
 31         s64                     tcfp_toks;
 32         s64                     tcfp_ptoks;
 33         s64                     tcfp_mtu_ptoks;
 34         s64                     tcfp_t_c;
 35         struct psched_ratecfg   rate;
 36         bool                    rate_present;
 37         struct psched_ratecfg   peak;
 38         bool                    peak_present;
 39 };
 40 
 41 #define to_police(pc) ((struct tcf_police *)pc)
 42 
 43 #define POL_TAB_MASK     15
 44 
 45 /* old policer structure from before tc actions */
 46 struct tc_police_compat {
 47         u32                     index;
 48         int                     action;
 49         u32                     limit;
 50         u32                     burst;
 51         u32                     mtu;
 52         struct tc_ratespec      rate;
 53         struct tc_ratespec      peakrate;
 54 };
 55 
 56 /* Each policer is serialized by its individual spinlock */
 57 
 58 static unsigned int police_net_id;
 59 static struct tc_action_ops act_police_ops;
 60 
 61 static int tcf_act_police_walker(struct net *net, struct sk_buff *skb,
 62                                  struct netlink_callback *cb, int type,
 63                                  const struct tc_action_ops *ops)
 64 {
 65         struct tc_action_net *tn = net_generic(net, police_net_id);
 66 
 67         return tcf_generic_walker(tn, skb, cb, type, ops);
 68 }
 69 
 70 static const struct nla_policy police_policy[TCA_POLICE_MAX + 1] = {
 71         [TCA_POLICE_RATE]       = { .len = TC_RTAB_SIZE },
 72         [TCA_POLICE_PEAKRATE]   = { .len = TC_RTAB_SIZE },
 73         [TCA_POLICE_AVRATE]     = { .type = NLA_U32 },
 74         [TCA_POLICE_RESULT]     = { .type = NLA_U32 },
 75 };
 76 
 77 static int tcf_act_police_init(struct net *net, struct nlattr *nla,
 78                                struct nlattr *est, struct tc_action **a,
 79                                int ovr, int bind)
 80 {
 81         int ret = 0, err;
 82         struct nlattr *tb[TCA_POLICE_MAX + 1];
 83         struct tc_police *parm;
 84         struct tcf_police *police;
 85         struct qdisc_rate_table *R_tab = NULL, *P_tab = NULL;
 86         struct tc_action_net *tn = net_generic(net, police_net_id);
 87         bool exists = false;
 88         int size;
 89 
 90         if (nla == NULL)
 91                 return -EINVAL;
 92 
 93         err = nla_parse_nested(tb, TCA_POLICE_MAX, nla, police_policy, NULL);
 94         if (err < 0)
 95                 return err;
 96 
 97         if (tb[TCA_POLICE_TBF] == NULL)
 98                 return -EINVAL;
 99         size = nla_len(tb[TCA_POLICE_TBF]);
100         if (size != sizeof(*parm) && size != sizeof(struct tc_police_compat))
101                 return -EINVAL;
102 
103         parm = nla_data(tb[TCA_POLICE_TBF]);
104         exists = tcf_hash_check(tn, parm->index, a, bind);
105         if (exists && bind)
106                 return 0;
107 
108         if (!exists) {
109                 ret = tcf_hash_create(tn, parm->index, NULL, a,
110                                       &act_police_ops, bind, false);
111                 if (ret)
112                         return ret;
113                 ret = ACT_P_CREATED;
114         } else {
115                 tcf_hash_release(*a, bind);
116                 if (!ovr)
117                         return -EEXIST;
118         }
119 
120         police = to_police(*a);
121         if (parm->rate.rate) {
122                 err = -ENOMEM;
123                 R_tab = qdisc_get_rtab(&parm->rate, tb[TCA_POLICE_RATE]);
124                 if (R_tab == NULL)
125                         goto failure;
126 
127                 if (parm->peakrate.rate) {
128                         P_tab = qdisc_get_rtab(&parm->peakrate,
129                                                tb[TCA_POLICE_PEAKRATE]);
130                         if (P_tab == NULL)
131                                 goto failure;
132                 }
133         }
134 
135         if (est) {
136                 err = gen_replace_estimator(&police->tcf_bstats, NULL,
137                                             &police->tcf_rate_est,
138                                             &police->tcf_lock,
139                                             NULL, est);
140                 if (err)
141                         goto failure;
142         } else if (tb[TCA_POLICE_AVRATE] &&
