xref: /openbmc/linux/net/core/flow_dissector.c (revision 8ffdff6a)
1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <linux/kernel.h>
3 #include <linux/skbuff.h>
4 #include <linux/export.h>
5 #include <linux/ip.h>
6 #include <linux/ipv6.h>
7 #include <linux/if_vlan.h>
8 #include <net/dsa.h>
9 #include <net/dst_metadata.h>
10 #include <net/ip.h>
11 #include <net/ipv6.h>
12 #include <net/gre.h>
13 #include <net/pptp.h>
14 #include <net/tipc.h>
15 #include <linux/igmp.h>
16 #include <linux/icmp.h>
17 #include <linux/sctp.h>
18 #include <linux/dccp.h>
19 #include <linux/if_tunnel.h>
20 #include <linux/if_pppox.h>
21 #include <linux/ppp_defs.h>
22 #include <linux/stddef.h>
23 #include <linux/if_ether.h>
24 #include <linux/mpls.h>
25 #include <linux/tcp.h>
26 #include <linux/ptp_classify.h>
27 #include <net/flow_dissector.h>
28 #include <scsi/fc/fc_fcoe.h>
29 #include <uapi/linux/batadv_packet.h>
30 #include <linux/bpf.h>
31 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
32 #include <net/netfilter/nf_conntrack_core.h>
33 #include <net/netfilter/nf_conntrack_labels.h>
34 #endif
35 #include <linux/bpf-netns.h>
36 
37 static void dissector_set_key(struct flow_dissector *flow_dissector,
38 			      enum flow_dissector_key_id key_id)
39 {
40 	flow_dissector->used_keys |= (1 << key_id);
41 }
42 
43 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
44 			     const struct flow_dissector_key *key,
45 			     unsigned int key_count)
46 {
47 	unsigned int i;
48 
49 	memset(flow_dissector, 0, sizeof(*flow_dissector));
50 
51 	for (i = 0; i < key_count; i++, key++) {
52 		/* User should make sure that every key target offset is within
53 		 * boundaries of unsigned short.
54 		 */
55 		BUG_ON(key->offset > USHRT_MAX);
56 		BUG_ON(dissector_uses_key(flow_dissector,
57 					  key->key_id));
58 
59 		dissector_set_key(flow_dissector, key->key_id);
60 		flow_dissector->offset[key->key_id] = key->offset;
61 	}
62 
63 	/* Ensure that the dissector always includes control and basic key.
64 	 * That way we are able to avoid handling lack of these in fast path.
65 	 */
66 	BUG_ON(!dissector_uses_key(flow_dissector,
67 				   FLOW_DISSECTOR_KEY_CONTROL));
68 	BUG_ON(!dissector_uses_key(flow_dissector,
69 				   FLOW_DISSECTOR_KEY_BASIC));
70 }
71 EXPORT_SYMBOL(skb_flow_dissector_init);
72 
73 #ifdef CONFIG_BPF_SYSCALL
74 int flow_dissector_bpf_prog_attach_check(struct net *net,
75 					 struct bpf_prog *prog)
76 {
77 	enum netns_bpf_attach_type type = NETNS_BPF_FLOW_DISSECTOR;
78 
79 	if (net == &init_net) {
80 		/* BPF flow dissector in the root namespace overrides
81 		 * any per-net-namespace one. When attaching to root,
82 		 * make sure we don't have any BPF program attached
83 		 * to the non-root namespaces.
84 		 */
85 		struct net *ns;
86 
87 		for_each_net(ns) {
88 			if (ns == &init_net)
89 				continue;
90 			if (rcu_access_pointer(ns->bpf.run_array[type]))
91 				return -EEXIST;
92 		}
93 	} else {
94 		/* Make sure root flow dissector is not attached
95 		 * when attaching to the non-root namespace.
96 		 */
97 		if (rcu_access_pointer(init_net.bpf.run_array[type]))
98 			return -EEXIST;
99 	}
100 
101 	return 0;
102 }
103 #endif /* CONFIG_BPF_SYSCALL */
104 
105 /**
106  * __skb_flow_get_ports - extract the upper layer ports and return them
107  * @skb: sk_buff to extract the ports from
108  * @thoff: transport header offset
109  * @ip_proto: protocol for which to get port offset
110  * @data: raw buffer pointer to the packet, if NULL use skb->data
111  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
112  *
113  * The function will try to retrieve the ports at offset thoff + poff where poff
114  * is the protocol port offset returned from proto_ports_offset
115  */
116 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
117 			    void *data, int hlen)
118 {
119 	int poff = proto_ports_offset(ip_proto);
120 
121 	if (!data) {
122 		data = skb->data;
123 		hlen = skb_headlen(skb);
124 	}
125 
126 	if (poff >= 0) {
127 		__be32 *ports, _ports;
128 
129 		ports = __skb_header_pointer(skb, thoff + poff,
130 					     sizeof(_ports), data, hlen, &_ports);
131 		if (ports)
132 			return *ports;
133 	}
134 
135 	return 0;
136 }
137 EXPORT_SYMBOL(__skb_flow_get_ports);
138 
139 static bool icmp_has_id(u8 type)
140 {
141 	switch (type) {
142 	case ICMP_ECHO:
143 	case ICMP_ECHOREPLY:
144 	case ICMP_TIMESTAMP:
145 	case ICMP_TIMESTAMPREPLY:
146 	case ICMPV6_ECHO_REQUEST:
147 	case ICMPV6_ECHO_REPLY:
148 		return true;
149 	}
150 
151 	return false;
152 }
153 
154 /**
155  * skb_flow_get_icmp_tci - extract ICMP(6) Type, Code and Identifier fields
156  * @skb: sk_buff to extract from
157  * @key_icmp: struct flow_dissector_key_icmp to fill
158  * @data: raw buffer pointer to the packet
159  * @thoff: offset to extract at
160  * @hlen: packet header length
161  */
162 void skb_flow_get_icmp_tci(const struct sk_buff *skb,
163 			   struct flow_dissector_key_icmp *key_icmp,
164 			   void *data, int thoff, int hlen)
165 {
166 	struct icmphdr *ih, _ih;
167 
168 	ih = __skb_header_pointer(skb, thoff, sizeof(_ih), data, hlen, &_ih);
169 	if (!ih)
170 		return;
171 
172 	key_icmp->type = ih->type;
173 	key_icmp->code = ih->code;
174 
175 	/* As we use 0 to signal that the Id field is not present,
176 	 * avoid confusion with packets without such field
177 	 */
178 	if (icmp_has_id(ih->type))
179 		key_icmp->id = ih->un.echo.id ? ntohs(ih->un.echo.id) : 1;
180 	else
181 		key_icmp->id = 0;
182 }
183 EXPORT_SYMBOL(skb_flow_get_icmp_tci);
184 
185 /* If FLOW_DISSECTOR_KEY_ICMP is set, dissect an ICMP packet
186  * using skb_flow_get_icmp_tci().
