1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NET_FLOW_DISSECTOR_H 3 #define _NET_FLOW_DISSECTOR_H 4 5 #include <linux/types.h> 6 #include <linux/in6.h> 7 #include <linux/siphash.h> 8 #include <uapi/linux/if_ether.h> 9 10 struct sk_buff; 11 12 /** 13 * struct flow_dissector_key_control: 14 * @thoff: Transport header offset 15 */ 16 struct flow_dissector_key_control { 17 u16 thoff; 18 u16 addr_type; 19 u32 flags; 20 }; 21 22 #define FLOW_DIS_IS_FRAGMENT BIT(0) 23 #define FLOW_DIS_FIRST_FRAG BIT(1) 24 #define FLOW_DIS_ENCAPSULATION BIT(2) 25 26 enum flow_dissect_ret { 27 FLOW_DISSECT_RET_OUT_GOOD, 28 FLOW_DISSECT_RET_OUT_BAD, 29 FLOW_DISSECT_RET_PROTO_AGAIN, 30 FLOW_DISSECT_RET_IPPROTO_AGAIN, 31 FLOW_DISSECT_RET_CONTINUE, 32 }; 33 34 /** 35 * struct flow_dissector_key_basic: 36 * @n_proto: Network header protocol (eg. IPv4/IPv6) 37 * @ip_proto: Transport header protocol (eg. TCP/UDP) 38 */ 39 struct flow_dissector_key_basic { 40 __be16 n_proto; 41 u8 ip_proto; 42 u8 padding; 43 }; 44 45 struct flow_dissector_key_tags { 46 u32 flow_label; 47 }; 48 49 struct flow_dissector_key_vlan { 50 union { 51 struct { 52 u16 vlan_id:12, 53 vlan_dei:1, 54 vlan_priority:3; 55 }; 56 __be16 vlan_tci; 57 }; 58 __be16 vlan_tpid; 59 }; 60 61 struct flow_dissector_key_mpls { 62 u32 mpls_ttl:8, 63 mpls_bos:1, 64 mpls_tc:3, 65 mpls_label:20; 66 }; 67 68 #define FLOW_DIS_TUN_OPTS_MAX 255 69 /** 70 * struct flow_dissector_key_enc_opts: 71 * @data: tunnel option data 72 * @len: length of tunnel option data 73 * @dst_opt_type: tunnel option type 74 */ 75 struct flow_dissector_key_enc_opts { 76 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired 77 * here but seems difficult to #include 78 */ 79 u8 len; 80 __be16 dst_opt_type; 81 }; 82 83 struct flow_dissector_key_keyid { 84 __be32 keyid; 85 }; 86 87 /** 88 * struct flow_dissector_key_ipv4_addrs: 89 * @src: source ip address 90 * @dst: destination ip address 91 */ 92 struct flow_dissector_key_ipv4_addrs { 93 /* (src,dst) must be grouped, in the same way than in IP header */ 94 __be32 src; 95 __be32 dst; 96 }; 97 98 /** 99 * struct flow_dissector_key_ipv6_addrs: 100 * @src: source ip address 101 * @dst: destination ip address 102 */ 103 struct flow_dissector_key_ipv6_addrs { 104 /* (src,dst) must be grouped, in the same way than in IP header */ 105 struct in6_addr src; 106 struct in6_addr dst; 107 }; 108 109 /** 110 * struct flow_dissector_key_tipc: 111 * @key: source node address combined with selector 112 */ 113 struct flow_dissector_key_tipc { 114 __be32 key; 115 }; 116 117 /** 118 * struct flow_dissector_key_addrs: 119 * @v4addrs: IPv4 addresses 120 * @v6addrs: IPv6 addresses 121 */ 122 struct flow_dissector_key_addrs { 123 union { 124 struct flow_dissector_key_ipv4_addrs v4addrs; 125 struct flow_dissector_key_ipv6_addrs v6addrs; 126 struct flow_dissector_key_tipc tipckey; 127 }; 128 }; 129 130 /** 131 * flow_dissector_key_arp: 132 * @ports: Operation, source and target addresses for an ARP header 133 * for Ethernet hardware addresses and IPv4 protocol addresses 134 * sip: Sender IP address 135 * tip: Target IP address 136 * op: Operation 137 * sha: Sender hardware address 138 * tpa: Target hardware address 139 */ 140 struct flow_dissector_key_arp { 141 __u32 sip; 142 __u32 tip; 143 __u8 op; 144 unsigned char sha[ETH_ALEN]; 145 unsigned char tha[ETH_ALEN]; 146 }; 147 148 /** 149 * flow_dissector_key_tp_ports: 150 * @ports: port numbers of Transport header 151 * src: source port number 152 * dst: destination port number 153 */ 154 struct flow_dissector_key_ports { 155 union { 156 __be32 ports; 157 struct { 158 __be16 src; 159 __be16 dst; 160 }; 161 }; 162 }; 163 164 /** 165 * flow_dissector_key_icmp: 166 * type: ICMP type 167 * code: ICMP code 168 * id: session identifier 169 */ 170 struct flow_dissector_key_icmp { 171 struct { 172 u8 type; 173 u8 code; 174 }; 175 u16 id; 176 }; 177 178 /** 179 * struct flow_dissector_key_eth_addrs: 180 * @src: source Ethernet address 181 * @dst: destination Ethernet address 182 */ 183 struct flow_dissector_key_eth_addrs { 184 /* (dst,src) must be grouped, in the same way than in ETH header */ 185 unsigned char dst[ETH_ALEN]; 186 unsigned char src[ETH_ALEN]; 187 }; 188 189 /** 190 * struct flow_dissector_key_tcp: 191 * @flags: flags 192 */ 193 struct flow_dissector_key_tcp { 194 __be16 flags; 195 }; 196 197 /** 198 * struct flow_dissector_key_ip: 199 * @tos: tos 200 * @ttl: ttl 201 */ 202 struct flow_dissector_key_ip { 203 __u8 tos; 204 __u8 ttl; 205 }; 206 207 /** 208 * struct flow_dissector_key_meta: 209 * @ingress_ifindex: ingress ifindex 210 * @ingress_iftype: ingress interface type 211 */ 212 struct flow_dissector_key_meta { 213 int ingress_ifindex; 214 u16 ingress_iftype; 215 }; 216 217 /** 218 * struct flow_dissector_key_ct: 219 * @ct_state: conntrack state after converting with map 220 * @ct_mark: conttrack