flow_dissector.c 28 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105
  1. #include <linux/kernel.h>
  2. #include <linux/skbuff.h>
  3. #include <linux/export.h>
  4. #include <linux/ip.h>
  5. #include <linux/ipv6.h>
  6. #include <linux/if_vlan.h>
  7. #include <net/ip.h>
  8. #include <net/ipv6.h>
  9. #include <net/gre.h>
  10. #include <net/pptp.h>
  11. #include <linux/igmp.h>
  12. #include <linux/icmp.h>
  13. #include <linux/sctp.h>
  14. #include <linux/dccp.h>
  15. #include <linux/if_tunnel.h>
  16. #include <linux/if_pppox.h>
  17. #include <linux/ppp_defs.h>
  18. #include <linux/stddef.h>
  19. #include <linux/if_ether.h>
  20. #include <linux/mpls.h>
  21. #include <net/flow_dissector.h>
  22. #include <scsi/fc/fc_fcoe.h>
  23. static void dissector_set_key(struct flow_dissector *flow_dissector,
  24. enum flow_dissector_key_id key_id)
  25. {
  26. flow_dissector->used_keys |= (1 << key_id);
  27. }
  28. void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
  29. const struct flow_dissector_key *key,
  30. unsigned int key_count)
  31. {
  32. unsigned int i;
  33. memset(flow_dissector, 0, sizeof(*flow_dissector));
  34. for (i = 0; i < key_count; i++, key++) {
  35. /* User should make sure that every key target offset is withing
  36. * boundaries of unsigned short.
  37. */
  38. BUG_ON(key->offset > USHRT_MAX);
  39. BUG_ON(dissector_uses_key(flow_dissector,
  40. key->key_id));
  41. dissector_set_key(flow_dissector, key->key_id);
  42. flow_dissector->offset[key->key_id] = key->offset;
  43. }
  44. /* Ensure that the dissector always includes control and basic key.
  45. * That way we are able to avoid handling lack of these in fast path.
  46. */
  47. BUG_ON(!dissector_uses_key(flow_dissector,
  48. FLOW_DISSECTOR_KEY_CONTROL));
  49. BUG_ON(!dissector_uses_key(flow_dissector,
  50. FLOW_DISSECTOR_KEY_BASIC));
  51. }
  52. EXPORT_SYMBOL(skb_flow_dissector_init);
  53. /**
  54. * skb_flow_get_be16 - extract be16 entity
  55. * @skb: sk_buff to extract from
  56. * @poff: offset to extract at
  57. * @data: raw buffer pointer to the packet
  58. * @hlen: packet header length
  59. *
  60. * The function will try to retrieve a be32 entity at
  61. * offset poff
  62. */
  63. static __be16 skb_flow_get_be16(const struct sk_buff *skb, int poff,
  64. void *data, int hlen)
  65. {
  66. __be16 *u, _u;
  67. u = __skb_header_pointer(skb, poff, sizeof(_u), data, hlen, &_u);
  68. if (u)
  69. return *u;
  70. return 0;
  71. }
  72. /**
  73. * __skb_flow_get_ports - extract the upper layer ports and return them
  74. * @skb: sk_buff to extract the ports from
  75. * @thoff: transport header offset
  76. * @ip_proto: protocol for which to get port offset
  77. * @data: raw buffer pointer to the packet, if NULL use skb->data
  78. * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
  79. *
  80. * The function will try to retrieve the ports at offset thoff + poff where poff
  81. * is the protocol port offset returned from proto_ports_offset
  82. */
  83. __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
  84. void *data, int hlen)
  85. {
  86. int poff = proto_ports_offset(ip_proto);
  87. if (!data) {
  88. data = skb->data;
  89. hlen = skb_headlen(skb);
  90. }
  91. if (poff >= 0) {
  92. __be32 *ports, _ports;
  93. ports = __skb_header_pointer(skb, thoff + poff,
  94. sizeof(_ports), data, hlen, &_ports);
  95. if (ports)
  96. return *ports;
  97. }
  98. return 0;
  99. }
  100. EXPORT_SYMBOL(__skb_flow_get_ports);
  101. /**
  102. * __skb_flow_dissect - extract the flow_keys struct and return it
  103. * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
  104. * @flow_dissector: list of keys to dissect
  105. * @target_container: target structure to put dissected values into
  106. * @data: raw buffer pointer to the packet, if NULL use skb->data
  107. * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
  108. * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
  109. * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
  110. *
  111. * The function will try to retrieve individual keys into target specified
  112. * by flow_dissector from either the skbuff or a raw buffer specified by the
  113. * rest parameters.