187  */
188 static void __skb_flow_dissect_icmp(const struct sk_buff *skb,
189 				    struct flow_dissector *flow_dissector,
190 				    void *target_container,
191 				    void *data, int thoff, int hlen)
192 {
193 	struct flow_dissector_key_icmp *key_icmp;
194 
195 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ICMP))
196 		return;
197 
198 	key_icmp = skb_flow_dissector_target(flow_dissector,
199 					     FLOW_DISSECTOR_KEY_ICMP,
200 					     target_container);
201 
202 	skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen);
203 }
204 
205 void skb_flow_dissect_meta(const struct sk_buff *skb,
206 			   struct flow_dissector *flow_dissector,
207 			   void *target_container)
208 {
209 	struct flow_dissector_key_meta *meta;
210 
211 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_META))
212 		return;
213 
214 	meta = skb_flow_dissector_target(flow_dissector,
215 					 FLOW_DISSECTOR_KEY_META,
216 					 target_container);
217 	meta->ingress_ifindex = skb->skb_iif;
218 }
219 EXPORT_SYMBOL(skb_flow_dissect_meta);
220 
221 static void
222 skb_flow_dissect_set_enc_addr_type(enum flow_dissector_key_id type,
223 				   struct flow_dissector *flow_dissector,
224 				   void *target_container)
225 {
226 	struct flow_dissector_key_control *ctrl;
227 
228 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_CONTROL))
229 		return;
230 
231 	ctrl = skb_flow_dissector_target(flow_dissector,
232 					 FLOW_DISSECTOR_KEY_ENC_CONTROL,
233 					 target_container);
234 	ctrl->addr_type = type;
235 }
236 
237 void
238 skb_flow_dissect_ct(const struct sk_buff *skb,
239 		    struct flow_dissector *flow_dissector,
240 		    void *target_container, u16 *ctinfo_map,
241 		    size_t mapsize, bool post_ct)
242 {
243 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
244 	struct flow_dissector_key_ct *key;
245 	enum ip_conntrack_info ctinfo;
246 	struct nf_conn_labels *cl;
247 	struct nf_conn *ct;
248 
249 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_CT))
250 		return;
251 
252 	ct = nf_ct_get(skb, &ctinfo);
253 	if (!ct && !post_ct)
254 		return;
255 
256 	key = skb_flow_dissector_target(flow_dissector,
257 					FLOW_DISSECTOR_KEY_CT,
258 					target_container);
259 
260 	if (!ct) {
261 		key->ct_state = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
262 				TCA_FLOWER_KEY_CT_FLAGS_INVALID;
263 		return;
264 	}
265 
266 	if (ctinfo < mapsize)
267 		key->ct_state = ctinfo_map[ctinfo];
268 #if IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)
269 	key->ct_zone = ct->zone.id;
270 #endif
271 #if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
272 	key->ct_mark = ct->mark;
273 #endif
274 
275 	cl = nf_ct_labels_find(ct);
276 	if (cl)
277 		memcpy(key->ct_labels, cl->bits, sizeof(key->ct_labels));
278 #endif /* CONFIG_NF_CONNTRACK */
279 }
280 EXPORT_SYMBOL(skb_flow_dissect_ct);
281 
282 void
283 skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
284 			     struct flow_dissector *flow_dissector,
285 			     void *target_container)
286 {
287 	struct ip_tunnel_info *info;
288 	struct ip_tunnel_key *key;
289 
290 	/* A quick check to see if there might be something to do. */
291 	if (!dissector_uses_key(flow_dissector,
292 				FLOW_DISSECTOR_KEY_ENC_KEYID) &&
293 	    !dissector_uses_key(flow_dissector,
294 				FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) &&
295 	    !dissector_uses_key(flow_dissector,
296 				FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) &&
297 	    !dissector_uses_key(flow_dissector,
298 				FLOW_DISSECTOR_KEY_ENC_CONTROL) &&
299 	    !dissector_uses_key(flow_dissector,
300 				FLOW_DISSECTOR_KEY_ENC_PORTS) &&
301 	    !dissector_uses_key(flow_dissector,
302 				FLOW_DISSECTOR_KEY_ENC_IP) &&
303 	    !dissector_uses_key(flow_dissector,
304 				FLOW_DISSECTOR_KEY_ENC_OPTS))
305 		return;
306 
307 	info = skb_tunnel_info(skb);
308 	if (!info)
309 		return;
310 
311 	key = &info->key;
312 
313 	switch (ip_tunnel_info_af(info)) {
314 	case AF_INET:
315 		skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV4_ADDRS,
316 						   flow_dissector,
317 						   target_container);
318 		if (dissector_uses_key(flow_dissector,
319 				       FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS)) {
320 			struct flow_dissector_key_ipv4_addrs *ipv4;
321 
322 			ipv4 = skb_flow_dissector_target(flow_dissector,
323 							 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS,
324 							 target_container);
325 			ipv4->src = key->u.ipv4.src;
326 			ipv4->dst = key->u.ipv4.dst;
327 		}
328 		break;
329 	case AF_INET6:
330 		skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV6_ADDRS,
331 						   flow_dissector,
332 						   target_container);
333 		if (dissector_uses_key(flow_dissector,
334 				       FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS)) {
335 			struct flow_dissector_key_ipv6_addrs *ipv6;
336 
337 			ipv6 = skb_flow_dissector_target(flow_dissector,
338 							 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS,
339 							 target_container);
340 			ipv6->src = key->u.ipv6.src;
341 			ipv6->dst = key->u.ipv6.dst;
342 		}
343 		break;
344 	}
345 
346 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
347 		struct flow_dissector_key_keyid *keyid;
348 
349 		keyid = skb_flow_dissector_target(flow_dissector,
350 						  FLOW_DISSECTOR_KEY_ENC_KEYID,
351 						  target_container);
352 		keyid->keyid = tunnel_id_to_key32(key->tun_id);
353 	}
354 
355 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_PORTS)) {
356 		struct flow_dissector_key_ports *tp;
357 
358 		tp = skb_flow_dissector_target(flow_dissector,
359 					       FLOW_DISSECTOR_KEY_ENC_PORTS,
360 					       target_container);
361 		tp->src = key->tp_src;
362 		tp->dst = key->tp_dst;
363 	}
364 
365 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_IP)) {
366 		struct flow_dissector_key_ip *ip;
367 
368 		ip = skb_flow_dissector_target(flow_dissector,
369 					       FLOW_DISSECTOR_KEY_ENC_IP,
370 					       target_container);
371 		ip->tos = key->tos;
372 		ip->ttl = key->ttl;
373 	}
374 
375 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_OPTS)) {
376 		struct flow_dissector_key_enc_opts *enc_opt;
377 
378 		enc_opt = skb_flow_dissector_target(flow_dissector,
379 						    FLOW_DISSECTOR_KEY_ENC_OPTS,
380 						    target_container);
381 
382 		if (info->options_len) {
383 			enc_opt->len = info->options_len;
384 			ip_tunnel_info_opts_get(enc_opt->data, info);
385 			enc_opt->dst_opt_type = info->key.tun_flags &
386 						TUNNEL_OPTIONS_PRESENT;
387 		}
388 	}
389 }
390 EXPORT_SYMBOL(skb_flow_dissect_tunnel_info);
391 
392 void skb_flow_dissect_hash(const struct sk_buff *skb,
393 			   struct flow_dissector *flow_dissector,
394 			   void *target_container)
395 {
396 	struct flow_dissector_key_hash *key;
397 
398 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_HASH))