143                    (ret == ACT_P_CREATED ||
144                     !gen_estimator_active(&police->tcf_rate_est))) {
145                 err = -EINVAL;
146                 goto failure;
147         }
148 
149         spin_lock_bh(&police->tcf_lock);
150         /* No failure allowed after this point */
151         police->tcfp_mtu = parm->mtu;
152         if (police->tcfp_mtu == 0) {
153                 police->tcfp_mtu = ~0;
154                 if (R_tab)
155                         police->tcfp_mtu = 255 << R_tab->rate.cell_log;
156         }
157         if (R_tab) {
158                 police->rate_present = true;
159                 psched_ratecfg_precompute(&police->rate, &R_tab->rate, 0);
160                 qdisc_put_rtab(R_tab);
161         } else {
162                 police->rate_present = false;
163         }
164         if (P_tab) {
165                 police->peak_present = true;
166                 psched_ratecfg_precompute(&police->peak, &P_tab->rate, 0);
167                 qdisc_put_rtab(P_tab);
168         } else {
169                 police->peak_present = false;
170         }
171 
172         if (tb[TCA_POLICE_RESULT])
173                 police->tcfp_result = nla_get_u32(tb[TCA_POLICE_RESULT]);
174         police->tcfp_burst = PSCHED_TICKS2NS(parm->burst);
175         police->tcfp_toks = police->tcfp_burst;
176         if (police->peak_present) {
177                 police->tcfp_mtu_ptoks = (s64) psched_l2t_ns(&police->peak,
178                                                              police->tcfp_mtu);
179                 police->tcfp_ptoks = police->tcfp_mtu_ptoks;
180         }
181         police->tcf_action = parm->action;
182 
183         if (tb[TCA_POLICE_AVRATE])
184                 police->tcfp_ewma_rate = nla_get_u32(tb[TCA_POLICE_AVRATE]);
185 
186         spin_unlock_bh(&police->tcf_lock);
187         if (ret != ACT_P_CREATED)
188                 return ret;
189 
190         police->tcfp_t_c = ktime_get_ns();
191         tcf_hash_insert(tn, *a);
192 
193         return ret;
194 
195 failure:
196         qdisc_put_rtab(P_tab);
197         qdisc_put_rtab(R_tab);
198         if (ret == ACT_P_CREATED)
199                 tcf_hash_cleanup(*a, est);
200         return err;
201 }
202 
203 static int tcf_act_police(struct sk_buff *skb, const struct tc_action *a,
204                           struct tcf_result *res)
205 {
206         struct tcf_police *police = to_police(a);
207         s64 now;
208         s64 toks;
209         s64 ptoks = 0;
210 
211         spin_lock(&police->tcf_lock);
212 
213         bstats_update(&police->tcf_bstats, skb);
214         tcf_lastuse_update(&police->tcf_tm);
215 
216         if (police->tcfp_ewma_rate) {
217                 struct gnet_stats_rate_est64 sample;
218 
219                 if (!gen_estimator_read(&police->tcf_rate_est, &sample) ||
220                     sample.bps >= police->tcfp_ewma_rate) {
221                         police->tcf_qstats.overlimits++;
222                         if (police->tcf_action == TC_ACT_SHOT)
223                                 police->tcf_qstats.drops++;
224                         spin_unlock(&police->tcf_lock);
225                         return police->tcf_action;
226                 }
227         }
228 
229         if (qdisc_pkt_len(skb) <= police->tcfp_mtu) {
230                 if (!police->rate_present) {
231                         spin_unlock(&police->tcf_lock);
232                         return police->tcfp_result;
233                 }
234 
235                 now = ktime_get_ns();
236                 toks = min_t(s64, now - police->tcfp_t_c,
237                              police->tcfp_burst);
238                 if (police->peak_present) {
239                         ptoks = toks + police->tcfp_ptoks;
240                         if (ptoks > police->tcfp_mtu_ptoks)
241                                 ptoks = police->tcfp_mtu_ptoks;
242                         ptoks -= (s64) psched_l2t_ns(&police->peak,
243                                                      qdisc_pkt_len(skb));
244                 }
245                 toks += police->tcfp_toks;
246                 if (toks > police->tcfp_burst)
247                         toks = police->tcfp_burst;
248                 toks -= (s64) psched_l2t_ns(&police->rate, qdisc_pkt_len(skb));
249                 if ((toks|ptoks) >= 0) {
250                         police->tcfp_t_c = now;
