xref: /openbmc/linux/net/core/flow_dissector.c (revision 6774def6)
1 #include <linux/skbuff.h>
2 #include <linux/export.h>
3 #include <linux/ip.h>
4 #include <linux/ipv6.h>
5 #include <linux/if_vlan.h>
6 #include <net/ip.h>
7 #include <net/ipv6.h>
8 #include <linux/igmp.h>
9 #include <linux/icmp.h>
10 #include <linux/sctp.h>
11 #include <linux/dccp.h>
12 #include <linux/if_tunnel.h>
13 #include <linux/if_pppox.h>
14 #include <linux/ppp_defs.h>
15 #include <net/flow_keys.h>
16 #include <scsi/fc/fc_fcoe.h>
17 
18 /* copy saddr & daddr, possibly using 64bit load/store
19  * Equivalent to :	flow->src = iph->saddr;
20  *			flow->dst = iph->daddr;
21  */
22 static void iph_to_flow_copy_addrs(struct flow_keys *flow, const struct iphdr *iph)
23 {
24 	BUILD_BUG_ON(offsetof(typeof(*flow), dst) !=
25 		     offsetof(typeof(*flow), src) + sizeof(flow->src));
26 	memcpy(&flow->src, &iph->saddr, sizeof(flow->src) + sizeof(flow->dst));
27 }
28 
29 /**
30  * __skb_flow_get_ports - extract the upper layer ports and return them
31  * @skb: sk_buff to extract the ports from
32  * @thoff: transport header offset
33  * @ip_proto: protocol for which to get port offset
34  * @data: raw buffer pointer to the packet, if NULL use skb->data
35  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
36  *
37  * The function will try to retrieve the ports at offset thoff + poff where poff
38  * is the protocol port offset returned from proto_ports_offset
39  */
40 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
41 			    void *data, int hlen)
42 {
43 	int poff = proto_ports_offset(ip_proto);
44 
45 	if (!data) {
46 		data = skb->data;
47 		hlen = skb_headlen(skb);
48 	}
49 
50 	if (poff >= 0) {
51 		__be32 *ports, _ports;
52 
53 		ports = __skb_header_pointer(skb, thoff + poff,
54 					     sizeof(_ports), data, hlen, &_ports);
55 		if (ports)
56 			return *ports;
57 	}
58 
59 	return 0;
60 }
61 EXPORT_SYMBOL(__skb_flow_get_ports);
62 
63 /**
64  * __skb_flow_dissect - extract the flow_keys struct and return it
65  * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
66  * @data: raw buffer pointer to the packet, if NULL use skb->data
67  * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
68  * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
69  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
70  *
71  * The function will try to retrieve the struct flow_keys from either the skbuff
72  * or a raw buffer specified by the rest parameters
73  */
74 bool __skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow,
75 			void *data, __be16 proto, int nhoff, int hlen)
76 {
77 	u8 ip_proto;
78 
79 	if (!data) {
80 		data = skb->data;
81 		proto = skb->protocol;
82 		nhoff = skb_network_offset(skb);
83 		hlen = skb_headlen(skb);
84 	}
85 
86 	memset(flow, 0, sizeof(*flow));
87 
88 again:
89 	switch (proto) {
90 	case htons(ETH_P_IP): {
91 		const struct iphdr *iph;
92 		struct iphdr _iph;
93 ip:
94 		iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
95 		if (!iph || iph->ihl < 5)
96 			return false;
97 		nhoff += iph->ihl * 4;
98 
99 		ip_proto = iph->protocol;
100 		if (ip_is_fragment(iph))
101 			ip_proto = 0;
102 
103 		/* skip the address processing if skb is NULL.  The assumption
104 		 * here is that if there is no skb we are not looking for flow
105 		 * info but lengths and protocols.