399 		return;
400 
401 	key = skb_flow_dissector_target(flow_dissector,
402 					FLOW_DISSECTOR_KEY_HASH,
403 					target_container);
404 
405 	key->hash = skb_get_hash_raw(skb);
406 }
407 EXPORT_SYMBOL(skb_flow_dissect_hash);
408 
409 static enum flow_dissect_ret
410 __skb_flow_dissect_mpls(const struct sk_buff *skb,
411 			struct flow_dissector *flow_dissector,
412 			void *target_container, void *data, int nhoff, int hlen,
413 			int lse_index, bool *entropy_label)
414 {
415 	struct mpls_label *hdr, _hdr;
416 	u32 entry, label, bos;
417 
418 	if (!dissector_uses_key(flow_dissector,
419 				FLOW_DISSECTOR_KEY_MPLS_ENTROPY) &&
420 	    !dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_MPLS))
421 		return FLOW_DISSECT_RET_OUT_GOOD;
422 
423 	if (lse_index >= FLOW_DIS_MPLS_MAX)
424 		return FLOW_DISSECT_RET_OUT_GOOD;
425 
426 	hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
427 				   hlen, &_hdr);
428 	if (!hdr)
429 		return FLOW_DISSECT_RET_OUT_BAD;
430 
431 	entry = ntohl(hdr->entry);
432 	label = (entry & MPLS_LS_LABEL_MASK) >> MPLS_LS_LABEL_SHIFT;
433 	bos = (entry & MPLS_LS_S_MASK) >> MPLS_LS_S_SHIFT;
434 
435 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_MPLS)) {
436 		struct flow_dissector_key_mpls *key_mpls;
437 		struct flow_dissector_mpls_lse *lse;
438 
439 		key_mpls = skb_flow_dissector_target(flow_dissector,
440 						     FLOW_DISSECTOR_KEY_MPLS,
441 						     target_container);
442 		lse = &key_mpls->ls[lse_index];
443 
444 		lse->mpls_ttl = (entry & MPLS_LS_TTL_MASK) >> MPLS_LS_TTL_SHIFT;
445 		lse->mpls_bos = bos;
446 		lse->mpls_tc = (entry & MPLS_LS_TC_MASK) >> MPLS_LS_TC_SHIFT;
447 		lse->mpls_label = label;
448 		dissector_set_mpls_lse(key_mpls, lse_index);
449 	}
450 
451 	if (*entropy_label &&
452 	    dissector_uses_key(flow_dissector,
453 			       FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) {
454 		struct flow_dissector_key_keyid *key_keyid;
455 
456 		key_keyid = skb_flow_dissector_target(flow_dissector,
457 						      FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
458 						      target_container);
459 		key_keyid->keyid = cpu_to_be32(label);
460 	}
461 
462 	*entropy_label = label == MPLS_LABEL_ENTROPY;
463 
464 	return bos ? FLOW_DISSECT_RET_OUT_GOOD : FLOW_DISSECT_RET_PROTO_AGAIN;
465 }
466 
467 static enum flow_dissect_ret
468 __skb_flow_dissect_arp(const struct sk_buff *skb,
469 		       struct flow_dissector *flow_dissector,
470 		       void *target_container, void *data, int nhoff, int hlen)
471 {
472 	struct flow_dissector_key_arp *key_arp;
473 	struct {
474 		unsigned char ar_sha[ETH_ALEN];
475 		unsigned char ar_sip[4];
476 		unsigned char ar_tha[ETH_ALEN];
477 		unsigned char ar_tip[4];
478 	} *arp_eth, _arp_eth;
479 	const struct arphdr *arp;
480 	struct arphdr _arp;
481 
482 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ARP))
483 		return FLOW_DISSECT_RET_OUT_GOOD;
484 
485 	arp = __skb_header_pointer(skb, nhoff, sizeof(_arp), data,
486 				   hlen, &_arp);
487 	if (!arp)
488 		return FLOW_DISSECT_RET_OUT_BAD;
489 
490 	if (arp->ar_hrd != htons(ARPHRD_ETHER) ||
491 	    arp->ar_pro != htons(ETH_P_IP) ||
492 	    arp->ar_hln != ETH_ALEN ||
493 	    arp->ar_pln != 4 ||
494 	    (arp->ar_op != htons(ARPOP_REPLY) &&
495 	     arp->ar_op != htons(ARPOP_REQUEST)))
496 		return FLOW_DISSECT_RET_OUT_BAD;
497 
498 	arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
499 				       sizeof(_arp_eth), data,
500 				       hlen, &_arp_eth);
501 	if (!arp_eth)
502 		return FLOW_DISSECT_RET_OUT_BAD;
503 
504 	key_arp = skb_flow_dissector_target(flow_dissector,
505 					    FLOW_DISSECTOR_KEY_ARP,
506 					    target_container);
507 
508 	memcpy(&key_arp->sip, arp_eth->ar_sip, sizeof(key_arp->sip));
509 	memcpy(&key_arp->tip, arp_eth->ar_tip, sizeof(key_arp->tip));
510 
511 	/* Only store the lower byte of the opcode;
512 	 * this covers ARPOP_REPLY and ARPOP_REQUEST.
513 	 */
514 	key_arp->op = ntohs(arp->ar_op) & 0xff;
515 
516 	ether_addr_copy(key_arp->sha, arp_eth->ar_sha);
517 	ether_addr_copy(key_arp->tha, arp_eth->ar_tha);
518 
519 	return FLOW_DISSECT_RET_OUT_GOOD;
520 }
521 
522 static enum flow_dissect_ret
523 __skb_flow_dissect_gre(const struct sk_buff *skb,
524 		       struct flow_dissector_key_control *key_control,
525 		       struct flow_dissector *flow_dissector,
526 		       void *target_container, void *data,
527 		       __be16 *p_proto, int *p_nhoff, int *p_hlen,
528 		       unsigned int flags)
529 {
530 	struct flow_dissector_key_keyid *key_keyid;
531 	struct gre_base_hdr *hdr, _hdr;
532 	int offset = 0;
533 	u16 gre_ver;
534 
535 	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr),
536 				   data, *p_hlen, &_hdr);
537 	if (!hdr)
538 		return FLOW_DISSECT_RET_OUT_BAD;
539 
540 	/* Only look inside GRE without routing */
541 	if (hdr->flags & GRE_ROUTING)
542 		return FLOW_DISSECT_RET_OUT_GOOD;
543 
544 	/* Only look inside GRE for version 0 and 1 */
545 	gre_ver = ntohs(hdr->flags & GRE_VERSION);
546 	if (gre_ver > 1)
547 		return FLOW_DISSECT_RET_OUT_GOOD;
548 
549 	*p_proto = hdr->protocol;
550 	if (gre_ver) {
551 		/* Version1 must be PPTP, and check the flags */
552 		if (!(*p_proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
553 			return FLOW_DISSECT_RET_OUT_GOOD;
554 	}
555 
556 	offset += sizeof(struct gre_base_hdr);
557 
558 	if (hdr->flags & GRE_CSUM)
559 		offset += sizeof_field(struct gre_full_hdr, csum) +
560 			  sizeof_field(struct gre_full_hdr, reserved1);
561 
562 	if (hdr->flags & GRE_KEY) {
563 		const __be32 *keyid;
564 		__be32 _keyid;
565 
566 		keyid = __skb_header_pointer(skb, *p_nhoff + offset,
567 					     sizeof(_keyid),
568 					     data, *p_hlen, &_keyid);
569 		if (!keyid)
570 			return FLOW_DISSECT_RET_OUT_BAD;
571 
572 		if (dissector_uses_key(flow_dissector,
573 				       FLOW_DISSECTOR_KEY_GRE_KEYID)) {
574 			key_keyid = skb_flow_dissector_target(flow_dissector,
575 							      FLOW_DISSECTOR_KEY_GRE_KEYID,
576 							      target_container);
577 			if (gre_ver == 0)
578 				key_keyid->keyid = *keyid;
579 			else
580 				key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
581 		}
582 		offset += sizeof_field(struct gre_full_hdr, key);
583 	}
584 
585 	if (hdr->flags & GRE_SEQ)
586 		offset += sizeof_field(struct pptp_gre_header, seq);
587 
588 	if (gre_ver == 0) {
589 		if (*p_proto == htons(ETH_P_TEB)) {
590 			const struct ethhdr *eth;
591 			struct ethhdr _eth;
592 
593 			eth = __skb_header_pointer(skb, *p_nhoff + offset,
594 						   sizeof(_eth),
595 						   data, *p_hlen, &_eth);
596 			if (!eth)
597 				return FLOW_DISSECT_RET_OUT_BAD;
598 			*p_proto = eth->h_proto;
599 			offset += sizeof(*eth);
600 
601 			/* Cap headers that we access via pointers at the
602 			 * end of the Ethernet header as our maximum alignment
603 			 * at that point is only 2 bytes.
