1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
5 * Development of this code funded by Astaro AG (http://www.astaro.com/)
8 #include <linux/kernel.h>
9 #include <linux/init.h>
10 #include <linux/module.h>
11 #include <linux/list.h>
12 #include <linux/rbtree.h>
13 #include <linux/netlink.h>
14 #include <linux/netfilter.h>
15 #include <linux/netfilter/nf_tables.h>
16 #include <net/netfilter/nf_tables_core.h>
22 struct delayed_work gc_work;
25 struct nft_rbtree_elem {
27 struct nft_set_ext ext;
30 static bool nft_rbtree_interval_end(const struct nft_rbtree_elem *rbe)
32 return nft_set_ext_exists(&rbe->ext, NFT_SET_EXT_FLAGS) &&
33 (*nft_set_ext_flags(&rbe->ext) & NFT_SET_ELEM_INTERVAL_END);
36 static bool nft_rbtree_equal(const struct nft_set *set, const void *this,
37 const struct nft_rbtree_elem *interval)
39 return memcmp(this, nft_set_ext_key(&interval->ext), set->klen) == 0;
42 static bool __nft_rbtree_lookup(const struct net *net, const struct nft_set *set,
43 const u32 *key, const struct nft_set_ext **ext,
46 struct nft_rbtree *priv = nft_set_priv(set);
47 const struct nft_rbtree_elem *rbe, *interval = NULL;
48 u8 genmask = nft_genmask_cur(net);
49 const struct rb_node *parent;
53 parent = rcu_dereference_raw(priv->root.rb_node);
54 while (parent != NULL) {
55 if (read_seqcount_retry(&priv->count, seq))
58 rbe = rb_entry(parent, struct nft_rbtree_elem, node);
60 this = nft_set_ext_key(&rbe->ext);
61 d = memcmp(this, key, set->klen);
63 parent = rcu_dereference_raw(parent->rb_left);
65 nft_rbtree_equal(set, this, interval) &&
66 nft_rbtree_interval_end(rbe) &&
67 !nft_rbtree_interval_end(interval))
71 parent = rcu_dereference_raw(parent->rb_right);
73 if (!nft_set_elem_active(&rbe->ext, genmask)) {
74 parent = rcu_dereference_raw(parent->rb_left);
77 if (nft_rbtree_interval_end(rbe)) {
78 if (nft_set_is_anonymous(set))
80 parent = rcu_dereference_raw(parent->rb_left);
90 if (set->flags & NFT_SET_INTERVAL && interval != NULL &&
91 nft_set_elem_active(&interval->ext, genmask) &&
92 !nft_rbtree_interval_end(interval)) {
93 *ext = &interval->ext;
100 static bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set,
101 const u32 *key, const struct nft_set_ext **ext)
103 struct nft_rbtree *priv = nft_set_priv(set);
104 unsigned int seq = read_seqcount_begin(&priv->count);
107 ret = __nft_rbtree_lookup(net, set, key, ext, seq);
108 if (ret || !read_seqcount_retry(&priv->count, seq))
111 read_lock_bh(&priv->lock);
112 seq = read_seqcount_begin(&priv->count);
113 ret = __nft_rbtree_lookup(net, set, key, ext, seq);
114 read_unlock_bh(&priv->lock);
119 static bool __nft_rbtree_get(const struct net *net, const struct nft_set *set,
120 const u32 *key, struct nft_rbtree_elem **elem,
121 unsigned int seq, unsigned int flags, u8 genmask)
123 struct nft_rbtree_elem *rbe, *interval = NULL;
124 struct nft_rbtree *priv = nft_set_priv(set);
125 const struct rb_node *parent;
129 parent = rcu_dereference_raw(priv->root.rb_node);
130 while (parent != NULL) {
131 if (read_seqcount_retry(&priv->count, seq))
134 rbe = rb_entry(parent, struct nft_rbtree_elem, node);
136 this = nft_set_ext_key(&rbe->ext);
137 d = memcmp(this, key, set->klen);
139 parent = rcu_dereference_raw(parent->rb_left);
140 if (!(flags & NFT_SET_ELEM_INTERVAL_END))
143 parent = rcu_dereference_raw(parent->rb_right);
144 if (flags & NFT_SET_ELEM_INTERVAL_END)
147 if (!nft_set_elem_active(&rbe->ext, genmask)) {
148 parent = rcu_dereference_raw(parent->rb_left);
152 if (!nft_set_ext_exists(&rbe->ext, NFT_SET_EXT_FLAGS) ||
153 (*nft_set_ext_flags(&rbe->ext) & NFT_SET_ELEM_INTERVAL_END) ==
154 (flags & NFT_SET_ELEM_INTERVAL_END)) {
159 if (nft_rbtree_interval_end(rbe))
162 parent = rcu_dereference_raw(parent->rb_left);
166 if (set->flags & NFT_SET_INTERVAL && interval != NULL &&
167 nft_set_elem_active(&interval->ext, genmask) &&
168 ((!nft_rbtree_interval_end(interval) &&