  114. *
  115. * Caller must take care of zeroing target container memory.
  116. */
  117. bool __skb_flow_dissect(const struct sk_buff *skb,
  118. struct flow_dissector *flow_dissector,
  119. void *target_container,
  120. void *data, __be16 proto, int nhoff, int hlen,
  121. unsigned int flags)
  122. {
  123. struct flow_dissector_key_control *key_control;
  124. struct flow_dissector_key_basic *key_basic;
  125. struct flow_dissector_key_addrs *key_addrs;
  126. struct flow_dissector_key_arp *key_arp;
  127. struct flow_dissector_key_ports *key_ports;
  128. struct flow_dissector_key_icmp *key_icmp;
  129. struct flow_dissector_key_tags *key_tags;
  130. struct flow_dissector_key_vlan *key_vlan;
  131. struct flow_dissector_key_keyid *key_keyid;
  132. bool skip_vlan = false;
  133. u8 ip_proto = 0;
  134. bool ret;
  135. if (!data) {
  136. data = skb->data;
  137. proto = skb_vlan_tag_present(skb) ?
  138. skb->vlan_proto : skb->protocol;
  139. nhoff = skb_network_offset(skb);
  140. hlen = skb_headlen(skb);
  141. }
  142. /* It is ensured by skb_flow_dissector_init() that control key will
  143. * be always present.
  144. */
  145. key_control = skb_flow_dissector_target(flow_dissector,
  146. FLOW_DISSECTOR_KEY_CONTROL,
  147. target_container);
  148. /* It is ensured by skb_flow_dissector_init() that basic key will
  149. * be always present.
  150. */
  151. key_basic = skb_flow_dissector_target(flow_dissector,
  152. FLOW_DISSECTOR_KEY_BASIC,
  153. target_container);
  154. if (dissector_uses_key(flow_dissector,
  155. FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
  156. struct ethhdr *eth = eth_hdr(skb);
  157. struct flow_dissector_key_eth_addrs *key_eth_addrs;
  158. key_eth_addrs = skb_flow_dissector_target(flow_dissector,
  159. FLOW_DISSECTOR_KEY_ETH_ADDRS,
  160. target_container);
  161. memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
  162. }
  163. again:
  164. switch (proto) {
  165. case htons(ETH_P_IP): {
  166. const struct iphdr *iph;
  167. struct iphdr _iph;
  168. ip:
  169. iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
  170. if (!iph || iph->ihl < 5)
  171. goto out_bad;
  172. nhoff += iph->ihl * 4;
  173. ip_proto = iph->protocol;
  174. if (dissector_uses_key(flow_dissector,
  175. FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
  176. key_addrs = skb_flow_dissector_target(flow_dissector,
  177. FLOW_DISSECTOR_KEY_IPV4_ADDRS,
  178. target_container);
  179. memcpy(&key_addrs->v4addrs, &iph->saddr,
  180. sizeof(key_addrs->v4addrs));
  181. key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
  182. }
  183. if (ip_is_fragment(iph)) {
  184. key_control->flags |= FLOW_DIS_IS_FRAGMENT;
  185. if (iph->frag_off & htons(IP_OFFSET)) {
  186. goto out_good;
  187. } else {
  188. key_control->flags |= FLOW_DIS_FIRST_FRAG;
  189. if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
  190. goto out_good;
  191. }
  192. }
  193. if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
  194. goto out_good;
  195. break;
  196. }
  197. case htons(ETH_P_IPV6): {
  198. const struct ipv6hdr *iph;
  199. struct ipv6hdr _iph;
  200. ipv6:
  201. iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
  202. if (!iph)
  203. goto out_bad;
  204. ip_proto = iph->nexthdr;
  205. nhoff += sizeof(struct ipv6hdr);
  206. if (dissector_uses_key(flow_dissector,
  207. FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
  208. key_addrs = skb_flow_dissector_target(flow_dissector,
  209. FLOW_DISSECTOR_KEY_IPV6_ADDRS,
  210. target_container);
  211. memcpy(&key_addrs->v6addrs, &iph->saddr,
  212. sizeof(key_addrs->v6addrs));
  213. key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
  214. }
  215. if ((dissector_uses_key(flow_dissector,
  216. FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
  217. (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
  218. ip6_flowlabel(iph)) {
  219. __be32 flow_label = ip6_flowlabel(iph);
  220. if (dissector_uses_key(flow_dissector,
  221. FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
  222. key_tags = skb_flow_dissector_target(flow_dissector,
  223. FLOW_DISSECTOR_KEY_FLOW_LABEL,
  224. target_container);
  225. key_tags->flow_label = ntohl(flow_label);
  226. }
  227. if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
  228. goto out_good;
  229. }
  230. if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
  231. goto out_good;
  232. break;
  233. }
  234. case htons(ETH_P_8021AD):
  235. case htons(ETH_P_8021Q): {