604 			 */
605 			if (NET_IP_ALIGN)
606 				*p_hlen = *p_nhoff + offset;
607 		}
608 	} else { /* version 1, must be PPTP */
609 		u8 _ppp_hdr[PPP_HDRLEN];
610 		u8 *ppp_hdr;
611 
612 		if (hdr->flags & GRE_ACK)
613 			offset += sizeof_field(struct pptp_gre_header, ack);
614 
615 		ppp_hdr = __skb_header_pointer(skb, *p_nhoff + offset,
616 					       sizeof(_ppp_hdr),
617 					       data, *p_hlen, _ppp_hdr);
618 		if (!ppp_hdr)
619 			return FLOW_DISSECT_RET_OUT_BAD;
620 
621 		switch (PPP_PROTOCOL(ppp_hdr)) {
622 		case PPP_IP:
623 			*p_proto = htons(ETH_P_IP);
624 			break;
625 		case PPP_IPV6:
626 			*p_proto = htons(ETH_P_IPV6);
627 			break;
628 		default:
629 			/* Could probably catch some more like MPLS */
630 			break;
631 		}
632 
633 		offset += PPP_HDRLEN;
634 	}
635 
636 	*p_nhoff += offset;
637 	key_control->flags |= FLOW_DIS_ENCAPSULATION;
638 	if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
639 		return FLOW_DISSECT_RET_OUT_GOOD;
640 
641 	return FLOW_DISSECT_RET_PROTO_AGAIN;
642 }
643 
644 /**
645  * __skb_flow_dissect_batadv() - dissect batman-adv header
646  * @skb: sk_buff to with the batman-adv header
647  * @key_control: flow dissectors control key
648  * @data: raw buffer pointer to the packet, if NULL use skb->data
649  * @p_proto: pointer used to update the protocol to process next
650  * @p_nhoff: pointer used to update inner network header offset
651  * @hlen: packet header length
652  * @flags: any combination of FLOW_DISSECTOR_F_*
653  *
654  * ETH_P_BATMAN packets are tried to be dissected. Only
655  * &struct batadv_unicast packets are actually processed because they contain an
656  * inner ethernet header and are usually followed by actual network header. This
657  * allows the flow dissector to continue processing the packet.
658  *
659  * Return: FLOW_DISSECT_RET_PROTO_AGAIN when &struct batadv_unicast was found,
660  *  FLOW_DISSECT_RET_OUT_GOOD when dissector should stop after encapsulation,
661  *  otherwise FLOW_DISSECT_RET_OUT_BAD
662  */
663 static enum flow_dissect_ret
664 __skb_flow_dissect_batadv(const struct sk_buff *skb,
665 			  struct flow_dissector_key_control *key_control,
666 			  void *data, __be16 *p_proto, int *p_nhoff, int hlen,
667 			  unsigned int flags)
668 {
669 	struct {
670 		struct batadv_unicast_packet batadv_unicast;
671 		struct ethhdr eth;
672 	} *hdr, _hdr;
673 
674 	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
675 				   &_hdr);
676 	if (!hdr)
677 		return FLOW_DISSECT_RET_OUT_BAD;
678 
679 	if (hdr->batadv_unicast.version != BATADV_COMPAT_VERSION)
680 		return FLOW_DISSECT_RET_OUT_BAD;
681 
682 	if (hdr->batadv_unicast.packet_type != BATADV_UNICAST)
683 		return FLOW_DISSECT_RET_OUT_BAD;
684 
685 	*p_proto = hdr->eth.h_proto;
686 	*p_nhoff += sizeof(*hdr);
687 
688 	key_control->flags |= FLOW_DIS_ENCAPSULATION;
689 	if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
690 		return FLOW_DISSECT_RET_OUT_GOOD;
691 
692 	return FLOW_DISSECT_RET_PROTO_AGAIN;
693 }
694 
695 static void
696 __skb_flow_dissect_tcp(const struct sk_buff *skb,
697 		       struct flow_dissector *flow_dissector,
698 		       void *target_container, void *data, int thoff, int hlen)
699 {
700 	struct flow_dissector_key_tcp *key_tcp;
701 	struct tcphdr *th, _th;
702 
703 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_TCP))
704 		return;
705 
706 	th = __skb_header_pointer(skb, thoff, sizeof(_th), data, hlen, &_th);
707 	if (!th)
708 		return;
709 
710 	if (unlikely(__tcp_hdrlen(th) < sizeof(_th)))
711 		return;
712 
713 	key_tcp = skb_flow_dissector_target(flow_dissector,
714 					    FLOW_DISSECTOR_KEY_TCP,
715 					    target_container);
716 	key_tcp->flags = (*(__be16 *) &tcp_flag_word(th) & htons(0x0FFF));
717 }
718 
719 static void
720 __skb_flow_dissect_ports(const struct sk_buff *skb,
721 			 struct flow_dissector *flow_dissector,
722 			 void *target_container, void *data, int nhoff,
723 			 u8 ip_proto, int hlen)
724 {
725 	enum flow_dissector_key_id dissector_ports = FLOW_DISSECTOR_KEY_MAX;
726 	struct flow_dissector_key_ports *key_ports;
727 
728 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS))
729 		dissector_ports = FLOW_DISSECTOR_KEY_PORTS;
730 	else if (dissector_uses_key(flow_dissector,
731 				    FLOW_DISSECTOR_KEY_PORTS_RANGE))
732 		dissector_ports = FLOW_DISSECTOR_KEY_PORTS_RANGE;
733 
734 	if (dissector_ports == FLOW_DISSECTOR_KEY_MAX)
735 		return;
736 
737 	key_ports = skb_flow_dissector_target(flow_dissector,
738 					      dissector_ports,
739 					      target_container);
740 	key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
741 						data, hlen);
742 }
743 
744 static void
745 __skb_flow_dissect_ipv4(const struct sk_buff *skb,
746 			struct flow_dissector *flow_dissector,
747 			void *target_container, void *data, const struct iphdr *iph)
748 {
749 	struct flow_dissector_key_ip *key_ip;
750 
751 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
752 		return;
753 
754 	key_ip = skb_flow_dissector_target(flow_dissector,
755 					   FLOW_DISSECTOR_KEY_IP,
756 					   target_container);
757 	key_ip->tos = iph->tos;
758 	key_ip->ttl = iph->ttl;
759 }
760 
761 static void
762 __skb_flow_dissect_ipv6(const struct sk_buff *skb,
763 			struct flow_dissector *flow_dissector,
764 			void *target_container, void *data, const struct ipv6hdr *iph)
765 {
766 	struct flow_dissector_key_ip *key_ip;
767 
768 	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
769 		return;
770 
771 	key_ip = skb_flow_dissector_target(flow_dissector,
772 					   FLOW_DISSECTOR_KEY_IP,
773 					   target_container);
774 	key_ip->tos = ipv6_get_dsfield(iph);
775 	key_ip->ttl = iph->hop_limit;
776 }
777 
778 /* Maximum number of protocol headers that can be parsed in
779  * __skb_flow_dissect
780  */
781 #define MAX_FLOW_DISSECT_HDRS	15
782 