169 !(flags & NFT_SET_ELEM_INTERVAL_END)) ||
170 (nft_rbtree_interval_end(interval) &&
171 (flags & NFT_SET_ELEM_INTERVAL_END)))) {
179 static void *nft_rbtree_get(const struct net *net, const struct nft_set *set,
180 const struct nft_set_elem *elem, unsigned int flags)
182 struct nft_rbtree *priv = nft_set_priv(set);
183 unsigned int seq = read_seqcount_begin(&priv->count);
184 struct nft_rbtree_elem *rbe = ERR_PTR(-ENOENT);
185 const u32 *key = (const u32 *)&elem->key.val;
186 u8 genmask = nft_genmask_cur(net);
189 ret = __nft_rbtree_get(net, set, key, &rbe, seq, flags, genmask);
190 if (ret || !read_seqcount_retry(&priv->count, seq))
193 read_lock_bh(&priv->lock);
194 seq = read_seqcount_begin(&priv->count);
195 ret = __nft_rbtree_get(net, set, key, &rbe, seq, flags, genmask);
197 rbe = ERR_PTR(-ENOENT);
198 read_unlock_bh(&priv->lock);
203 static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
204 struct nft_rbtree_elem *new,
205 struct nft_set_ext **ext)
207 struct nft_rbtree *priv = nft_set_priv(set);
208 u8 genmask = nft_genmask_next(net);
209 struct nft_rbtree_elem *rbe;
210 struct rb_node *parent, **p;
214 p = &priv->root.rb_node;
217 rbe = rb_entry(parent, struct nft_rbtree_elem, node);
218 d = memcmp(nft_set_ext_key(&rbe->ext),
219 nft_set_ext_key(&new->ext),
222 p = &parent->rb_left;
224 p = &parent->rb_right;
226 if (nft_rbtree_interval_end(rbe) &&
227 !nft_rbtree_interval_end(new)) {
228 p = &parent->rb_left;
229 } else if (!nft_rbtree_interval_end(rbe) &&
230 nft_rbtree_interval_end(new)) {
231 p = &parent->rb_right;
232 } else if (nft_set_elem_active(&rbe->ext, genmask)) {
236 p = &parent->rb_left;
240 rb_link_node_rcu(&new->node, parent, p);
241 rb_insert_color(&new->node, &priv->root);
245 static int nft_rbtree_insert(const struct net *net, const struct nft_set *set,
246 const struct nft_set_elem *elem,
247 struct nft_set_ext **ext)
249 struct nft_rbtree *priv = nft_set_priv(set);
250 struct nft_rbtree_elem *rbe = elem->priv;
253 write_lock_bh(&priv->lock);
254 write_seqcount_begin(&priv->count);
255 err = __nft_rbtree_insert(net, set, rbe, ext);
256 write_seqcount_end(&priv->count);
257 write_unlock_bh(&priv->lock);
262 static void nft_rbtree_remove(const struct net *net,
263 const struct nft_set *set,
264 const struct nft_set_elem *elem)
266 struct nft_rbtree *priv = nft_set_priv(set);
267 struct nft_rbtree_elem *rbe = elem->priv;
269 write_lock_bh(&priv->lock);
270 write_seqcount_begin(&priv->count);
271 rb_erase(&rbe->node, &priv->root);
272 write_seqcount_end(&priv->count);
273 write_unlock_bh(&priv->lock);
276 static void nft_rbtree_activate(const struct net *net,
277 const struct nft_set *set,
278 const struct nft_set_elem *elem)
280 struct nft_rbtree_elem *rbe = elem->priv;
282 nft_set_elem_change_active(net, set, &rbe->ext);
283 nft_set_elem_clear_busy(&rbe->ext);
286 static bool nft_rbtree_flush(const struct net *net,
287 const struct nft_set *set, void *priv)
289 struct nft_rbtree_elem *rbe = priv;
291 if (!nft_set_elem_mark_busy(&rbe->ext) ||
292 !nft_is_active(net, &rbe->ext)) {
293 nft_set_elem_change_active(net, set, &rbe->ext);
299 static void *nft_rbtree_deactivate(const struct net *net,
300 const struct nft_set *set,
301 const struct nft_set_elem *elem)
303 const struct nft_rbtree *priv = nft_set_priv(set);
304 const struct rb_node *parent = priv->root.rb_node;
305 struct nft_rbtree_elem *rbe, *this = elem->priv;
306 u8 genmask = nft_genmask_next(net);
309 while (parent != NULL) {
310 rbe = rb_entry(parent, struct nft_rbtree_elem, node);
312 d = memcmp(nft_set_ext_key(&rbe->ext), &elem->key.val,
315 parent = parent->rb_left;
317 parent = parent->rb_right;
319 if (nft_rbtree_interval_end(rbe) &&
320 !nft_rbtree_interval_end(this)) {
321 parent = parent->rb_left;
323 } else if (!nft_rbtree_interval_end(rbe) &&
324 nft_rbtree_interval_end(this)) {
325 parent = parent->rb_right;
327 } else if (!nft_set_elem_active(&rbe->ext, genmask)) {
328 parent = parent->rb_left;
331 nft_rbtree_flush(net, set, rbe);
338 static void nft_rbtree_walk(const struct nft_ctx *ctx,
340 struct nft_set_iter *iter)
342 struct nft_rbtree *priv = nft_set_priv(set);
343 struct nft_rbtree_elem *rbe;
344 struct nft_set_elem elem;
345 struct rb_node *node;
347 read_lock_bh(&priv->lock);
348 for (node = rb_first(&priv->root); node != NULL; node = rb_next(node)) {
349 rbe = rb_entry(node, struct nft_rbtree_elem, node);
351 if (iter->count < iter->skip)
353 if (!nft_set_elem_active(&rbe->ext, iter->genmask))
358 iter->err = iter->fn(ctx, set, iter, &elem);
360 read_unlock_bh(&priv->lock);
366 read_unlock_bh(&priv->lock);
369 static void nft_rbtree_gc(struct work_struct *work)
371 struct nft_rbtree_elem *rbe, *rbe_end = NULL, *rbe_prev = NULL;
372 struct nft_set_gc_batch *gcb = NULL;
373 struct nft_rbtree *priv;
374 struct rb_node *node;
377 priv = container_of(work, struct nft_rbtree, gc_work.work);
378 set = nft_set_container_of(priv);
380 write_lock_bh(&priv->lock);
381 write_seqcount_begin(&priv->count);
382 for (node = rb_first(&priv->root); node != NULL; node = rb_next(node)) {
383 rbe = rb_entry(node, struct nft_rbtree_elem, node);
385 if (nft_rbtree_interval_end(rbe)) {
389 if (!nft_set_elem_expired(&rbe->ext))
391 if (nft_set_elem_mark_busy(&rbe->ext))
395 rb_erase(&rbe_prev->node, &priv->root);
398 gcb = nft_set_gc_batch_check(set, gcb, GFP_ATOMIC);
402 atomic_dec(&set->nelems);
403 nft_set_gc_batch_add(gcb, rbe);
407 atomic_dec(&set->nelems);
408 nft_set_gc_batch_add(gcb, rbe_end);
409 rb_erase(&rbe_end->node, &priv->root);
412 node = rb_next(node);
417 rb_erase(&rbe_prev->node, &priv->root);
418 write_seqcount_end(&priv->count);
419 write_unlock_bh(&priv->lock);
421 nft_set_gc_batch_complete(gcb);
423 queue_delayed_work(system_power_efficient_wq, &priv->gc_work,
424 nft_set_gc_interval(set));
427 static u64 nft_rbtree_privsize(const struct nlattr * const nla[],
428 const struct nft_set_desc *desc)
430 return sizeof(struct nft_rbtree);
433 static int nft_rbtree_init(const struct nft_set *set,
434 const struct nft_set_desc *desc,
435 const struct nlattr * const nla[])
437 struct nft_rbtree *priv = nft_set_priv(set);
439 rwlock_init(&priv->lock);
440 seqcount_init(&priv->count);
441 priv->root = RB_ROOT;
443 INIT_DEFERRABLE_WORK(&priv->gc_work, nft_rbtree_gc);
444 if (set->flags & NFT_SET_TIMEOUT)
445 queue_delayed_work(system_power_efficient_wq, &priv->gc_work,
446 nft_set_gc_interval(set));
451 static void nft_rbtree_destroy(const struct nft_set *set)
453 struct nft_rbtree *priv = nft_set_priv(set);
454 struct nft_rbtree_elem *rbe;
455 struct rb_node *node;
457 cancel_delayed_work_sync(&priv->gc_work);
459 while ((node = priv->root.rb_node) != NULL) {
460 rb_erase(node, &priv->root);
461 rbe = rb_entry(node, struct nft_rbtree_elem, node);
462 nft_set_elem_destroy(set, rbe, true);
466 static bool nft_rbtree_estimate(const struct nft_set_desc *desc, u32 features,
467 struct nft_set_estimate *est)
469 if (desc->field_count > 1)
473 est->size = sizeof(struct nft_rbtree) +
474 desc->size * sizeof(struct nft_rbtree_elem);
478 est->lookup = NFT_SET_CLASS_O_LOG_N;
479 est->space = NFT_SET_CLASS_O_N;
484 struct nft_set_type nft_set_rbtree_type __read_mostly = {
485 .owner = THIS_MODULE,
486 .features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT | NFT_SET_TIMEOUT,
488 .privsize = nft_rbtree_privsize,
489 .elemsize = offsetof(struct nft_rbtree_elem, ext),
490 .estimate = nft_rbtree_estimate,
491 .init = nft_rbtree_init,
492 .destroy = nft_rbtree_destroy,
493 .insert = nft_rbtree_insert,
494 .remove = nft_rbtree_remove,
495 .deactivate = nft_rbtree_deactivate,
496 .flush = nft_rbtree_flush,
497 .activate = nft_rbtree_activate,
498 .lookup = nft_rbtree_lookup,
499 .walk = nft_rbtree_walk,
500 .get = nft_rbtree_get,
projects / linux.git / blob