1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NET_FLOW_DISSECTOR_H 3 #define _NET_FLOW_DISSECTOR_H 4 5 #include <linux/types.h> 6 #include <linux/in6.h> 7 #include <linux/siphash.h> 8 #include <linux/string.h> 9 #include <uapi/linux/if_ether.h> 10 11 struct bpf_prog; 12 struct net; 13 struct sk_buff; 14 15 /** 16 * struct flow_dissector_key_control: 17 * @thoff: Transport header offset 18 */ 19 struct flow_dissector_key_control { 20 u16 thoff; 21 u16 addr_type; 22 u32 flags; 23 }; 24 25 #define FLOW_DIS_IS_FRAGMENT BIT(0) 26 #define FLOW_DIS_FIRST_FRAG BIT(1) 27 #define FLOW_DIS_ENCAPSULATION BIT(2) 28 29 enum flow_dissect_ret { 30 FLOW_DISSECT_RET_OUT_GOOD, 31 FLOW_DISSECT_RET_OUT_BAD, 32 FLOW_DISSECT_RET_PROTO_AGAIN, 33 FLOW_DISSECT_RET_IPPROTO_AGAIN, 34 FLOW_DISSECT_RET_CONTINUE, 35 }; 36 37 /** 38 * struct flow_dissector_key_basic: 39 * @n_proto: Network header protocol (eg. IPv4/IPv6) 40 * @ip_proto: Transport header protocol (eg. TCP/UDP) 41 */ 42 struct flow_dissector_key_basic { 43 __be16 n_proto; 44 u8 ip_proto; 45 u8 padding; 46 }; 47 48 struct flow_dissector_key_tags { 49 u32 flow_label; 50 }; 51 52 struct flow_dissector_key_vlan { 53 union { 54 struct { 55 u16 vlan_id:12, 56 vlan_dei:1, 57 vlan_priority:3; 58 }; 59 __be16 vlan_tci; 60 }; 61 __be16 vlan_tpid; 62 __be16 vlan_eth_type; 63 u16 padding; 64 }; 65 66 struct flow_dissector_mpls_lse { 67 u32 mpls_ttl:8, 68 mpls_bos:1, 69 mpls_tc:3, 70 mpls_label:20; 71 }; 72 73 #define FLOW_DIS_MPLS_MAX 7 74 struct flow_dissector_key_mpls { 75 struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; /* Label Stack */ 76 u8 used_lses; /* One bit set for each Label Stack Entry in use */ 77 }; 78 79 static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls, 80 int lse_index) 81 { 82 mpls->used_lses |= 1 << lse_index; 83 } 84 85 #define FLOW_DIS_TUN_OPTS_MAX 255 86 /** 87 * struct flow_dissector_key_enc_opts: 88 * @data: tunnel option data 89 * @len: length of tunnel option data 90 * @dst_opt_type: tunnel option type 91 */ 92 struct flow_dissector_key_enc_opts { 93 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired 94 * here but seems difficult to #include 95 */ 96 u8 len; 97 __be16 dst_opt_type; 98 }; 99 100 struct flow_dissector_key_keyid { 101 __be32 keyid; 102 }; 103 104 /** 105 * struct flow_dissector_key_ipv4_addrs: 106 * @src: source ip address 107 * @dst: destination ip address 108 */ 109 struct flow_dissector_key_ipv4_addrs { 110 /* (src,dst) must be grouped, in the same way than in IP header */ 111 __be32 src; 112 __be32 dst; 113 }; 114 115 /** 116 * struct flow_dissector_key_ipv6_addrs: 117 * @src: source ip address 118 * @dst: destination ip address 119 */ 120 struct flow_dissector_key_ipv6_addrs { 121 /* (src,dst) must be grouped, in the same way than in IP header */ 122 struct in6_addr src; 123 struct in6_addr dst; 124 }; 125 126 /** 127 * struct flow_dissector_key_tipc: 128 * @key: source node address combined with selector 129 */ 130 struct flow_dissector_key_tipc { 131 __be32 key; 132 }; 133 134 /** 135 * struct flow_dissector_key_addrs: 136 * @v4addrs: IPv4 addresses 137 * @v6addrs: IPv6 addresses 138 */ 139 struct flow_dissector_key_addrs { 140 union { 141 struct flow_dissector_key_ipv4_addrs v4addrs; 142 struct flow_dissector_key_ipv6_addrs v6addrs; 143 struct flow_dissector_key_tipc tipckey; 144 }; 145 }; 146 147 /** 148 * flow_dissector_key_arp: 149 * @ports: Operation, source and target addresses for an ARP header 150 * for Ethernet hardware addresses and IPv4 protocol addresses 151 * sip: Sender IP address 152 * tip: Target IP address 153 * op: Operation 154 * sha: Sender hardware address 155 * tpa: Target hardware address 156 */ 157 struct flow_dissector_key_arp { 158 __u32 sip; 159 __u32 tip; 160 __u8 op; 161 unsigned char sha[ETH_ALEN]; 162 unsigned char tha[ETH_ALEN]; 163 }; 164 165 /** 166 * flow_dissector_key_tp_ports: 167 * @ports: port numbers of Transport header 168 * src: source port number 169 * dst: destination port number 170 */ 171 struct flow_dissector_key_ports { 172 union { 173 __be32 ports; 174 struct { 175 __be16 src; 176 __be16 dst; 177 }; 178 }; 179 }; 180 181 /** 182 * struct flow_dissector_key_ports_range 183 * @tp: port number from packet 184 * @tp_min: min port number in range 185 * @tp_max: max port number in range 186 */ 187 struct flow_dissector_key_ports_range { 188 union { 189 struct flow_dissector_key_ports tp; 190 struct { 191 struct flow_dissector_key_ports tp_min; 192 struct flow_dissector_key_ports tp_max; 193 }; 194 }; 195 }; 196 197 /** 198 * flow_dissector_key_icmp: 199 * type: ICMP type 200 * code: ICMP code 201 * id: session identifier 202 */ 203 struct flow_dissector_key_icmp { 204 struct { 205 u8 type; 206 u8 code; 207 }; 208 u16 id; 209 }; 210 211 /** 212 * struct flow_dissector_key_eth_addrs: 213 * @src: source Ethernet address 214 * @dst: destination Ethernet address 215 */ 216 struct flow_dissector_key_eth_addrs { 217 /* (dst,src) must be grouped, in the same way than in ETH header */ 218 unsigned char dst[ETH_ALEN]; 219 unsigned char src[ETH_ALEN]; 220 }; 221 222 /** 223 * struct flow_dissector_key_tcp: 224 * @flags: flags 225 */ 226 struct flow_dissector_key_tcp { 227 __be16 flags; 228 }; 229 230 /** 231 * struct flow_dissector_key_ip: 232 * @tos: tos 233 * @ttl: ttl 234 */ 235 struct flow_dissector_key_ip { 236 __u8 tos; 237 __u8 ttl; 238 }; 239 240 /** 241 * struct flow_dissector_key_meta: 242 * @ingress_ifindex: ingress ifindex 243 * @ingress_iftype: ingress interface type 244 */ 245 struct flow_dissector_key_meta { 246 int ingress_ifindex; 247 u16 ingress_iftype; 248 }; 249 250 /** 251 * struct flow_dissector_key_ct: 252 * @ct_state: conntrack state after converting with map 253 * @ct_mark: conttrack mark 254 * @ct_zone: conntrack zone 255 * @ct_labels: conntrack labels 256 */ 257 struct flow_dissector_key_ct { 258 u16 ct_state; 259 u16 ct_zone; 260 u32 ct_mark; 261 u32 ct_labels[4]; 262 }; 263 264 /** 265 * struct flow_dissector_key_hash: 266 * @hash: hash value 267 */ 268 struct flow_dissector_key_hash { 269 u32 hash; 270 }; 271 272 /** 273 * struct flow_dissector_key_num_of_vlans: 274 * @num_of_vlans: num_of_vlans value 275 */ 276 struct flow_dissector_key_num_of_vlans { 277 u8 num_of_vlans; 278 }; 279 280 /** 281 * struct flow_dissector_key_pppoe: 282 * @session_id: pppoe session id 283 * @ppp_proto: ppp protocol 284 * @type: pppoe eth type 285 */ 286 struct flow_dissector_key_pppoe { 287 __be16 session_id; 288 __be16 ppp_proto; 289 __be16 type; 290 }; 291 292 /** 293 * struct flow_dissector_key_l2tpv3: 294 * @session_id: identifier for a l2tp session 295 */ 296 struct flow_dissector_key_l2tpv3 { 297 __be32 session_id; 298 }; 299 300 enum flow_dissector_key_id { 301 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ 302 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ 303 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 304 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 305 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */ 306 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */ 307 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */ 308 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */ 309 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */ 310 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */ 311 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */ 312 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */ 313 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */ 314 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */ 315 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */ 316 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 317 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 318 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */ 319 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ 320 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ 321 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ 322 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ 323 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */ 324 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */ 325 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */ 326 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */ 327 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */ 328 FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */ 329 FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */ 330 FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */ 331 FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */ 332 333 FLOW_DISSECTOR_KEY_MAX, 334 }; 335 336 #define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0) 337 #define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1) 338 #define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2) 339 #define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3) 340 341 struct flow_dissector_key { 342 enum flow_dissector_key_id key_id; 343 size_t offset; /* offset of struct flow_dissector_key_* 344 in target the struct */ 345 }; 346 347 struct flow_dissector { 348 unsigned int used_keys; /* each bit repesents presence of one key id */ 349 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX]; 350 }; 351 352 struct flow_keys_basic { 353 struct flow_dissector_key_control control; 354 struct flow_dissector_key_basic basic; 355 }; 356 357 struct flow_keys { 358 struct flow_dissector_key_control control; 359 #define FLOW_KEYS_HASH_START_FIELD basic 360 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT); 361 struct flow_dissector_key_tags tags; 362 struct flow_dissector_key_vlan vlan; 363 struct flow_dissector_key_vlan cvlan; 364 struct flow_dissector_key_keyid keyid; 365 struct flow_dissector_key_ports ports; 366 struct flow_dissector_key_icmp icmp; 367 /* 'addrs' must be the last member */ 368 struct flow_dissector_key_addrs addrs; 369 }; 370 371 #define FLOW_KEYS_HASH_OFFSET \ 372 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD) 373 374 __be32 flow_get_u32_src(const struct flow_keys *flow); 375 __be32 flow_get_u32_dst(const struct flow_keys *flow); 376 377 extern struct flow_dissector flow_keys_dissector; 378 extern struct flow_dissector flow_keys_basic_dissector; 379 380 /* struct flow_keys_digest: 381 * 382 * This structure is used to hold a digest of the full flow keys. This is a 383 * larger "hash" of a flow to allow definitively matching specific flows where 384 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so 385 * that it can be used in CB of skb (see sch_choke for an example). 386 */ 387 #define FLOW_KEYS_DIGEST_LEN 16 388 struct flow_keys_digest { 389 u8 data[FLOW_KEYS_DIGEST_LEN]; 390 }; 391 392 void make_flow_keys_digest(struct flow_keys_digest *digest, 393 const struct flow_keys *flow); 394 395 static inline bool flow_keys_have_l4(const struct flow_keys *keys) 396 { 397 return (keys->ports.ports || keys->tags.flow_label); 398 } 399 400 u32 flow_hash_from_keys(struct flow_keys *keys); 401 void skb_flow_get_icmp_tci(const struct sk_buff *skb, 402 struct flow_dissector_key_icmp *key_icmp, 403 const void *data, int thoff, int hlen); 404 405 static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector, 406 enum flow_dissector_key_id key_id) 407 { 408 return flow_dissector->used_keys & (1 << key_id); 409 } 410 411 static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector, 412 enum flow_dissector_key_id key_id, 413 void *target_container) 414 { 415 return ((char *)target_container) + flow_dissector->offset[key_id]; 416 } 417 418 struct bpf_flow_dissector { 419 struct bpf_flow_keys *flow_keys; 420 const struct sk_buff *skb; 421 const void *data; 422 const void *data_end; 423 }; 424 425 static inline void 426 flow_dissector_init_keys(struct flow_dissector_key_control *key_control, 427 struct flow_dissector_key_basic *key_basic) 428 { 429 memset(key_control, 0, sizeof(*key_control)); 430 memset(key_basic, 0, sizeof(*key_basic)); 431 } 432 433 #ifdef CONFIG_BPF_SYSCALL 434 int flow_dissector_bpf_prog_attach_check(struct net *net, 435 struct bpf_prog *prog); 436 #endif /* CONFIG_BPF_SYSCALL */ 437 438 #endif 439