783 static bool skb_flow_dissect_allowed(int *num_hdrs)
784 {
785 	++*num_hdrs;
786 
787 	return (*num_hdrs <= MAX_FLOW_DISSECT_HDRS);
788 }
789 
790 static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys,
791 				     struct flow_dissector *flow_dissector,
792 				     void *target_container)
793 {
794 	struct flow_dissector_key_ports *key_ports = NULL;
795 	struct flow_dissector_key_control *key_control;
796 	struct flow_dissector_key_basic *key_basic;
797 	struct flow_dissector_key_addrs *key_addrs;
798 	struct flow_dissector_key_tags *key_tags;
799 
800 	key_control = skb_flow_dissector_target(flow_dissector,
801 						FLOW_DISSECTOR_KEY_CONTROL,
802 						target_container);
803 	key_control->thoff = flow_keys->thoff;
804 	if (flow_keys->is_frag)
805 		key_control->flags |= FLOW_DIS_IS_FRAGMENT;
806 	if (flow_keys->is_first_frag)
807 		key_control->flags |= FLOW_DIS_FIRST_FRAG;
808 	if (flow_keys->is_encap)
809 		key_control->flags |= FLOW_DIS_ENCAPSULATION;
810 
811 	key_basic = skb_flow_dissector_target(flow_dissector,
812 					      FLOW_DISSECTOR_KEY_BASIC,
813 					      target_container);
814 	key_basic->n_proto = flow_keys->n_proto;
815 	key_basic->ip_proto = flow_keys->ip_proto;
816 
817 	if (flow_keys->addr_proto == ETH_P_IP &&
818 	    dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
819 		key_addrs = skb_flow_dissector_target(flow_dissector,
820 						      FLOW_DISSECTOR_KEY_IPV4_ADDRS,
821 						      target_container);
822 		key_addrs->v4addrs.src = flow_keys->ipv4_src;
823 		key_addrs->v4addrs.dst = flow_keys->ipv4_dst;
824 		key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
825 	} else if (flow_keys->addr_proto == ETH_P_IPV6 &&
826 		   dissector_uses_key(flow_dissector,
827 				      FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
828 		key_addrs = skb_flow_dissector_target(flow_dissector,
829 						      FLOW_DISSECTOR_KEY_IPV6_ADDRS,
830 						      target_container);
831 		memcpy(&key_addrs->v6addrs, &flow_keys->ipv6_src,
832 		       sizeof(key_addrs->v6addrs));
833 		key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
834 	}
835 
836 	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS))
837 		key_ports = skb_flow_dissector_target(flow_dissector,
838 						      FLOW_DISSECTOR_KEY_PORTS,
839 						      target_container);
840 	else if (dissector_uses_key(flow_dissector,
841 				    FLOW_DISSECTOR_KEY_PORTS_RANGE))
842 		key_ports = skb_flow_dissector_target(flow_dissector,
843 						      FLOW_DISSECTOR_KEY_PORTS_RANGE,
844 						      target_container);
845 
846 	if (key_ports) {
847 		key_ports->src = flow_keys->sport;
848 		key_ports->dst = flow_keys->dport;
849 	}
850 
851 	if (dissector_uses_key(flow_dissector,
852 			       FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
853 		key_tags = skb_flow_dissector_target(flow_dissector,
854 						     FLOW_DISSECTOR_KEY_FLOW_LABEL,
855 						     target_container);
856 		key_tags->flow_label = ntohl(flow_keys->flow_label);
857 	}
858 }
859 
860 bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
861 		      __be16 proto, int nhoff, int hlen, unsigned int flags)
862 {
863 	struct bpf_flow_keys *flow_keys = ctx->flow_keys;
864 	u32 result;
865 
866 	/* Pass parameters to the BPF program */
867 	memset(flow_keys, 0, sizeof(*flow_keys));
868 	flow_keys->n_proto = proto;
869 	flow_keys->nhoff = nhoff;
870 	flow_keys->thoff = flow_keys->nhoff;
871 
872 	BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG !=
873 		     (int)FLOW_DISSECTOR_F_PARSE_1ST_FRAG);
874 	BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL !=
875 		     (int)FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
876 	BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP !=
877 		     (int)FLOW_DISSECTOR_F_STOP_AT_ENCAP);
878 	flow_keys->flags = flags;
879 
880 	result = bpf_prog_run_pin_on_cpu(prog, ctx);
881 
882 	flow_keys->nhoff = clamp_t(u16, flow_keys->nhoff, nhoff, hlen);
883 	flow_keys->thoff = clamp_t(u16, flow_keys->thoff,
884 				   flow_keys->nhoff, hlen);
885 
886 	return result == BPF_OK;
887 }
888 
889 /**
890  * __skb_flow_dissect - extract the flow_keys struct and return it
891  * @net: associated network namespace, derived from @skb if NULL
892  * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
893  * @flow_dissector: list of keys to dissect
894  * @target_container: target structure to put dissected values into
895  * @data: raw buffer pointer to the packet, if NULL use skb->data
896  * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
897  * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
898  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
899  * @flags: flags that control the dissection process, e.g.
900  *         FLOW_DISSECTOR_F_STOP_AT_ENCAP.
901  *
902  * The function will try to retrieve individual keys into target specified
903  * by flow_dissector from either the skbuff or a raw buffer specified by the
904  * rest parameters.
905  *
906  * Caller must take care of zeroing target container memory.
907  */
908 bool __skb_flow_dissect(const struct net *net,
909 			const struct sk_buff *skb,
910 			struct flow_dissector *flow_dissector,
911 			void *target_container,
912 			void *data, __be16 proto, int nhoff, int hlen,
913 			unsigned int flags)
914 {
915 	struct flow_dissector_key_control *key_control;
916 	struct flow_dissector_key_basic *key_basic;
917 	struct flow_dissector_key_addrs *key_addrs;
918 	struct flow_dissector_key_tags *key_tags;
919 	struct flow_dissector_key_vlan *key_vlan;
920 	enum flow_dissect_ret fdret;
921 	enum flow_dissector_key_id dissector_vlan = FLOW_DISSECTOR_KEY_MAX;
922 	bool mpls_el = false;
923 	int mpls_lse = 0;
924 	int num_hdrs = 0;
925 	u8 ip_proto = 0;
926 	bool ret;
927 
928 	if (!data) {
929 		data = skb->data;
930 		proto = skb_vlan_tag_present(skb) ?