  236. const struct vlan_hdr *vlan;
  237. struct vlan_hdr _vlan;
  238. bool vlan_tag_present = skb && skb_vlan_tag_present(skb);
  239. if (vlan_tag_present)
  240. proto = skb->protocol;
  241. if (!vlan_tag_present || eth_type_vlan(skb->protocol)) {
  242. vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
  243. data, hlen, &_vlan);
  244. if (!vlan)
  245. goto out_bad;
  246. proto = vlan->h_vlan_encapsulated_proto;
  247. nhoff += sizeof(*vlan);
  248. if (skip_vlan)
  249. goto again;
  250. }
  251. skip_vlan = true;
  252. if (dissector_uses_key(flow_dissector,
  253. FLOW_DISSECTOR_KEY_VLAN)) {
  254. key_vlan = skb_flow_dissector_target(flow_dissector,
  255. FLOW_DISSECTOR_KEY_VLAN,
  256. target_container);
  257. if (vlan_tag_present) {
  258. key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
  259. key_vlan->vlan_priority =
  260. (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT);
  261. } else {
  262. key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
  263. VLAN_VID_MASK;
  264. key_vlan->vlan_priority =
  265. (ntohs(vlan->h_vlan_TCI) &
  266. VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
  267. }
  268. }
  269. goto again;
  270. }
  271. case htons(ETH_P_PPP_SES): {
  272. struct {
  273. struct pppoe_hdr hdr;
  274. __be16 proto;
  275. } *hdr, _hdr;
  276. hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
  277. if (!hdr)
  278. goto out_bad;
  279. proto = hdr->proto;
  280. nhoff += PPPOE_SES_HLEN;
  281. switch (proto) {
  282. case htons(PPP_IP):
  283. goto ip;
  284. case htons(PPP_IPV6):
  285. goto ipv6;
  286. default:
  287. goto out_bad;
  288. }
  289. }
  290. case htons(ETH_P_TIPC): {
  291. struct {
  292. __be32 pre[3];
  293. __be32 srcnode;
  294. } *hdr, _hdr;
  295. hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
  296. if (!hdr)
  297. goto out_bad;
  298. if (dissector_uses_key(flow_dissector,
  299. FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
  300. key_addrs = skb_flow_dissector_target(flow_dissector,
  301. FLOW_DISSECTOR_KEY_TIPC_ADDRS,
  302. target_container);
  303. key_addrs->tipcaddrs.srcnode = hdr->srcnode;
  304. key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
  305. }
  306. goto out_good;
  307. }
  308. case htons(ETH_P_MPLS_UC):
  309. case htons(ETH_P_MPLS_MC): {
  310. struct mpls_label *hdr, _hdr[2];
  311. mpls:
  312. hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
  313. hlen, &_hdr);
  314. if (!hdr)
  315. goto out_bad;
  316. if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >>
  317. MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) {
  318. if (dissector_uses_key(flow_dissector,
  319. FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) {
  320. key_keyid = skb_flow_dissector_target(flow_dissector,
  321. FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
  322. target_container);
  323. key_keyid->keyid = hdr[1].entry &
  324. htonl(MPLS_LS_LABEL_MASK);
  325. }
  326. goto out_good;
  327. }
  328. goto out_good;
  329. }
  330. case htons(ETH_P_FCOE):
  331. if ((hlen - nhoff) < FCOE_HEADER_LEN)
  332. goto out_bad;
  333. nhoff += FCOE_HEADER_LEN;
  334. goto out_good;
  335. case htons(ETH_P_ARP):
  336. case htons(ETH_P_RARP): {
  337. struct {
  338. unsigned char ar_sha[ETH_ALEN];
  339. unsigned char ar_sip[4];
  340. unsigned char ar_tha[ETH_ALEN];
  341. unsigned char ar_tip[4];
  342. } *arp_eth, _arp_eth;
  343. const struct arphdr *arp;
  344. struct arphdr *_arp;
  345. arp = __skb_header_pointer(skb, nhoff, sizeof(_arp), data,
  346. hlen, &_arp);
  347. if (!arp)
  348. goto out_bad;
  349. if (arp->ar_hrd != htons(ARPHRD_ETHER) ||
  350. arp->ar_pro != htons(ETH_P_IP) ||
  351. arp->ar_hln != ETH_ALEN ||
  352. arp->ar_pln != 4 ||
  353. (arp->ar_op != htons(ARPOP_REPLY) &&
  354. arp->ar_op != htons(ARPOP_REQUEST)))
  355. goto out_bad;
  356. arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
  357. sizeof(_arp_eth), data,
  358. hlen,
  359. &_arp_eth);
  360. if (!arp_eth)
  361. goto out_bad;
  362. if (dissector_uses_key(flow_dissector,
  363. FLOW_DISSECTOR_KEY_ARP)) {
  364. key_arp = skb_flow_dissector_target(flow_dissector,
  365. FLOW_DISSECTOR_KEY_ARP,
  366. target_container);
  367. memcpy(&key_arp->sip, arp_eth->ar_sip,
  368. sizeof(key_arp->sip));
  369. memcpy(&key_arp->tip, arp_eth->ar_tip,
  370. sizeof(key_arp->tip));
  371. /* Only store the lower byte of the opcode;
  372. * this covers ARPOP_REPLY and ARPOP_REQUEST.
  373. */
  374. key_arp->op = ntohs(arp->ar_op) & 0xff;
  375. ether_addr_copy(key_arp->sha, arp_eth->ar_sha);
  376. ether_addr_copy(key_arp->tha, arp_eth->ar_tha);
  377. }
  378. goto out_good;
  379. }
  380. default:
  381. goto out_bad;
  382. }
  383. ip_proto_again:
  384. switch (ip_proto) {
  385. case IPPROTO_GRE: {
  386. struct gre_base_hdr *hdr, _hdr;
  387. u16 gre_ver;
  388. int offset = 0;
  389. hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
  390. if (!hdr)
  391. goto out_bad;
  392. /* Only look inside GRE without routing */
  393. if (hdr->flags & GRE_ROUTING)
  394. break;
  395. /* Only look inside GRE for version 0 and 1 */
  396. gre_ver = ntohs(hdr->flags & GRE_VERSION);
  397. if (gre_ver > 1)
  398. break;
  399. proto = hdr->protocol;
  400. if (gre_ver) {
  401. /* Version1 must be PPTP, and check the flags */
  402. if (!(proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
  403. break;
  404. }
  405. offset += sizeof(struct gre_base_hdr);
  406. if (hdr->flags & GRE_CSUM)
  407. offset += sizeof(((struct gre_full_hdr *)0)->csum) +
  408. sizeof(((struct gre_full_hdr *)0)->reserved1);
  409. if (hdr->flags & GRE_KEY) {
  410. const __be32 *keyid;
  411. __be32 _keyid;
  412. keyid = __skb_header_pointer(skb, nhoff + offset, sizeof(_keyid),
  413. data, hlen, &_keyid);
  414. if (!keyid)
  415. goto out_bad;
  416. if (dissector_uses_key(flow_dissector,
  417. FLOW_DISSECTOR_KEY_GRE_KEYID)) {
  418. key_keyid = skb_flow_dissector_target(flow_dissector,
  419. FLOW_DISSECTOR_KEY_GRE_KEYID,
  420. target_container);
  421. if (gre_ver == 0)
  422. key_keyid->keyid = *keyid;
  423. else
  424. key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
  425. }
  426. offset += sizeof(((struct gre_full_hdr *)0)->key);
  427. }
  428. if (hdr->flags & GRE_SEQ)
  429. offset += sizeof(((struct pptp_gre_header *)0)->seq);
  430. if (gre_ver == 0) {
  431. if (proto == htons(ETH_P_TEB)) {
  432. const struct ethhdr *eth;
  433. struct ethhdr _eth;
  434. eth = __skb_header_pointer(skb, nhoff + offset,
  435. sizeof(_eth),
  436. data, hlen, &_eth);
  437. if (!eth)
  438. goto out_bad;
  439. proto = eth->h_proto;
  440. offset += sizeof(*eth);
  441. /* Cap headers that we access via pointers at the
  442. * end of the Ethernet header as our maximum alignment
  443. * at that point is only 2 bytes.
  444. */
  445. if (NET_IP_ALIGN)
  446. hlen = (nhoff + offset);
  447. }
  448. } else { /* version 1, must be PPTP */
  449. u8 _ppp_hdr[PPP_HDRLEN];
  450. u8 *ppp_hdr;
  451. if (hdr->flags & GRE_ACK)
  452. offset += sizeof(((struct pptp_gre_header *)0)->ack);
  453. ppp_hdr = __skb_header_pointer(skb, nhoff + offset,
  454. sizeof(_ppp_hdr),
  455. data, hlen, _ppp_hdr);
  456. if (!ppp_hdr)
  457. goto out_bad;
  458. switch (PPP_PROTOCOL(ppp_hdr)) {
  459. case PPP_IP:
  460. proto = htons(ETH_P_IP);
  461. break;
  462. case PPP_IPV6:
  463. proto = htons(ETH_P_IPV6);
  464. break;
  465. default:
  466. /* Could probably catch some more like MPLS */
  467. break;
  468. }
  469. offset += PPP_HDRLEN;
  470. }
  471. nhoff += offset;
  472. key_control->flags |= FLOW_DIS_ENCAPSULATION;
  473. if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
  474. goto out_good;
  475. goto again;
  476. }
  477. case NEXTHDR_HOP:
  478. case NEXTHDR_ROUTING:
  479. case NEXTHDR_DEST: {
  480. u8 _opthdr[2], *opthdr;
  481. if (proto != htons(ETH_P_IPV6))
  482. break;
  483. opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
  484. data, hlen, &_opthdr);
  485. if (!opthdr)
  486. goto out_bad;
  487. ip_proto = opthdr[0];
  488. nhoff += (opthdr[1] + 1) << 3;
  489. goto ip_proto_again;
  490. }
  491. case NEXTHDR_FRAGMENT: {
  492. struct frag_hdr _fh, *fh;
  493. if (proto != htons(ETH_P_IPV6))
  494. break;
  495. fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
  496. data, hlen, &_fh);
  497. if (!fh)
  498. goto out_bad;
  499. key_control->flags |= FLOW_DIS_IS_FRAGMENT;
  500. nhoff += sizeof(_fh);
  501. ip_proto = fh->nexthdr;
  502. if (!(fh->frag_off & htons(IP6_OFFSET))) {
  503. key_control->flags |= FLOW_DIS_FIRST_FRAG;
  504. if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
  505. goto ip_proto_again;
  506. }
  507. goto out_good;
  508. }
  509. case IPPROTO_IPIP:
  510. proto = htons(ETH_P_IP);
  511. key_control->flags |= FLOW_DIS_ENCAPSULATION;
  512. if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
  513. goto out_good;
  514. goto ip;
  515. case IPPROTO_IPV6:
  516. proto = htons(ETH_P_IPV6);
  517. key_control->flags |= FLOW_DIS_ENCAPSULATION;
  518. if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
  519. goto out_good;
  520. goto ipv6;
  521. case IPPROTO_MPLS:
  522. proto = htons(ETH_P_MPLS_UC);
  523. goto mpls;
  524. default:
  525. break;
  526. }
  527. if (dissector_uses_key(flow_dissector,
  528. FLOW_DISSECTOR_KEY_PORTS)) {
  529. key_ports = skb_flow_dissector_target(flow_dissector,
  530. FLOW_DISSECTOR_KEY_PORTS,
  531. target_container);
  532. key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
  533. data, hlen);
  534. }
  535. if (dissector_uses_key(flow_dissector,
  536. FLOW_DISSECTOR_KEY_ICMP)) {
  537. key_icmp = skb_flow_dissector_target(flow_dissector,
  538. FLOW_DISSECTOR_KEY_ICMP,
  539. target_container);
  540. key_icmp->icmp = skb_flow_get_be16(skb, nhoff, data, hlen);
  541. }
  542. out_good:
  543. ret = true;
  544. key_control->thoff = (u16)nhoff;
  545. out:
  546. key_basic->n_proto = proto;
  547. key_basic->ip_proto = ip_proto;
  548. return ret;
  549. out_bad:
  550. ret = false;
  551. key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
  552. goto out;
  553. }
  554. EXPORT_SYMBOL(__skb_flow_dissect);
  555. static u32 hashrnd __read_mostly;
  556. static __always_inline void __flow_hash_secret_init(void)
  557. {
  558. net_get_random_once(&hashrnd, sizeof(hashrnd));
  559. }
  560. static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,
  561. u32 keyval)
  562. {
  563. return jhash2(words, length, keyval);
  564. }
  565. static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)
  566. {
  567. const void *p = flow;
  568. BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));
  569. return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);
  570. }
  571. static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
  572. {
  573. size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
  574. BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
  575. BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=
  576. sizeof(*flow) - sizeof(flow->addrs));
  577. switch (flow->control.addr_type) {
  578. case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
  579. diff -= sizeof(flow->addrs.v4addrs);
  580. break;
  581. case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
  582. diff -= sizeof(flow->addrs.v6addrs);
  583. break;
  584. case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
  585. diff -= sizeof(flow->addrs.tipcaddrs);
  586. break;
  587. }
  588. return (sizeof(*flow) - diff) / sizeof(u32);
  589. }
  590. __be32 flow_get_u32_src(const struct flow_keys *flow)
  591. {
  592. switch (flow->control.addr_type) {
  593. case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
  594. return flow->addrs.v4addrs.src;
  595. case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
  596. return (__force __be32)ipv6_addr_hash(
  597. &flow->addrs.v6addrs.src);
  598. case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
  599. return flow->addrs.tipcaddrs.srcnode;
  600. default:
  601. return 0;
  602. }
  603. }
  604. EXPORT_SYMBOL(flow_get_u32_src);
  605. __be32 flow_get_u32_dst(const struct flow_keys *flow)
  606. {
  607. switch (flow->control.addr_type) {
  608. case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
  609. return flow->addrs.v4addrs.dst;
  610. case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
  611. return (__force __be32)ipv6_addr_hash(
  612. &flow->addrs.v6addrs.dst);
  613. default:
  614. return 0;
  615. }
  616. }
  617. EXPORT_SYMBOL(flow_get_u32_dst);
  618. static inline void __flow_hash_consistentify(struct flow_keys *keys)
  619. {
  620. int addr_diff, i;
  621. switch (keys->control.addr_type) {
  622. case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
  623. addr_diff = (__force u32)keys->addrs.v4addrs.dst -
  624. (__force u32)keys->addrs.v4addrs.src;
  625. if ((addr_diff < 0) ||
  626. (addr_diff == 0 &&
  627. ((__force u16)keys->ports.dst <
  628. (__force u16)keys->ports.src))) {
  629. swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
  630. swap(keys->ports.src, keys->ports.dst);
  631. }
  632. break;
  633. case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
  634. addr_diff = memcmp(&keys->addrs.v6addrs.dst,
  635. &keys->addrs.v6addrs.src,
  636. sizeof(keys->addrs.v6addrs.dst));
  637. if ((addr_diff < 0) ||
  638. (addr_diff == 0 &&
  639. ((__force u16)keys->ports.dst <
  640. (__force u16)keys->ports.src))) {
  641. for (i = 0; i < 4; i++)
  642. swap(keys->addrs.v6addrs.src.s6_addr32[i],
  643. keys->addrs.v6addrs.dst.s6_addr32[i]);
  644. swap(keys->ports.src, keys->ports.dst);
  645. }
  646. break;
  647. }
  648. }
  649. static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
  650. {
  651. u32 hash;
  652. __flow_hash_consistentify(keys);
  653. hash = __flow_hash_words(flow_keys_hash_start(keys),
  654. flow_keys_hash_length(keys), keyval);
  655. if (!hash)
  656. hash = 1;
  657. return hash;
  658. }
  659. u32 flow_hash_from_keys(struct flow_keys *keys)
  660. {
  661. __flow_hash_secret_init();
  662. return __flow_hash_from_keys(keys, hashrnd);
  663. }
  664. EXPORT_SYMBOL(flow_hash_from_keys);
  665. static inline u32 ___skb_get_hash(const struct sk_buff *skb,
  666. struct flow_keys *keys, u32 keyval)
  667. {
  668. skb_flow_dissect_flow_keys(skb, keys,
  669. FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
  670. return __flow_hash_from_keys(keys, keyval);
  671. }
  672. struct _flow_keys_digest_data {
  673. __be16 n_proto;
  674. u8 ip_proto;
  675. u8 padding;
  676. __be32 ports;
  677. __be32 src;
  678. __be32 dst;
  679. };
  680. void make_flow_keys_digest(struct flow_keys_digest *digest,
  681. const struct flow_keys *flow)
  682. {
  683. struct _flow_keys_digest_data *data =
  684. (struct _flow_keys_digest_data *)digest;
  685. BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
  686. memset(digest, 0, sizeof(*digest));
  687. data->n_proto = flow->basic.n_proto;
  688. data->ip_proto = flow->basic.ip_proto;
  689. data->ports = flow->ports.ports;
  690. data->src = flow->addrs.v4addrs.src;
  691. data->dst = flow->addrs.v4addrs.dst;
  692. }
  693. EXPORT_SYMBOL(make_flow_keys_digest);
  694. static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
  695. u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
  696. {
  697. struct flow_keys keys;
  698. __flow_hash_secret_init();
  699. memset(&keys, 0, sizeof(keys));
  700. __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
  701. NULL, 0, 0, 0,
  702. FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
  703. return __flow_hash_from_keys(&keys, hashrnd);
  704. }
  705. EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
  706. /**
  707. * __skb_get_hash: calculate a flow hash
  708. * @skb: sk_buff to calculate flow hash from
  709. *
  710. * This function calculates a flow hash based on src/dst addresses
  711. * and src/dst port numbers. Sets hash in skb to non-zero hash value
  712. * on success, zero indicates no valid hash. Also, sets l4_hash in skb
  713. * if hash is a canonical 4-tuple hash over transport ports.
  714. */
  715. void __skb_get_hash(struct sk_buff *skb)
  716. {
  717. struct flow_keys keys;
  718. u32 hash;
  719. __flow_hash_secret_init();
  720. hash = ___skb_get_hash(skb, &keys, hashrnd);
  721. __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
  722. }
  723. EXPORT_SYMBOL(__skb_get_hash);
  724. __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
  725. {
  726. struct flow_keys keys;
  727. return ___skb_get_hash(skb, &keys, perturb);
  728. }
  729. EXPORT_SYMBOL(skb_get_hash_perturb);
  730. __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6)
  731. {
  732. struct flow_keys keys;
  733. memset(&keys, 0, sizeof(keys));
  734. memcpy(&keys.addrs.v6addrs.src, &fl6->saddr,
  735. sizeof(keys.addrs.v6addrs.src));
  736. memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr,
  737. sizeof(keys.addrs.v6addrs.dst));
  738. keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
  739. keys.ports.src = fl6->fl6_sport;
  740. keys.ports.dst = fl6->fl6_dport;
  741. keys.keyid.keyid = fl6->fl6_gre_key;
  742. keys.tags.flow_label = (__force u32)fl6->flowlabel;
  743. keys.basic.ip_proto = fl6->flowi6_proto;
  744. __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
  745. flow_keys_have_l4(&keys));
  746. return skb->hash;
  747. }
  748. EXPORT_SYMBOL(__skb_get_hash_flowi6);
  749. __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4)
  750. {
  751. struct flow_keys keys;
  752. memset(&keys, 0, sizeof(keys));
  753. keys.addrs.v4addrs.src = fl4->saddr;
  754. keys.addrs.v4addrs.dst = fl4->daddr;
  755. keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
  756. keys.ports.src = fl4->fl4_sport;
  757. keys.ports.dst = fl4->fl4_dport;
  758. keys.keyid.keyid = fl4->fl4_gre_key;
  759. keys.basic.ip_proto = fl4->flowi4_proto;
  760. __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
  761. flow_keys_have_l4(&keys));
  762. return skb->hash;
  763. }
  764. EXPORT_SYMBOL(__skb_get_hash_flowi4);
  765. u32 __skb_get_poff(const struct sk_buff *skb, void *data,
  766. const struct flow_keys *keys, int hlen)
  767. {
  768. u32 poff = keys->control.thoff;
  769. /* skip L4 headers for fragments after the first */
  770. if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
  771. !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
  772. return poff;
  773. switch (keys->basic.ip_proto) {
  774. case IPPROTO_TCP: {
  775. /* access doff as u8 to avoid unaligned access */
  776. const u8 *doff;
  777. u8 _doff;
  778. doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
  779. data, hlen, &_doff);
  780. if (!doff)
  781. return poff;
  782. poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
  783. break;
  784. }
  785. case IPPROTO_UDP:
  786. case IPPROTO_UDPLITE:
  787. poff += sizeof(struct udphdr);
  788. break;
  789. /* For the rest, we do not really care about header
  790. * extensions at this point for now.
  791. */
  792. case IPPROTO_ICMP:
  793. poff += sizeof(struct icmphdr);
  794. break;
  795. case IPPROTO_ICMPV6:
  796. poff += sizeof(struct icmp6hdr);
  797. break;
  798. case IPPROTO_IGMP:
  799. poff += sizeof(struct igmphdr);
  800. break;
  801. case IPPROTO_DCCP:
  802. poff += sizeof(struct dccp_hdr);
  803. break;
  804. case IPPROTO_SCTP:
  805. poff += sizeof(struct sctphdr);
  806. break;
  807. }
  808. return poff;
  809. }
  810. /**
  811. * skb_get_poff - get the offset to the payload
  812. * @skb: sk_buff to get the payload offset from
  813. *
  814. * The function will get the offset to the payload as far as it could
  815. * be dissected. The main user is currently BPF, so that we can dynamically
  816. * truncate packets without needing to push actual payload to the user
  817. * space and can analyze headers only, instead.
  818. */
  819. u32 skb_get_poff(const struct sk_buff *skb)
  820. {
  821. struct flow_keys keys;
  822. if (!skb_flow_dissect_flow_keys(skb, &keys, 0))
  823. return 0;
  824. return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
  825. }
  826. __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
  827. {
  828. memset(keys, 0, sizeof(*keys));
  829. memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
  830. sizeof(keys->addrs.v6addrs.src));
  831. memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
  832. sizeof(keys->addrs.v6addrs.dst));
  833. keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
  834. keys->ports.src = fl6->fl6_sport;
  835. keys->ports.dst = fl6->fl6_dport;
  836. keys->keyid.keyid = fl6->fl6_gre_key;
  837. keys->tags.flow_label = (__force u32)fl6->flowlabel;
  838. keys->basic.ip_proto = fl6->flowi6_proto;
  839. return flow_hash_from_keys(keys);
  840. }
  841. EXPORT_SYMBOL(__get_hash_from_flowi6);
  842. __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys)
  843. {
  844. memset(keys, 0, sizeof(*keys));
  845. keys->addrs.v4addrs.src = fl4->saddr;
  846. keys->addrs.v4addrs.dst = fl4->daddr;
  847. keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
  848. keys->ports.src = fl4->fl4_sport;
  849. keys->ports.dst = fl4->fl4_dport;
  850. keys->keyid.keyid = fl4->fl4_gre_key;
  851. keys->basic.ip_proto = fl4->flowi4_proto;
  852. return flow_hash_from_keys(keys);
  853. }
  854. EXPORT_SYMBOL(__get_hash_from_flowi4);
  855. static const struct flow_dissector_key flow_keys_dissector_keys[] = {
  856. {
  857. .key_id = FLOW_DISSECTOR_KEY_CONTROL,
  858. .offset = offsetof(struct flow_keys, control),
  859. },
  860. {
  861. .key_id = FLOW_DISSECTOR_KEY_BASIC,
  862. .offset = offsetof(struct flow_keys, basic),
  863. },
  864. {
  865. .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
  866. .offset = offsetof(struct flow_keys, addrs.v4addrs),
  867. },
  868. {
  869. .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
  870. .offset = offsetof(struct flow_keys, addrs.v6addrs),
  871. },
  872. {
  873. .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
  874. .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
  875. },
  876. {
  877. .key_id = FLOW_DISSECTOR_KEY_PORTS,
  878. .offset = offsetof(struct flow_keys, ports),
  879. },
  880. {
  881. .key_id = FLOW_DISSECTOR_KEY_VLAN,
  882. .offset = offsetof(struct flow_keys, vlan),
  883. },
  884. {
  885. .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
  886. .offset = offsetof(struct flow_keys, tags),
  887. },
  888. {
  889. .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
  890. .offset = offsetof(struct flow_keys, keyid),
  891. },
  892. };
  893. static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
  894. {
  895. .key_id = FLOW_DISSECTOR_KEY_CONTROL,
  896. .offset = offsetof(struct flow_keys, control),
  897. },
  898. {
  899. .key_id = FLOW_DISSECTOR_KEY_BASIC,
  900. .offset = offsetof(struct flow_keys, basic),
  901. },
  902. {
  903. .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
  904. .offset = offsetof(struct flow_keys, addrs.v4addrs),
  905. },
  906. {
  907. .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
  908. .offset = offsetof(struct flow_keys, addrs.v6addrs),
  909. },
  910. {
  911. .key_id = FLOW_DISSECTOR_KEY_PORTS,
  912. .offset = offsetof(struct flow_keys, ports),
  913. },
  914. };
  915. static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
  916. {
  917. .key_id = FLOW_DISSECTOR_KEY_CONTROL,
  918. .offset = offsetof(struct flow_keys, control),
  919. },
  920. {
  921. .key_id = FLOW_DISSECTOR_KEY_BASIC,
  922. .offset = offsetof(struct flow_keys, basic),
  923. },
  924. };
  925. struct flow_dissector flow_keys_dissector __read_mostly;
  926. EXPORT_SYMBOL(flow_keys_dissector);
  927. struct flow_dissector flow_keys_buf_dissector __read_mostly;
  928. static int __init init_default_flow_dissectors(void)
  929. {
  930. skb_flow_dissector_init(&flow_keys_dissector,
  931. flow_keys_dissector_keys,
  932. ARRAY_SIZE(flow_keys_dissector_keys));
  933. skb_flow_dissector_init(&flow_keys_dissector_symmetric,
  934. flow_keys_dissector_symmetric_keys,
  935. ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
  936. skb_flow_dissector_init(&flow_keys_buf_dissector,
  937. flow_keys_buf_dissector_keys,
  938. ARRAY_SIZE(flow_keys_buf_dissector_keys));
  939. return 0;
  940. }
  941. core_initcall(init_default_flow_dissectors);