mark 221 * @ct_zone: conntrack zone 222 * @ct_labels: conntrack labels 223 */ 224 struct flow_dissector_key_ct { 225 u16 ct_state; 226 u16 ct_zone; 227 u32 ct_mark; 228 u32 ct_labels[4]; 229 }; 230 231 enum flow_dissector_key_id { 232 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ 233 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ 234 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 235 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 236 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */ 237 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */ 238 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */ 239 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */ 240 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */ 241 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */ 242 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */ 243 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */ 244 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */ 245 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */ 246 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */ 247 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 248 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 249 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */ 250 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ 251 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ 252 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ 253 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ 254 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */ 255 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */ 256 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */ 257 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */ 258 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */ 259 260 FLOW_DISSECTOR_KEY_MAX, 261 }; 262 263 #define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0) 264 #define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1) 265 #define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2) 266 267 struct flow_dissector_key { 268 enum flow_dissector_key_id key_id; 269 size_t offset; /* offset of struct flow_dissector_key_* 270 in target the struct */ 271 }; 272 273 struct flow_dissector { 274 unsigned int used_keys; /* each bit repesents presence of one key id */ 275 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX]; 276 }; 277 278 struct flow_keys_basic { 279 struct flow_dissector_key_control control; 280 struct flow_dissector_key_basic basic; 281 }; 282 283 struct flow_keys { 284 struct flow_dissector_key_control control; 285 #define FLOW_KEYS_HASH_START_FIELD basic 286 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT); 287 struct flow_dissector_key_tags tags; 288 struct flow_dissector_key_vlan vlan; 289 struct flow_dissector_key_vlan cvlan; 290 struct flow_dissector_key_keyid keyid; 291 struct flow_dissector_key_ports ports; 292 struct flow_dissector_key_icmp icmp; 293 /* 'addrs' must be the last member */ 294 struct flow_dissector_key_addrs addrs; 295 }; 296 297 #define FLOW_KEYS_HASH_OFFSET \ 298 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD) 299 300 __be32 flow_get_u32_src(const struct flow_keys *flow); 301 __be32 flow_get_u32_dst(const struct flow_keys *flow); 302 303 extern struct flow_dissector flow_keys_dissector; 304 extern struct flow_dissector flow_keys_basic_dissector; 305 306 /* struct flow_keys_digest: 307 * 308 * This structure is used to hold a digest of the full flow keys. This is a 309 * larger "hash" of a flow to allow definitively matching specific flows where 310 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so 311 * that it can be used in CB of skb (see sch_choke for an example). 312 */ 313 #define FLOW_KEYS_DIGEST_LEN 16 314 struct flow_keys_digest { 315 u8 data[FLOW_KEYS_DIGEST_LEN]; 316 }; 317 318 void make_flow_keys_digest(struct flow_keys_digest *digest, 319 const struct flow_keys *flow); 320 321 static inline bool flow_keys_have_l4(const struct flow_keys *keys) 322 { 323 return (keys->ports.ports || keys->tags.flow_label); 324 } 325 326 u32 flow_hash_from_keys(struct flow_keys *keys); 327 void skb_flow_get_icmp_tci(const struct sk_buff *skb, 328 struct flow_dissector_key_icmp *key_icmp, 329 void *data, int thoff, int hlen); 330 331 static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector, 332 enum flow_dissector_key_id key_id) 333 { 334 return flow_dissector->used_keys & (1 << key_id); 335 } 336 337 static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector, 338 enum flow_dissector_key_id key_id, 339 void *target_container) 340 { 341 return ((char *)target_container) + flow_dissector->offset[key_id]; 342 } 343 344 struct bpf_flow_dissector { 345 struct bpf_flow_keys *flow_keys; 346 const struct sk_buff *skb; 347 void *data; 348 void *data_end; 349 }; 350 351 #endif 352