931 			 skb->vlan_proto : skb->protocol;
932 		nhoff = skb_network_offset(skb);
933 		hlen = skb_headlen(skb);
934 #if IS_ENABLED(CONFIG_NET_DSA)
935 		if (unlikely(skb->dev && netdev_uses_dsa(skb->dev) &&
936 			     proto == htons(ETH_P_XDSA))) {
937 			const struct dsa_device_ops *ops;
938 			int offset = 0;
939 
940 			ops = skb->dev->dsa_ptr->tag_ops;
941 			/* Tail taggers don't break flow dissection */
942 			if (!ops->tail_tag) {
943 				if (ops->flow_dissect)
944 					ops->flow_dissect(skb, &proto, &offset);
945 				else
946 					dsa_tag_generic_flow_dissect(skb,
947 								     &proto,
948 								     &offset);
949 				hlen -= offset;
950 				nhoff += offset;
951 			}
952 		}
953 #endif
954 	}
955 
956 	/* It is ensured by skb_flow_dissector_init() that control key will
957 	 * be always present.
958 	 */
959 	key_control = skb_flow_dissector_target(flow_dissector,
960 						FLOW_DISSECTOR_KEY_CONTROL,
961 						target_container);
962 
963 	/* It is ensured by skb_flow_dissector_init() that basic key will
964 	 * be always present.
965 	 */
966 	key_basic = skb_flow_dissector_target(flow_dissector,
967 					      FLOW_DISSECTOR_KEY_BASIC,
968 					      target_container);
969 
970 	if (skb) {
971 		if (!net) {
972 			if (skb->dev)
973 				net = dev_net(skb->dev);
974 			else if (skb->sk)
975 				net = sock_net(skb->sk);
976 		}
977 	}
978 
979 	WARN_ON_ONCE(!net);
980 	if (net) {
981 		enum netns_bpf_attach_type type = NETNS_BPF_FLOW_DISSECTOR;
982 		struct bpf_prog_array *run_array;
983 
984 		rcu_read_lock();
985 		run_array = rcu_dereference(init_net.bpf.run_array[type]);
986 		if (!run_array)
987 			run_array = rcu_dereference(net->bpf.run_array[type]);
988 
989 		if (run_array) {
990 			struct bpf_flow_keys flow_keys;
991 			struct bpf_flow_dissector ctx = {
992 				.flow_keys = &flow_keys,
993 				.data = data,
994 				.data_end = data + hlen,
995 			};
996 			__be16 n_proto = proto;
997 			struct bpf_prog *prog;
998 
999 			if (skb) {
1000 				ctx.skb = skb;
1001 				/* we can't use 'proto' in the skb case
1002 				 * because it might be set to skb->vlan_proto
1003 				 * which has been pulled from the data
1004 				 */
1005 				n_proto = skb->protocol;
1006 			}
1007 
1008 			prog = READ_ONCE(run_array->items[0].prog);
1009 			ret = bpf_flow_dissect(prog, &ctx, n_proto, nhoff,
1010 					       hlen, flags);
1011 			__skb_flow_bpf_to_target(&flow_keys, flow_dissector,
1012 						 target_container);
1013 			rcu_read_unlock();
1014 			return ret;
1015 		}
1016 		rcu_read_unlock();
1017 	}
1018 
1019 	if (dissector_uses_key(flow_dissector,
1020 			       FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
1021 		struct ethhdr *eth = eth_hdr(skb);
1022 		struct flow_dissector_key_eth_addrs *key_eth_addrs;
1023 
1024 		key_eth_addrs = skb_flow_dissector_target(flow_dissector,
1025 							  FLOW_DISSECTOR_KEY_ETH_ADDRS,
1026 							  target_container);
1027 		memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
1028 	}
1029 
1030 proto_again:
1031 	fdret = FLOW_DISSECT_RET_CONTINUE;
1032 
1033 	switch (proto) {
1034 	case htons(ETH_P_IP): {
1035 		const struct iphdr *iph;
1036 		struct iphdr _iph;
1037 
1038 		iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
1039 		if (!iph || iph->ihl < 5) {
1040 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1041 			break;
1042 		}
1043 
1044 		nhoff += iph->ihl * 4;
1045 
1046 		ip_proto = iph->protocol;
1047 
1048 		if (dissector_uses_key(flow_dissector,
1049 				       FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
1050 			key_addrs = skb_flow_dissector_target(flow_dissector,
1051 							      FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1052 							      target_container);
1053 
1054 			memcpy(&key_addrs->v4addrs, &iph->saddr,
1055 			       sizeof(key_addrs->v4addrs));
1056 			key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1057 		}
1058 
1059 		__skb_flow_dissect_ipv4(skb, flow_dissector,
1060 					target_container, data, iph);
1061 
1062 		if (ip_is_fragment(iph)) {
1063 			key_control->flags |= FLOW_DIS_IS_FRAGMENT;
1064 
1065 			if (iph->frag_off & htons(IP_OFFSET)) {
1066 				fdret = FLOW_DISSECT_RET_OUT_GOOD;
1067 				break;
1068 			} else {
1069 				key_control->flags |= FLOW_DIS_FIRST_FRAG;
1070 				if (!(flags &
1071 				      FLOW_DISSECTOR_F_PARSE_1ST_FRAG)) {
1072 					fdret = FLOW_DISSECT_RET_OUT_GOOD;
1073 					break;
1074 				}
1075 			}
1076 		}
1077 
1078 		break;
1079 	}
1080 	case htons(ETH_P_IPV6): {
1081 		const struct ipv6hdr *iph;
1082 		struct ipv6hdr _iph;
1083 
1084 		iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
1085 		if (!iph) {
1086 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1087 			break;
1088 		}
1089 
1090 		ip_proto = iph->nexthdr;
1091 		nhoff += sizeof(struct ipv6hdr);
1092 
1093 		if (dissector_uses_key(flow_dissector,
1094 				       FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
1095 			key_addrs = skb_flow_dissector_target(flow_dissector,
1096 							      FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1097 							      target_container);
1098 
1099 			memcpy(&key_addrs->v6addrs, &iph->saddr,
1100 			       sizeof(key_addrs->v6addrs));
1101 			key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1102 		}
1103 
1104 		if ((dissector_uses_key(flow_dissector,
1105 					FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
1106 		     (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
1107 		    ip6_flowlabel(iph)) {
1108 			__be32 flow_label = ip6_flowlabel(iph);
1109 
1110 			if (dissector_uses_key(flow_dissector,
1111 					       FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
1112 				key_tags = skb_flow_dissector_target(flow_dissector,
1113 								     FLOW_DISSECTOR_KEY_FLOW_LABEL,
1114 								     target_container);
1115 				key_tags->flow_label = ntohl(flow_label);
1116 			}
1117 			if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL) {
1118 				fdret = FLOW_DISSECT_RET_OUT_GOOD;
1119 				break;
1120 			}
1121 		}
1122 
1123 		__skb_flow_dissect_ipv6(skb, flow_dissector,