106 		 */
107 		if (!skb)
108 			break;
109 
110 		iph_to_flow_copy_addrs(flow, iph);
111 		break;
112 	}
113 	case htons(ETH_P_IPV6): {
114 		const struct ipv6hdr *iph;
115 		struct ipv6hdr _iph;
116 		__be32 flow_label;
117 
118 ipv6:
119 		iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
120 		if (!iph)
121 			return false;
122 
123 		ip_proto = iph->nexthdr;
124 		nhoff += sizeof(struct ipv6hdr);
125 
126 		/* see comment above in IPv4 section */
127 		if (!skb)
128 			break;
129 
130 		flow->src = (__force __be32)ipv6_addr_hash(&iph->saddr);
131 		flow->dst = (__force __be32)ipv6_addr_hash(&iph->daddr);
132 
133 		flow_label = ip6_flowlabel(iph);
134 		if (flow_label) {
135 			/* Awesome, IPv6 packet has a flow label so we can
136 			 * use that to represent the ports without any
137 			 * further dissection.
138 			 */
139 			flow->n_proto = proto;
140 			flow->ip_proto = ip_proto;
141 			flow->ports = flow_label;
142 			flow->thoff = (u16)nhoff;
143 
144 			return true;
145 		}
146 
147 		break;
148 	}
149 	case htons(ETH_P_8021AD):
150 	case htons(ETH_P_8021Q): {
151 		const struct vlan_hdr *vlan;
152 		struct vlan_hdr _vlan;
153 
154 		vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan), data, hlen, &_vlan);
155 		if (!vlan)
156 			return false;
157 
158 		proto = vlan->h_vlan_encapsulated_proto;
159 		nhoff += sizeof(*vlan);
160 		goto again;
161 	}
162 	case htons(ETH_P_PPP_SES): {
163 		struct {
164 			struct pppoe_hdr hdr;
165 			__be16 proto;
166 		} *hdr, _hdr;
167 		hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
168 		if (!hdr)
169 			return false;
170 		proto = hdr->proto;
171 		nhoff += PPPOE_SES_HLEN;
172 		switch (proto) {
173 		case htons(PPP_IP):
174 			goto ip;
175 		case htons(PPP_IPV6):
176 			goto ipv6;
177 		default:
178 			return false;
179 		}
180 	}
181 	case htons(ETH_P_FCOE):
182 		flow->thoff = (u16)(nhoff + FCOE_HEADER_LEN);
183 		/* fall through */
184 	default:
185 		return false;
186 	}
187 
188 	switch (ip_proto) {
189 	case IPPROTO_GRE: {
190 		struct gre_hdr {
191 			__be16 flags;
192 			__be16 proto;
193 		} *hdr, _hdr;
194 
195 		hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
196 		if (!hdr)
197 			return false;
198 		/*
199 		 * Only look inside GRE if version zero and no
200 		 * routing
201 		 */
202 		if (!(hdr->flags & (GRE_VERSION|GRE_ROUTING))) {
203 			proto = hdr->proto;
204 			nhoff += 4;
205 			if (hdr->flags & GRE_CSUM)
206 				nhoff += 4;
207 			if (hdr->flags & GRE_KEY)
208 				nhoff += 4;
209 			if (hdr->flags & GRE_SEQ)
210 				nhoff += 4;
211 			if (proto == htons(ETH_P_TEB)) {
212 				const struct ethhdr *eth;
213 				struct ethhdr _eth;
214 
215 				eth = __skb_header_pointer(skb, nhoff,
216 							   sizeof(_eth),
217 							   data, hlen, &_eth);
218 				if (!eth)
219 					return false;
220 				proto = eth->h_proto;
221 				nhoff += sizeof(*eth);
222 			}
223 			goto again;
224 		}
225 		break;
226 	}
227 	case IPPROTO_IPIP:
228 		proto = htons(ETH_P_IP);
229 		goto ip;
230 	case IPPROTO_IPV6:
231 		proto = htons(ETH_P_IPV6);
232 		goto ipv6;
233 	default:
234 		break;
235 	}
236 
237 	flow->n_proto = proto;
238 	flow->ip_proto = ip_proto;
239 	flow->thoff = (u16) nhoff;
240 
241 	/* unless skb is set we don't need to record port info */
242 	if (skb)
243 		flow->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
