1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NET_FLOW_DISSECTOR_H 3 #define _NET_FLOW_DISSECTOR_H 4 5 #include <linux/types.h> 6 #include <linux/in6.h> 7 #include <linux/siphash.h> 8 #include <uapi/linux/if_ether.h> 9 10 struct sk_buff; 11 12 /** 13 * struct flow_dissector_key_control: 14 * @thoff: Transport header offset 15 */ 16 struct flow_dissector_key_control { 17 u16 thoff; 18 u16 addr_type; 19 u32 flags; 20 }; 21 22 #define FLOW_DIS_IS_FRAGMENT BIT(0) 23 #define FLOW_DIS_FIRST_FRAG BIT(1) 24 #define FLOW_DIS_ENCAPSULATION BIT(2) 25 26 enum flow_dissect_ret { 27 FLOW_DISSECT_RET_OUT_GOOD, 28 FLOW_DISSECT_RET_OUT_BAD, 29 FLOW_DISSECT_RET_PROTO_AGAIN, 30 FLOW_DISSECT_RET_IPPROTO_AGAIN, 31 FLOW_DISSECT_RET_CONTINUE, 32 }; 33 34 /** 35 * struct flow_dissector_key_basic: 36 * @thoff: Transport header offset 37 * @n_proto: Network header protocol (eg. IPv4/IPv6) 38 * @ip_proto: Transport header protocol (eg. TCP/UDP) 39 */ 40 struct flow_dissector_key_basic { 41 __be16 n_proto; 42 u8 ip_proto; 43 u8 padding; 44 }; 45 46 struct flow_dissector_key_tags { 47 u32 flow_label; 48 }; 49 50 struct flow_dissector_key_vlan { 51 union { 52 struct { 53 u16 vlan_id:12, 54 vlan_dei:1, 55 vlan_priority:3; 56 }; 57 __be16 vlan_tci; 58 }; 59 __be16 vlan_tpid; 60 }; 61 62 struct flow_dissector_key_mpls { 63 u32 mpls_ttl:8, 64 mpls_bos:1, 65 mpls_tc:3, 66 mpls_label:20; 67 }; 68 69 #define FLOW_DIS_TUN_OPTS_MAX 255 70 /** 71 * struct flow_dissector_key_enc_opts: 72 * @data: tunnel option data 73 * @len: length of tunnel option data 74 * @dst_opt_type: tunnel option type 75 */ 76 struct flow_dissector_key_enc_opts { 77 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired 78 * here but seems difficult to #include 79 */ 80 u8 len; 81 __be16 dst_opt_type; 82 }; 83 84 struct flow_dissector_key_keyid { 85 __be32 keyid; 86 }; 87 88 /** 89 * struct flow_dissector_key_ipv4_addrs: 90 * @src: source ip address 91 * @dst: destination ip address 92 */ 93 struct flow_dissector_key_ipv4_addrs { 94 /* (src,dst) must be grouped, in the same way than in IP header */ 95 __be32 src; 96 __be32 dst; 97 }; 98 99 /** 100 * struct flow_dissector_key_ipv6_addrs: 101 * @src: source ip address 102 * @dst: destination ip address 103 */ 104 struct flow_dissector_key_ipv6_addrs { 105 /* (src,dst) must be grouped, in the same way than in IP header */ 106 struct in6_addr src; 107 struct in6_addr dst; 108 }; 109 110 /** 111 * struct flow_dissector_key_tipc: 112 * @key: source node address combined with selector 113 */ 114 struct flow_dissector_key_tipc { 115 __be32 key; 116 }; 117 118 /** 119 * struct flow_dissector_key_addrs: 120 * @v4addrs: IPv4 addresses 121 * @v6addrs: IPv6 addresses 122 */ 123 struct flow_dissector_key_addrs { 124 union { 125 struct flow_dissector_key_ipv4_addrs v4addrs; 126 struct flow_dissector_key_ipv6_addrs v6addrs; 127 struct flow_dissector_key_tipc tipckey; 128 }; 129 }; 130 131 /** 132 * flow_dissector_key_arp: 133 * @ports: Operation, source and target addresses for an ARP header 134 * for Ethernet hardware addresses and IPv4 protocol addresses 135 * sip: Sender IP address 136 * tip: Target IP address 137 * op: Operation 138 * sha: Sender hardware address 139 * tpa: Target hardware address 140 */ 141 struct flow_dissector_key_arp { 142 __u32 sip; 143 __u32 tip; 144 __u8 op; 145 unsigned char sha[ETH_ALEN]; 146 unsigned char tha[ETH_ALEN]; 147 }; 148 149 /** 150 * flow_dissector_key_tp_ports: 151 * @ports: port numbers of Transport header 152 * src: source port number 153 * dst: destination port number 154 */ 155 struct flow_dissector_key_ports { 156 union { 157 __be32 ports; 158 struct { 159 __be16 src; 160 __be16 dst; 161 }; 162 }; 163 }; 164 165 /** 166 * flow_dissector_key_icmp: 167 * type: ICMP type 168 * code: ICMP code 169 * id: session identifier 170 */ 171 struct flow_dissector_key_icmp { 172 struct { 173 u8 type; 174 u8 code; 175 }; 176 u16 id; 177 }; 178 179 /** 180 * struct flow_dissector_key_eth_addrs: 181 * @src: source Ethernet address 182 * @dst: destination Ethernet address 183 */ 184 struct flow_dissector_key_eth_addrs { 185 /* (dst,src) must be grouped, in the same way than in ETH header */ 186 unsigned char dst[ETH_ALEN]; 187 unsigned char src[ETH_ALEN]; 188 }; 189 190 /** 191 * struct flow_dissector_key_tcp: 192 * @flags: flags 193 */ 194 struct flow_dissector_key_tcp { 195 __be16 flags; 196 }; 197 198 /** 199 * struct flow_dissector_key_ip: 200 * @tos: tos 201 * @ttl: ttl 202 */ 203 struct flow_dissector_key_ip { 204 __u8 tos; 205 __u8 ttl; 206 }; 207 208 /** 209 * struct flow_dissector_key_meta: 210 * @ingress_ifindex: ingress ifindex 211 * @ingress_iftype: ingress interface type 212 */ 213 struct flow_dissector_key_meta { 214 int ingress_ifindex; 215 u16 ingress_iftype; 216 }; 217 218 /** 219 * struct flow_dissector_key_ct: 220 * @ct_state: conntrack state after converting with map 221 * @ct_mark: conttrack mark 222 * @ct_zone: conntrack zone 223 * @ct_labels: conntrack labels 224 */ 225 struct flow_dissector_key_ct { 226 u16 ct_state; 227 u16 ct_zone; 228 u32 ct_mark; 229 u32 ct_labels[4]; 230 }; 231 232 enum flow_dissector_key_id { 233 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ 234 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ 235 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 236 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 237 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */ 238 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */ 239 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */ 240 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */ 241 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */ 242 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */ 243 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */ 244 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */ 245 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */ 246 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */ 247 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */ 248 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 249 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 250 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */ 251 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ 252 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ 253 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ 254 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ 255 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */ 256 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */ 257 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */ 258 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */ 259 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */ 260 261 FLOW_DISSECTOR_KEY_MAX, 262 }; 263 264 #define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0) 265 #define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1) 266 #define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2) 267 268 struct flow_dissector_key { 269 enum flow_dissector_key_id key_id; 270 size_t offset; /* offset of struct flow_dissector_key_* 271 in target the struct */ 272 }; 273 274 struct flow_dissector { 275 unsigned int used_keys; /* each bit repesents presence of one key id */ 276 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX]; 277 }; 278 279 struct flow_keys_basic { 280 struct flow_dissector_key_control control; 281 struct flow_dissector_key_basic basic; 282 }; 283 284 struct flow_keys { 285 struct flow_dissector_key_control control; 286 #define FLOW_KEYS_HASH_START_FIELD basic 287 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT); 288 struct flow_dissector_key_tags tags; 289 struct flow_dissector_key_vlan vlan; 290 struct flow_dissector_key_vlan cvlan; 291 struct flow_dissector_key_keyid keyid; 292 struct flow_dissector_key_ports ports; 293 struct flow_dissector_key_icmp icmp; 294 /* 'addrs' must be the last member */ 295 struct flow_dissector_key_addrs addrs; 296 }; 297 298 #define FLOW_KEYS_HASH_OFFSET \ 299 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD) 300 301 __be32 flow_get_u32_src(const struct flow_keys *flow); 302 __be32 flow_get_u32_dst(const struct flow_keys *flow); 303 304 extern struct flow_dissector flow_keys_dissector; 305 extern struct flow_dissector flow_keys_basic_dissector; 306 307 /* struct flow_keys_digest: 308 * 309 * This structure is used to hold a digest of the full flow keys. This is a 310 * larger "hash" of a flow to allow definitively matching specific flows where 311 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so 312 * that it can be used in CB of skb (see sch_choke for an example). 313 */ 314 #define FLOW_KEYS_DIGEST_LEN 16 315 struct flow_keys_digest { 316 u8 data[FLOW_KEYS_DIGEST_LEN]; 317 }; 318 319 void make_flow_keys_digest(struct flow_keys_digest *digest, 320 const struct flow_keys *flow); 321 322 static inline bool flow_keys_have_l4(const struct flow_keys *keys) 323 { 324 return (keys->ports.ports || keys->tags.flow_label); 325 } 326 327 u32 flow_hash_from_keys(struct flow_keys *keys); 328 void skb_flow_get_icmp_tci(const struct sk_buff *skb, 329 struct flow_dissector_key_icmp *key_icmp, 330 void *data, int thoff, int hlen); 331 332 static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector, 333 enum flow_dissector_key_id key_id) 334 { 335 return flow_dissector->used_keys & (1 << key_id); 336 } 337 338 static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector, 339 enum flow_dissector_key_id key_id, 340 void *target_container) 341 { 342 return ((char *)target_container) + flow_dissector->offset[key_id]; 343 } 344 345 struct bpf_flow_dissector { 346 struct bpf_flow_keys *flow_keys; 347 const struct sk_buff *skb; 348 void *data; 349 void *data_end; 350 }; 351 352 #endif 353