1124 					target_container, data, iph);
1125 
1126 		break;
1127 	}
1128 	case htons(ETH_P_8021AD):
1129 	case htons(ETH_P_8021Q): {
1130 		const struct vlan_hdr *vlan = NULL;
1131 		struct vlan_hdr _vlan;
1132 		__be16 saved_vlan_tpid = proto;
1133 
1134 		if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX &&
1135 		    skb && skb_vlan_tag_present(skb)) {
1136 			proto = skb->protocol;
1137 		} else {
1138 			vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
1139 						    data, hlen, &_vlan);
1140 			if (!vlan) {
1141 				fdret = FLOW_DISSECT_RET_OUT_BAD;
1142 				break;
1143 			}
1144 
1145 			proto = vlan->h_vlan_encapsulated_proto;
1146 			nhoff += sizeof(*vlan);
1147 		}
1148 
1149 		if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX) {
1150 			dissector_vlan = FLOW_DISSECTOR_KEY_VLAN;
1151 		} else if (dissector_vlan == FLOW_DISSECTOR_KEY_VLAN) {
1152 			dissector_vlan = FLOW_DISSECTOR_KEY_CVLAN;
1153 		} else {
1154 			fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1155 			break;
1156 		}
1157 
1158 		if (dissector_uses_key(flow_dissector, dissector_vlan)) {
1159 			key_vlan = skb_flow_dissector_target(flow_dissector,
1160 							     dissector_vlan,
1161 							     target_container);
1162 
1163 			if (!vlan) {
1164 				key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
1165 				key_vlan->vlan_priority = skb_vlan_tag_get_prio(skb);
1166 			} else {
1167 				key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
1168 					VLAN_VID_MASK;
1169 				key_vlan->vlan_priority =
1170 					(ntohs(vlan->h_vlan_TCI) &
1171 					 VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
1172 			}
1173 			key_vlan->vlan_tpid = saved_vlan_tpid;
1174 		}
1175 
1176 		fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1177 		break;
1178 	}
1179 	case htons(ETH_P_PPP_SES): {
1180 		struct {
1181 			struct pppoe_hdr hdr;
1182 			__be16 proto;
1183 		} *hdr, _hdr;
1184 		hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
1185 		if (!hdr) {
1186 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1187 			break;
1188 		}
1189 
1190 		proto = hdr->proto;
1191 		nhoff += PPPOE_SES_HLEN;
1192 		switch (proto) {
1193 		case htons(PPP_IP):
1194 			proto = htons(ETH_P_IP);
1195 			fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1196 			break;
1197 		case htons(PPP_IPV6):
1198 			proto = htons(ETH_P_IPV6);
1199 			fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1200 			break;
1201 		default:
1202 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1203 			break;
1204 		}
1205 		break;
1206 	}
1207 	case htons(ETH_P_TIPC): {
1208 		struct tipc_basic_hdr *hdr, _hdr;
1209 
1210 		hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr),
1211 					   data, hlen, &_hdr);
1212 		if (!hdr) {
1213 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1214 			break;
1215 		}
1216 
1217 		if (dissector_uses_key(flow_dissector,
1218 				       FLOW_DISSECTOR_KEY_TIPC)) {
1219 			key_addrs = skb_flow_dissector_target(flow_dissector,
1220 							      FLOW_DISSECTOR_KEY_TIPC,
1221 							      target_container);
1222 			key_addrs->tipckey.key = tipc_hdr_rps_key(hdr);
1223 			key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC;
1224 		}
1225 		fdret = FLOW_DISSECT_RET_OUT_GOOD;
1226 		break;
1227 	}
1228 
1229 	case htons(ETH_P_MPLS_UC):
1230 	case htons(ETH_P_MPLS_MC):
1231 		fdret = __skb_flow_dissect_mpls(skb, flow_dissector,
1232 						target_container, data,
1233 						nhoff, hlen, mpls_lse,
1234 						&mpls_el);
1235 		nhoff += sizeof(struct mpls_label);
1236 		mpls_lse++;
1237 		break;
1238 	case htons(ETH_P_FCOE):
1239 		if ((hlen - nhoff) < FCOE_HEADER_LEN) {
1240 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1241 			break;
1242 		}
1243 
1244 		nhoff += FCOE_HEADER_LEN;
1245 		fdret = FLOW_DISSECT_RET_OUT_GOOD;
1246 		break;
1247 
1248 	case htons(ETH_P_ARP):
1249 	case htons(ETH_P_RARP):
1250 		fdret = __skb_flow_dissect_arp(skb, flow_dissector,
1251 					       target_container, data,
1252 					       nhoff, hlen);
1253 		break;
1254 
1255 	case htons(ETH_P_BATMAN):
1256 		fdret = __skb_flow_dissect_batadv(skb, key_control, data,
1257 						  &proto, &nhoff, hlen, flags);
1258 		break;
1259 
1260 	case htons(ETH_P_1588): {
1261 		struct ptp_header *hdr, _hdr;
1262 
1263 		hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
1264 					   hlen, &_hdr);
1265 		if (!hdr) {
1266 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1267 			break;
1268 		}
1269 
1270 		nhoff += ntohs(hdr->message_length);
1271 		fdret = FLOW_DISSECT_RET_OUT_GOOD;
1272 		break;
1273 	}
1274 
1275 	default:
1276 		fdret = FLOW_DISSECT_RET_OUT_BAD;
1277 		break;
1278 	}
1279 
1280 	/* Process result of proto processing */
1281 	switch (fdret) {
1282 	case FLOW_DISSECT_RET_OUT_GOOD:
1283 		goto out_good;
1284 	case FLOW_DISSECT_RET_PROTO_AGAIN:
1285 		if (skb_flow_dissect_allowed(&num_hdrs))
1286 			goto proto_again;
1287 		goto out_good;
1288 	case FLOW_DISSECT_RET_CONTINUE:
1289 	case FLOW_DISSECT_RET_IPPROTO_AGAIN:
1290 		break;
1291 	case FLOW_DISSECT_RET_OUT_BAD:
1292 	default:
1293 		goto out_bad;
1294 	}
1295 
1296 ip_proto_again:
1297 	fdret = FLOW_DISSECT_RET_CONTINUE;
1298 
1299 	switch (ip_proto) {
1300 	case IPPROTO_GRE:
1301 		fdret = __skb_flow_dissect_gre(skb, key_control, flow_dissector,
1302 					       target_container, data,
1303 					       &proto, &nhoff, &hlen, flags);
1304 		break;
1305 
1306 	case NEXTHDR_HOP:
1307 	case NEXTHDR_ROUTING:
1308 	case NEXTHDR_DEST: {
1309 		u8 _opthdr[2], *opthdr;
1310 
1311 		if (proto != htons(ETH_P_IPV6))
1312 			break;
1313 
1314 		opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
1315 					      data, hlen, &_opthdr);
1316 		if (!opthdr) {
1317 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1318 			break;
1319 		}
1320 
1321 		ip_proto = opthdr[0];
1322 		nhoff += (opthdr[1] + 1) << 3;
1323 
1324 		fdret = FLOW_DISSECT_RET_IPPROTO_AGAIN;
1325 		break;
1326 	}
1327 	case NEXTHDR_FRAGMENT: {
1328 		struct frag_hdr _fh, *fh;
1329 
1330 		if (proto != htons(ETH_P_IPV6))