244 						   data, hlen);
245 
246 	return true;
247 }
248 EXPORT_SYMBOL(__skb_flow_dissect);
249 
250 static u32 hashrnd __read_mostly;
251 static __always_inline void __flow_hash_secret_init(void)
252 {
253 	net_get_random_once(&hashrnd, sizeof(hashrnd));
254 }
255 
256 static __always_inline u32 __flow_hash_3words(u32 a, u32 b, u32 c)
257 {
258 	__flow_hash_secret_init();
259 	return jhash_3words(a, b, c, hashrnd);
260 }
261 
262 static inline u32 __flow_hash_from_keys(struct flow_keys *keys)
263 {
264 	u32 hash;
265 
266 	/* get a consistent hash (same value on both flow directions) */
267 	if (((__force u32)keys->dst < (__force u32)keys->src) ||
268 	    (((__force u32)keys->dst == (__force u32)keys->src) &&
269 	     ((__force u16)keys->port16[1] < (__force u16)keys->port16[0]))) {
270 		swap(keys->dst, keys->src);
271 		swap(keys->port16[0], keys->port16[1]);
272 	}
273 
274 	hash = __flow_hash_3words((__force u32)keys->dst,
275 				  (__force u32)keys->src,
276 				  (__force u32)keys->ports);
277 	if (!hash)
278 		hash = 1;
279 
280 	return hash;
281 }
282 
283 u32 flow_hash_from_keys(struct flow_keys *keys)
284 {
285 	return __flow_hash_from_keys(keys);
286 }
287 EXPORT_SYMBOL(flow_hash_from_keys);
288 
289 /*
290  * __skb_get_hash: calculate a flow hash based on src/dst addresses
291  * and src/dst port numbers.  Sets hash in skb to non-zero hash value
292  * on success, zero indicates no valid hash.  Also, sets l4_hash in skb
293  * if hash is a canonical 4-tuple hash over transport ports.
294  */
295 void __skb_get_hash(struct sk_buff *skb)
296 {
297 	struct flow_keys keys;
298 
299 	if (!skb_flow_dissect(skb, &keys))
300 		return;
301 
302 	if (keys.ports)
303 		skb->l4_hash = 1;
304 
305 	skb->sw_hash = 1;
306 
307 	skb->hash = __flow_hash_from_keys(&keys);
308 }
309 EXPORT_SYMBOL(__skb_get_hash);
310 
311 /*
312  * Returns a Tx hash based on the given packet descriptor a Tx queues' number
313  * to be used as a distribution range.
314  */
315 u16 __skb_tx_hash(const struct net_device *dev, struct sk_buff *skb,
316 		  unsigned int num_tx_queues)
317 {
318 	u32 hash;
319 	u16 qoffset = 0;
320 	u16 qcount = num_tx_queues;
321 
322 	if (skb_rx_queue_recorded(skb)) {
323 		hash = skb_get_rx_queue(skb);
324 		while (unlikely(hash >= num_tx_queues))
325 			hash -= num_tx_queues;
326 		return hash;
327 	}
328 
329 	if (dev->num_tc) {
330 		u8 tc = netdev_get_prio_tc_map(dev, skb->priority);
331 		qoffset = dev->tc_to_txq[tc].offset;
332 		qcount = dev->tc_to_txq[tc].count;
333 	}
334 
335 	return (u16) reciprocal_scale(skb_get_hash(skb), qcount) + qoffset;
336 }
337 EXPORT_SYMBOL(__skb_tx_hash);
338 
339 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
340 		   const struct flow_keys *keys, int hlen)
341 {
342 	u32 poff = keys->thoff;
343 
344 	switch (keys->ip_proto) {
345 	case IPPROTO_TCP: {
346 		/* access doff as u8 to avoid unaligned access */
347 		const u8 *doff;
348 		u8 _doff;
349 
350 		doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
351 					    data, hlen, &_doff);
352 		if (!doff)
353 			return poff;
354 
355 		poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
356 		break;
357 	}
358 	case IPPROTO_UDP:
359 	case IPPROTO_UDPLITE:
360 		poff += sizeof(struct udphdr);
361 		break;
362 	/* For the rest, we do not really care about header
363 	 * extensions at this point for now.
364 	 */
365 	case IPPROTO_ICMP:
366 		poff += sizeof(struct icmphdr);
367 		break;
368 	case IPPROTO_ICMPV6:
369 		poff += sizeof(struct icmp6hdr);
370 		break;
371 	case IPPROTO_IGMP:
372 		poff += sizeof(struct igmphdr);
373 		break;
374 	case IPPROTO_DCCP:
375 		poff += sizeof(struct dccp_hdr);
376 		break;
377 	case IPPROTO_SCTP:
378 		poff += sizeof(struct sctphdr);
379 		break;
380 	}
381 
382 	return poff;
383 }
384 
385 /* skb_get_poff() returns the offset to the payload as far as it could
386  * be dissected. The main user is currently BPF, so that we can dynamically
387  * truncate packets without needing to push actual payload to the user
388  * space and can analyze headers only, instead.
389  */
390 u32 skb_get_poff(const struct sk_buff *skb)
391 {
392 	struct flow_keys keys;
393 
394 	if (!skb_flow_dissect(skb, &keys))
395 		return 0;
396 
397 	return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
398 }
399 
400 static inline int get_xps_queue(struct net_device *dev, struct sk_buff *skb)
401 {
402 #ifdef CONFIG_XPS
403 	struct xps_dev_maps *dev_maps;
404 	struct xps_map *map;
405 	int queue_index = -1;
406 
407 	rcu_read_lock();
408 	dev_maps = rcu_dereference(dev->xps_maps);
409 	if (dev_maps) {
410 		map = rcu_dereference(
411 		    dev_maps->cpu_map[raw_smp_processor_id()]);
412 		if (map) {
413 			if (map->len == 1)
414 				queue_index = map->queues[0];
415 			else
416 				queue_index = map->queues[reciprocal_scale(skb_get_hash(skb),
417 									   map->len)];
418 			if (unlikely(queue_index >= dev->real_num_tx_queues))
419 				queue_index = -1;
420 		}
421 	}
422 	rcu_read_unlock();
423 
424 	return queue_index;
425 #else
426 	return -1;
427 #endif
428 }
429 
430 static u16 __netdev_pick_tx(struct net_device *dev, struct sk_buff *skb)
431 {
432 	struct sock *sk = skb->sk;
433 	int queue_index = sk_tx_queue_get(sk);
434 
435 	if (queue_index < 0 || skb->ooo_okay ||
436 	    queue_index >= dev->real_num_tx_queues) {
437 		int new_index = get_xps_queue(dev, skb);
438 		if (new_index < 0)
439 			new_index = skb_tx_hash(dev, skb);
440 
441 		if (queue_index != new_index && sk &&
442 		    rcu_access_pointer(sk->sk_dst_cache))
443 			sk_tx_queue_set(sk, new_index);
444 
445 		queue_index = new_index;
446 	}
447 
448 	return queue_index;
449 }
450 
451 struct netdev_queue *netdev_pick_tx(struct net_device *dev,
452 				    struct sk_buff *skb,
453 				    void *accel_priv)
454 {
455 	int queue_index = 0;
456 
457 	if (dev->real_num_tx_queues != 1) {
458 		const struct net_device_ops *ops = dev->netdev_ops;
459 		if (ops->ndo_select_queue)
460 			queue_index = ops->ndo_select_queue(dev, skb, accel_priv,
461 							    __netdev_pick_tx);
462 		else
463 			queue_index = __netdev_pick_tx(dev, skb);
464 
465 		if (!accel_priv)
466 			queue_index = netdev_cap_txqueue(dev, queue_index);
467 	}
468 
469 	skb_set_queue_mapping(skb, queue_index);
470 	return netdev_get_tx_queue(dev, queue_index);
471 }
472