251                         police->tcfp_toks = toks;
252                         police->tcfp_ptoks = ptoks;
253                         if (police->tcfp_result == TC_ACT_SHOT)
254                                 police->tcf_qstats.drops++;
255                         spin_unlock(&police->tcf_lock);
256                         return police->tcfp_result;
257                 }
258         }
259 
260         police->tcf_qstats.overlimits++;
261         if (police->tcf_action == TC_ACT_SHOT)
262                 police->tcf_qstats.drops++;
263         spin_unlock(&police->tcf_lock);
264         return police->tcf_action;
265 }
266 
267 static int tcf_act_police_dump(struct sk_buff *skb, struct tc_action *a,
268                                int bind, int ref)
269 {
270         unsigned char *b = skb_tail_pointer(skb);
271         struct tcf_police *police = to_police(a);
272         struct tc_police opt = {
273                 .index = police->tcf_index,
274                 .action = police->tcf_action,
275                 .mtu = police->tcfp_mtu,
276                 .burst = PSCHED_NS2TICKS(police->tcfp_burst),
277                 .refcnt = police->tcf_refcnt - ref,
278                 .bindcnt = police->tcf_bindcnt - bind,
279         };
280         struct tcf_t t;
281 
282         if (police->rate_present)
283                 psched_ratecfg_getrate(&opt.rate, &police->rate);
284         if (police->peak_present)
285                 psched_ratecfg_getrate(&opt.peakrate, &police->peak);
286         if (nla_put(skb, TCA_POLICE_TBF, sizeof(opt), &opt))
287                 goto nla_put_failure;
288         if (police->tcfp_result &&
289             nla_put_u32(skb, TCA_POLICE_RESULT, police->tcfp_result))
290                 goto nla_put_failure;
291         if (police->tcfp_ewma_rate &&
292             nla_put_u32(skb, TCA_POLICE_AVRATE, police->tcfp_ewma_rate))
293                 goto nla_put_failure;
294 
295         t.install = jiffies_to_clock_t(jiffies - police->tcf_tm.install);
296         t.lastuse = jiffies_to_clock_t(jiffies - police->tcf_tm.lastuse);
297         t.firstuse = jiffies_to_clock_t(jiffies - police->tcf_tm.firstuse);
298         t.expires = jiffies_to_clock_t(police->tcf_tm.expires);
299         if (nla_put_64bit(skb, TCA_POLICE_TM, sizeof(t), &t, TCA_POLICE_PAD))
300                 goto nla_put_failure;
301 
302         return skb->len;
303 
304 nla_put_failure:
305         nlmsg_trim(skb, b);
306         return -1;
307 }
308 
309 static int tcf_police_search(struct net *net, struct tc_action **a, u32 index)
310 {
311         struct tc_action_net *tn = net_generic(net, police_net_id);
312 
313         return tcf_hash_search(tn, a, index);
314 }
315 
316 MODULE_AUTHOR("Alexey Kuznetsov");
317 MODULE_DESCRIPTION("Policing actions");
318 MODULE_LICENSE("GPL");
319 
320 static struct tc_action_ops act_police_ops = {
321         .kind           =       "police",
322         .type           =       TCA_ID_POLICE,
323         .owner          =       THIS_MODULE,
324         .act            =       tcf_act_police,
325         .dump           =       tcf_act_police_dump,
326         .init           =       tcf_act_police_init,
327         .walk           =       tcf_act_police_walker,
328         .lookup         =       tcf_police_search,
329         .size           =       sizeof(struct tcf_police),
330 };
331 
332 static __net_init int police_init_net(struct net *net)
333 {
334         struct tc_action_net *tn = net_generic(net, police_net_id);
335 
336         return tc_action_net_init(tn, &act_police_ops, POL_TAB_MASK);
337 }
338 
339 static void __net_exit police_exit_net(struct net *net)
340 {
341         struct tc_action_net *tn = net_generic(net, police_net_id);
342 
343         tc_action_net_exit(tn);
344 }
345 
346 static struct pernet_operations police_net_ops = {
347         .init = police_init_net,
348         .exit = police_exit_net,
349         .id   = &police_net_id,
350         .size = sizeof(struct tc_action_net),
351 };
352 
353 static int __init police_init_module(void)
354 {
355         return tcf_register_action(&act_police_ops, &police_net_ops);
356 }
357 
358 static void __exit police_cleanup_module(void)
359 {
360         tcf_unregister_action(&act_police_ops, &police_net_ops);
361 }
362 
363 module_init(police_init_module);
364 module_exit(police_cleanup_module);
365 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp