1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2#ifndef __LINUX_PKT_CLS_H
3#define __LINUX_PKT_CLS_H
4
5#include <linux/types.h>
6#include <linux/pkt_sched.h>
7
8#define TC_COOKIE_MAX_SIZE 16
9
10/* Action attributes */
11enum {
12	TCA_ACT_UNSPEC,
13	TCA_ACT_KIND,
14	TCA_ACT_OPTIONS,
15	TCA_ACT_INDEX,
16	TCA_ACT_STATS,
17	TCA_ACT_PAD,
18	TCA_ACT_COOKIE,
19	__TCA_ACT_MAX
20};
21
22#define TCA_ACT_MAX __TCA_ACT_MAX
23#define TCA_OLD_COMPAT (TCA_ACT_MAX+1)
24#define TCA_ACT_MAX_PRIO 32
25#define TCA_ACT_BIND	1
26#define TCA_ACT_NOBIND	0
27#define TCA_ACT_UNBIND	1
28#define TCA_ACT_NOUNBIND	0
29#define TCA_ACT_REPLACE		1
30#define TCA_ACT_NOREPLACE	0
31
32#define TC_ACT_UNSPEC	(-1)
33#define TC_ACT_OK		0
34#define TC_ACT_RECLASSIFY	1
35#define TC_ACT_SHOT		2
36#define TC_ACT_PIPE		3
37#define TC_ACT_STOLEN		4
38#define TC_ACT_QUEUED		5
39#define TC_ACT_REPEAT		6
40#define TC_ACT_REDIRECT		7
41#define TC_ACT_TRAP		8 /* For hw path, this means "trap to cpu"
42				   * and don't further process the frame
43				   * in hardware. For sw path, this is
44				   * equivalent of TC_ACT_STOLEN - drop
45				   * the skb and act like everything
46				   * is alright.
47				   */
48#define TC_ACT_VALUE_MAX	TC_ACT_TRAP
49
50/* There is a special kind of actions called "extended actions",
51 * which need a value parameter. These have a local opcode located in
52 * the highest nibble, starting from 1. The rest of the bits
53 * are used to carry the value. These two parts together make
54 * a combined opcode.
55 */
56#define __TC_ACT_EXT_SHIFT 28
57#define __TC_ACT_EXT(local) ((local) << __TC_ACT_EXT_SHIFT)
58#define TC_ACT_EXT_VAL_MASK ((1 << __TC_ACT_EXT_SHIFT) - 1)
59#define TC_ACT_EXT_OPCODE(combined) ((combined) & (~TC_ACT_EXT_VAL_MASK))
60#define TC_ACT_EXT_CMP(combined, opcode) (TC_ACT_EXT_OPCODE(combined) == opcode)
61
62#define TC_ACT_JUMP __TC_ACT_EXT(1)
63#define TC_ACT_GOTO_CHAIN __TC_ACT_EXT(2)
64#define TC_ACT_EXT_OPCODE_MAX	TC_ACT_GOTO_CHAIN
65
66/* Action type identifiers*/
67enum {
68	TCA_ID_UNSPEC=0,
69	TCA_ID_POLICE=1,
70	/* other actions go here */
71	__TCA_ID_MAX=255
72};
73
74#define TCA_ID_MAX __TCA_ID_MAX
75
76struct tc_police {
77	__u32			index;
78	int			action;
79#define TC_POLICE_UNSPEC	TC_ACT_UNSPEC
80#define TC_POLICE_OK		TC_ACT_OK
81#define TC_POLICE_RECLASSIFY	TC_ACT_RECLASSIFY
82#define TC_POLICE_SHOT		TC_ACT_SHOT
83#define TC_POLICE_PIPE		TC_ACT_PIPE
84
85	__u32			limit;
86	__u32			burst;
87	__u32			mtu;
88	struct tc_ratespec	rate;
89	struct tc_ratespec	peakrate;
90	int			refcnt;
91	int			bindcnt;
92	__u32			capab;
93};
94
95struct tcf_t {
96	__u64   install;
97	__u64   lastuse;
98	__u64   expires;
99	__u64   firstuse;
100};
101
102struct tc_cnt {
103	int                   refcnt;
104	int                   bindcnt;
105};
106
107#define tc_gen \
108	__u32                 index; \
109	__u32                 capab; \
110	int                   action; \
111	int                   refcnt; \
112	int                   bindcnt
113
114enum {
115	TCA_POLICE_UNSPEC,
116	TCA_POLICE_TBF,
117	TCA_POLICE_RATE,
118	TCA_POLICE_PEAKRATE,
119	TCA_POLICE_AVRATE,
120	TCA_POLICE_RESULT,
121	TCA_POLICE_TM,
122	TCA_POLICE_PAD,
123	__TCA_POLICE_MAX
124#define TCA_POLICE_RESULT TCA_POLICE_RESULT
125};
126
127#define TCA_POLICE_MAX (__TCA_POLICE_MAX - 1)
128
129/* tca flags definitions */
130#define TCA_CLS_FLAGS_SKIP_HW	(1 << 0) /* don't offload filter to HW */
131#define TCA_CLS_FLAGS_SKIP_SW	(1 << 1) /* don't use filter in SW */
132#define TCA_CLS_FLAGS_IN_HW	(1 << 2) /* filter is offloaded to HW */
133#define TCA_CLS_FLAGS_NOT_IN_HW (1 << 3) /* filter isn't offloaded to HW */
134#define TCA_CLS_FLAGS_VERBOSE	(1 << 4) /* verbose logging */
135
136/* U32 filters */
137
138#define TC_U32_HTID(h) ((h)&0xFFF00000)
139#define TC_U32_USERHTID(h) (TC_U32_HTID(h)>>20)
140#define TC_U32_HASH(h) (((h)>>12)&0xFF)
141#define TC_U32_NODE(h) ((h)&0xFFF)
142#define TC_U32_KEY(h) ((h)&0xFFFFF)
143#define TC_U32_UNSPEC	0
144#define TC_U32_ROOT	(0xFFF00000)
145
146enum {
147	TCA_U32_UNSPEC,
148	TCA_U32_CLASSID,
149	TCA_U32_HASH,
150	TCA_U32_LINK,
151	TCA_U32_DIVISOR,
152	TCA_U32_SEL,
153	TCA_U32_POLICE,
154	TCA_U32_ACT,
155	TCA_U32_INDEV,
156	TCA_U32_PCNT,
157	TCA_U32_MARK,
158	TCA_U32_FLAGS,
159	TCA_U32_PAD,
160	__TCA_U32_MAX
161};
162
163#define TCA_U32_MAX (__TCA_U32_MAX - 1)
164
165struct tc_u32_key {
166	__be32		mask;
167	__be32		val;
168	int		off;
169	int		offmask;
170};
171
172struct tc_u32_sel {
173	unsigned char		flags;
174	unsigned char		offshift;
175	unsigned char		nkeys;
176
177	__be16			offmask;
178	__u16			off;
179	short			offoff;
180
181	short			hoff;
182	__be32			hmask;
183	struct tc_u32_key	keys[];
184};
185
186struct tc_u32_mark {
187	__u32		val;
188	__u32		mask;
189	__u32		success;
190};
191
192struct tc_u32_pcnt {
193	__u64 rcnt;
194	__u64 rhit;
195	__u64 kcnts[];
196};
197
198/* Flags */
199
200#define TC_U32_TERMINAL		1
201#define TC_U32_OFFSET		2
202#define TC_U32_VAROFFSET	4
203#define TC_U32_EAT		8
204
205#define TC_U32_MAXDEPTH 8
206
207/* ROUTE filter */
208
209enum {
210	TCA_ROUTE4_UNSPEC,
211	TCA_ROUTE4_CLASSID,
212	TCA_ROUTE4_TO,
213	TCA_ROUTE4_FROM,
214	TCA_ROUTE4_IIF,
215	TCA_ROUTE4_POLICE,
216	TCA_ROUTE4_ACT,
217	__TCA_ROUTE4_MAX
218};
219
220#define TCA_ROUTE4_MAX (__TCA_ROUTE4_MAX - 1)
221
222
223/* FW filter */
224
225enum {
226	TCA_FW_UNSPEC,
227	TCA_FW_CLASSID,
228	TCA_FW_POLICE,
229	TCA_FW_INDEV,
230	TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */
231	TCA_FW_MASK,
232	__TCA_FW_MAX
233};
234
235#define TCA_FW_MAX (__TCA_FW_MAX - 1)
236
237/* Flow filter */
238
239enum {
240	FLOW_KEY_SRC,
241	FLOW_KEY_DST,
242	FLOW_KEY_PROTO,
243	FLOW_KEY_PROTO_SRC,
244	FLOW_KEY_PROTO_DST,
245	FLOW_KEY_IIF,
246	FLOW_KEY_PRIORITY,
247	FLOW_KEY_MARK,
248	FLOW_KEY_NFCT,
249	FLOW_KEY_NFCT_SRC,
250	FLOW_KEY_NFCT_DST,
251	FLOW_KEY_NFCT_PROTO_SRC,
252	FLOW_KEY_NFCT_PROTO_DST,
253	FLOW_KEY_RTCLASSID,
254	FLOW_KEY_SKUID,
255	FLOW_KEY_SKGID,
256	FLOW_KEY_VLAN_TAG,
257	FLOW_KEY_RXHASH,
258	__FLOW_KEY_MAX,
259};
260
261#define FLOW_KEY_MAX	(__FLOW_KEY_MAX - 1)
262
263enum {
264	FLOW_MODE_MAP,
265	FLOW_MODE_HASH,
266};
267
268enum {
269	TCA_FLOW_UNSPEC,
270	TCA_FLOW_KEYS,
271	TCA_FLOW_MODE,
272	TCA_FLOW_BASECLASS,
273	TCA_FLOW_RSHIFT,
274	TCA_FLOW_ADDEND,
275	TCA_FLOW_MASK,
276	TCA_FLOW_XOR,
277	TCA_FLOW_DIVISOR,
278	TCA_FLOW_ACT,
279	TCA_FLOW_POLICE,
280	TCA_FLOW_EMATCHES,
281	TCA_FLOW_PERTURB,
282	__TCA_FLOW_MAX
283};
284
285#define TCA_FLOW_MAX	(__TCA_FLOW_MAX - 1)
286
287/* Basic filter */
288
289enum {
290	TCA_BASIC_UNSPEC,
291	TCA_BASIC_CLASSID,
292	TCA_BASIC_EMATCHES,
293	TCA_BASIC_ACT,
294	TCA_BASIC_POLICE,
295	__TCA_BASIC_MAX
296};
297
298#define TCA_BASIC_MAX (__TCA_BASIC_MAX - 1)
299
300
301/* Cgroup classifier */
302
303enum {
304	TCA_CGROUP_UNSPEC,
305	TCA_CGROUP_ACT,
306	TCA_CGROUP_POLICE,
307	TCA_CGROUP_EMATCHES,
308	__TCA_CGROUP_MAX,
309};
310
311#define TCA_CGROUP_MAX (__TCA_CGROUP_MAX - 1)
312
313/* BPF classifier */
314
315#define TCA_BPF_FLAG_ACT_DIRECT		(1 << 0)
316
317enum {
318	TCA_BPF_UNSPEC,
319	TCA_BPF_ACT,
320	TCA_BPF_POLICE,
321	TCA_BPF_CLASSID,
322	TCA_BPF_OPS_LEN,
323	TCA_BPF_OPS,
324	TCA_BPF_FD,
325	TCA_BPF_NAME,
326	TCA_BPF_FLAGS,
327	TCA_BPF_FLAGS_GEN,
328	TCA_BPF_TAG,
329	TCA_BPF_ID,
330	__TCA_BPF_MAX,
331};
332
333#define TCA_BPF_MAX (__TCA_BPF_MAX - 1)
334
335/* Flower classifier */
336
337enum {
338	TCA_FLOWER_UNSPEC,
339	TCA_FLOWER_CLASSID,
340	TCA_FLOWER_INDEV,
341	TCA_FLOWER_ACT,
342	TCA_FLOWER_KEY_ETH_DST,		/* ETH_ALEN */
343	TCA_FLOWER_KEY_ETH_DST_MASK,	/* ETH_ALEN */
344	TCA_FLOWER_KEY_ETH_SRC,		/* ETH_ALEN */
345	TCA_FLOWER_KEY_ETH_SRC_MASK,	/* ETH_ALEN */
346	TCA_FLOWER_KEY_ETH_TYPE,	/* be16 */
347	TCA_FLOWER_KEY_IP_PROTO,	/* u8 */
348	TCA_FLOWER_KEY_IPV4_SRC,	/* be32 */
349	TCA_FLOWER_KEY_IPV4_SRC_MASK,	/* be32 */
350	TCA_FLOWER_KEY_IPV4_DST,	/* be32 */
351	TCA_FLOWER_KEY_IPV4_DST_MASK,	/* be32 */
352	TCA_FLOWER_KEY_IPV6_SRC,	/* struct in6_addr */
353	TCA_FLOWER_KEY_IPV6_SRC_MASK,	/* struct in6_addr */
354	TCA_FLOWER_KEY_IPV6_DST,	/* struct in6_addr */
355	TCA_FLOWER_KEY_IPV6_DST_MASK,	/* struct in6_addr */
356	TCA_FLOWER_KEY_TCP_SRC,		/* be16 */
357	TCA_FLOWER_KEY_TCP_DST,		/* be16 */
358	TCA_FLOWER_KEY_UDP_SRC,		/* be16 */
359	TCA_FLOWER_KEY_UDP_DST,		/* be16 */
360
361	TCA_FLOWER_FLAGS,
362	TCA_FLOWER_KEY_VLAN_ID,		/* be16 */
363	TCA_FLOWER_KEY_VLAN_PRIO,	/* u8   */
364	TCA_FLOWER_KEY_VLAN_ETH_TYPE,	/* be16 */
365
366	TCA_FLOWER_KEY_ENC_KEY_ID,	/* be32 */
367	TCA_FLOWER_KEY_ENC_IPV4_SRC,	/* be32 */
368	TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,/* be32 */
369	TCA_FLOWER_KEY_ENC_IPV4_DST,	/* be32 */
370	TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,/* be32 */
371	TCA_FLOWER_KEY_ENC_IPV6_SRC,	/* struct in6_addr */
372	TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,/* struct in6_addr */
373	TCA_FLOWER_KEY_ENC_IPV6_DST,	/* struct in6_addr */
374	TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,/* struct in6_addr */
375
376	TCA_FLOWER_KEY_TCP_SRC_MASK,	/* be16 */
377	TCA_FLOWER_KEY_TCP_DST_MASK,	/* be16 */
378	TCA_FLOWER_KEY_UDP_SRC_MASK,	/* be16 */
379	TCA_FLOWER_KEY_UDP_DST_MASK,	/* be16 */
380	TCA_FLOWER_KEY_SCTP_SRC_MASK,	/* be16 */
381	TCA_FLOWER_KEY_SCTP_DST_MASK,	/* be16 */
382
383	TCA_FLOWER_KEY_SCTP_SRC,	/* be16 */
384	TCA_FLOWER_KEY_SCTP_DST,	/* be16 */
385
386	TCA_FLOWER_KEY_ENC_UDP_SRC_PORT,	/* be16 */
387	TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK,	/* be16 */
388	TCA_FLOWER_KEY_ENC_UDP_DST_PORT,	/* be16 */
389	TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK,	/* be16 */
390
391	TCA_FLOWER_KEY_FLAGS,		/* be32 */
392	TCA_FLOWER_KEY_FLAGS_MASK,	/* be32 */
393
394	TCA_FLOWER_KEY_ICMPV4_CODE,	/* u8 */
395	TCA_FLOWER_KEY_ICMPV4_CODE_MASK,/* u8 */
396	TCA_FLOWER_KEY_ICMPV4_TYPE,	/* u8 */
397	TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,/* u8 */
398	TCA_FLOWER_KEY_ICMPV6_CODE,	/* u8 */
399	TCA_FLOWER_KEY_ICMPV6_CODE_MASK,/* u8 */
400	TCA_FLOWER_KEY_ICMPV6_TYPE,	/* u8 */
401	TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,/* u8 */
402
403	TCA_FLOWER_KEY_ARP_SIP,		/* be32 */
404	TCA_FLOWER_KEY_ARP_SIP_MASK,	/* be32 */
405	TCA_FLOWER_KEY_ARP_TIP,		/* be32 */
406	TCA_FLOWER_KEY_ARP_TIP_MASK,	/* be32 */
407	TCA_FLOWER_KEY_ARP_OP,		/* u8 */
408	TCA_FLOWER_KEY_ARP_OP_MASK,	/* u8 */
409	TCA_FLOWER_KEY_ARP_SHA,		/* ETH_ALEN */
410	TCA_FLOWER_KEY_ARP_SHA_MASK,	/* ETH_ALEN */
411	TCA_FLOWER_KEY_ARP_THA,		/* ETH_ALEN */
412	TCA_FLOWER_KEY_ARP_THA_MASK,	/* ETH_ALEN */
413
414	TCA_FLOWER_KEY_MPLS_TTL,	/* u8 - 8 bits */
415	TCA_FLOWER_KEY_MPLS_BOS,	/* u8 - 1 bit */
416	TCA_FLOWER_KEY_MPLS_TC,		/* u8 - 3 bits */
417	TCA_FLOWER_KEY_MPLS_LABEL,	/* be32 - 20 bits */
418
419	TCA_FLOWER_KEY_TCP_FLAGS,	/* be16 */
420	TCA_FLOWER_KEY_TCP_FLAGS_MASK,	/* be16 */
421
422	TCA_FLOWER_KEY_IP_TOS,		/* u8 */
423	TCA_FLOWER_KEY_IP_TOS_MASK,	/* u8 */
424	TCA_FLOWER_KEY_IP_TTL,		/* u8 */
425	TCA_FLOWER_KEY_IP_TTL_MASK,	/* u8 */
426
427	TCA_FLOWER_KEY_CVLAN_ID,	/* be16 */
428	TCA_FLOWER_KEY_CVLAN_PRIO,	/* u8   */
429	TCA_FLOWER_KEY_CVLAN_ETH_TYPE,	/* be16 */
430
431	TCA_FLOWER_KEY_ENC_IP_TOS,	/* u8 */
432	TCA_FLOWER_KEY_ENC_IP_TOS_MASK,	/* u8 */
433	TCA_FLOWER_KEY_ENC_IP_TTL,	/* u8 */
434	TCA_FLOWER_KEY_ENC_IP_TTL_MASK,	/* u8 */
435
436	TCA_FLOWER_KEY_ENC_OPTS,
437	TCA_FLOWER_KEY_ENC_OPTS_MASK,
438
439	TCA_FLOWER_IN_HW_COUNT,
440
441	__TCA_FLOWER_MAX,
442};
443
444#define TCA_FLOWER_MAX (__TCA_FLOWER_MAX - 1)
445
446enum {
447	TCA_FLOWER_KEY_ENC_OPTS_UNSPEC,
448	TCA_FLOWER_KEY_ENC_OPTS_GENEVE, /* Nested
449					 * TCA_FLOWER_KEY_ENC_OPT_GENEVE_
450					 * attributes
451					 */
452	__TCA_FLOWER_KEY_ENC_OPTS_MAX,
453};
454
455#define TCA_FLOWER_KEY_ENC_OPTS_MAX (__TCA_FLOWER_KEY_ENC_OPTS_MAX - 1)
456
457enum {
458	TCA_FLOWER_KEY_ENC_OPT_GENEVE_UNSPEC,
459	TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS,            /* u16 */
460	TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE,             /* u8 */
461	TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA,             /* 4 to 128 bytes */
462
463	__TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
464};
465
466#define TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX \
467		(__TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX - 1)
468
469enum {
470	TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
471	TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST = (1 << 1),
472};
473
474/* Match-all classifier */
475
476enum {
477	TCA_MATCHALL_UNSPEC,
478	TCA_MATCHALL_CLASSID,
479	TCA_MATCHALL_ACT,
480	TCA_MATCHALL_FLAGS,
481	__TCA_MATCHALL_MAX,
482};
483
484#define TCA_MATCHALL_MAX (__TCA_MATCHALL_MAX - 1)
485
486/* Extended Matches */
487
488struct tcf_ematch_tree_hdr {
489	__u16		nmatches;
490	__u16		progid;
491};
492
493enum {
494	TCA_EMATCH_TREE_UNSPEC,
495	TCA_EMATCH_TREE_HDR,
496	TCA_EMATCH_TREE_LIST,
497	__TCA_EMATCH_TREE_MAX
498};
499#define TCA_EMATCH_TREE_MAX (__TCA_EMATCH_TREE_MAX - 1)
500
501struct tcf_ematch_hdr {
502	__u16		matchid;
503	__u16		kind;
504	__u16		flags;
505	__u16		pad; /* currently unused */
506};
507
508/*  0                   1
509 *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
510 * +-----------------------+-+-+---+
511 * |         Unused        |S|I| R |
512 * +-----------------------+-+-+---+
513 *
514 * R(2) ::= relation to next ematch
515 *          where: 0 0 END (last ematch)
516 *                 0 1 AND
517 *                 1 0 OR
518 *                 1 1 Unused (invalid)
519 * I(1) ::= invert result
520 * S(1) ::= simple payload
521 */
522#define TCF_EM_REL_END	0
523#define TCF_EM_REL_AND	(1<<0)
524#define TCF_EM_REL_OR	(1<<1)
525#define TCF_EM_INVERT	(1<<2)
526#define TCF_EM_SIMPLE	(1<<3)
527
528#define TCF_EM_REL_MASK	3
529#define TCF_EM_REL_VALID(v) (((v) & TCF_EM_REL_MASK) != TCF_EM_REL_MASK)
530
531enum {
532	TCF_LAYER_LINK,
533	TCF_LAYER_NETWORK,
534	TCF_LAYER_TRANSPORT,
535	__TCF_LAYER_MAX
536};
537#define TCF_LAYER_MAX (__TCF_LAYER_MAX - 1)
538
539/* Ematch type assignments
540 *   1..32767		Reserved for ematches inside kernel tree
541 *   32768..65535	Free to use, not reliable
542 */
543#define	TCF_EM_CONTAINER	0
544#define	TCF_EM_CMP		1
545#define	TCF_EM_NBYTE		2
546#define	TCF_EM_U32		3
547#define	TCF_EM_META		4
548#define	TCF_EM_TEXT		5
549#define	TCF_EM_VLAN		6
550#define	TCF_EM_CANID		7
551#define	TCF_EM_IPSET		8
552#define	TCF_EM_IPT		9
553#define	TCF_EM_MAX		9
554
555enum {
556	TCF_EM_PROG_TC
557};
558
559enum {
560	TCF_EM_OPND_EQ,
561	TCF_EM_OPND_GT,
562	TCF_EM_OPND_LT
563};
564
565#endif
566