1331 			break;
1332 
1333 		fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
1334 					  data, hlen, &_fh);
1335 
1336 		if (!fh) {
1337 			fdret = FLOW_DISSECT_RET_OUT_BAD;
1338 			break;
1339 		}
1340 
1341 		key_control->flags |= FLOW_DIS_IS_FRAGMENT;
1342 
1343 		nhoff += sizeof(_fh);
1344 		ip_proto = fh->nexthdr;
1345 
1346 		if (!(fh->frag_off & htons(IP6_OFFSET))) {
1347 			key_control->flags |= FLOW_DIS_FIRST_FRAG;
1348 			if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG) {
1349 				fdret = FLOW_DISSECT_RET_IPPROTO_AGAIN;
1350 				break;
1351 			}
1352 		}
1353 
1354 		fdret = FLOW_DISSECT_RET_OUT_GOOD;
1355 		break;
1356 	}
1357 	case IPPROTO_IPIP:
1358 		proto = htons(ETH_P_IP);
1359 
1360 		key_control->flags |= FLOW_DIS_ENCAPSULATION;
1361 		if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) {
1362 			fdret = FLOW_DISSECT_RET_OUT_GOOD;
1363 			break;
1364 		}
1365 
1366 		fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1367 		break;
1368 
1369 	case IPPROTO_IPV6:
1370 		proto = htons(ETH_P_IPV6);
1371 
1372 		key_control->flags |= FLOW_DIS_ENCAPSULATION;
1373 		if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) {
1374 			fdret = FLOW_DISSECT_RET_OUT_GOOD;
1375 			break;
1376 		}
1377 
1378 		fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1379 		break;
1380 
1381 
1382 	case IPPROTO_MPLS:
1383 		proto = htons(ETH_P_MPLS_UC);
1384 		fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1385 		break;
1386 
1387 	case IPPROTO_TCP:
1388 		__skb_flow_dissect_tcp(skb, flow_dissector, target_container,
1389 				       data, nhoff, hlen);
1390 		break;
1391 
1392 	case IPPROTO_ICMP:
1393 	case IPPROTO_ICMPV6:
1394 		__skb_flow_dissect_icmp(skb, flow_dissector, target_container,
1395 					data, nhoff, hlen);
1396 		break;
1397 
1398 	default:
1399 		break;
1400 	}
1401 
1402 	if (!(key_control->flags & FLOW_DIS_IS_FRAGMENT))
1403 		__skb_flow_dissect_ports(skb, flow_dissector, target_container,
1404 					 data, nhoff, ip_proto, hlen);
1405 
1406 	/* Process result of IP proto processing */
1407 	switch (fdret) {
1408 	case FLOW_DISSECT_RET_PROTO_AGAIN:
1409 		if (skb_flow_dissect_allowed(&num_hdrs))
1410 			goto proto_again;
1411 		break;
1412 	case FLOW_DISSECT_RET_IPPROTO_AGAIN:
1413 		if (skb_flow_dissect_allowed(&num_hdrs))
1414 			goto ip_proto_again;
1415 		break;
1416 	case FLOW_DISSECT_RET_OUT_GOOD:
1417 	case FLOW_DISSECT_RET_CONTINUE:
1418 		break;
1419 	case FLOW_DISSECT_RET_OUT_BAD:
1420 	default:
1421 		goto out_bad;
1422 	}
1423 
1424 out_good:
1425 	ret = true;
1426 
1427 out:
1428 	key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
1429 	key_basic->n_proto = proto;
1430 	key_basic->ip_proto = ip_proto;
1431 
1432 	return ret;
1433 
1434 out_bad:
1435 	ret = false;
1436 	goto out;
1437 }
1438 EXPORT_SYMBOL(__skb_flow_dissect);
1439 
1440 static siphash_key_t hashrnd __read_mostly;
1441 static __always_inline void __flow_hash_secret_init(void)
1442 {
1443 	net_get_random_once(&hashrnd, sizeof(hashrnd));
1444 }
1445 
1446 static const void *flow_keys_hash_start(const struct flow_keys *flow)
1447 {
1448 	BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % SIPHASH_ALIGNMENT);
1449 	return &flow->FLOW_KEYS_HASH_START_FIELD;
1450 }
1451 
1452 static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
1453 {
1454 	size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
1455 
1456 	BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
1457 
1458 	switch (flow->control.addr_type) {
1459 	case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1460 		diff -= sizeof(flow->addrs.v4addrs);
1461 		break;
1462 	case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1463 		diff -= sizeof(flow->addrs.v6addrs);
1464 		break;
1465 	case FLOW_DISSECTOR_KEY_TIPC:
1466 		diff -= sizeof(flow->addrs.tipckey);
1467 		break;
1468 	}
1469 	return sizeof(*flow) - diff;
1470 }
1471 
1472 __be32 flow_get_u32_src(const struct flow_keys *flow)
1473 {
1474 	switch (flow->control.addr_type) {
1475 	case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1476 		return flow->addrs.v4addrs.src;
1477 	case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1478 		return (__force __be32)ipv6_addr_hash(
1479 			&flow->addrs.v6addrs.src);
1480 	case FLOW_DISSECTOR_KEY_TIPC:
1481 		return flow->addrs.tipckey.key;
1482 	default:
1483 		return 0;
1484 	}
1485 }
1486 EXPORT_SYMBOL(flow_get_u32_src);
1487 
1488 __be32 flow_get_u32_dst(const struct flow_keys *flow)
1489 {
1490 	switch (flow->control.addr_type) {
1491 	case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1492 		return flow->addrs.v4addrs.dst;
1493 	case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1494 		return (__force __be32)ipv6_addr_hash(
1495 			&flow->addrs.v6addrs.dst);
1496 	default:
1497 		return 0;
1498 	}
1499 }
1500 EXPORT_SYMBOL(flow_get_u32_dst);
1501 
1502 /* Sort the source and destination IP (and the ports if the IP are the same),
1503  * to have consistent hash within the two directions
1504  */
1505 static inline void __flow_hash_consistentify(struct flow_keys *keys)
1506 {
1507 	int addr_diff, i;
1508 
1509 	switch (keys->control.addr_type) {
1510 	case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1511 		addr_diff = (__force u32)keys->addrs.v4addrs.dst -
1512 			    (__force u32)keys->addrs.v4addrs.src;
1513 		if ((addr_diff < 0) ||
1514 		    (addr_diff == 0 &&
1515 		     ((__force u16)keys->ports.dst <
1516 		      (__force u16)keys->ports.src))) {
1517 			swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
1518 			swap(keys->ports.src, keys->ports.dst);
1519 		}
1520 		break;
1521 	case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1522 		addr_diff = memcmp(&keys->addrs.v6addrs.dst,
1523 				   &keys->addrs.v6addrs.src,
1524 				   sizeof(keys->addrs.v6addrs.dst));
1525 		if ((addr_diff < 0) ||
1526 		    (addr_diff == 0 &&
1527 		     ((__force u16)keys->ports.dst <
1528 		      (__force u16)keys->ports.src))) {
1529 			for (i = 0; i < 4; i++)
1530 				swap(keys->addrs.v6addrs.src.s6_addr32[i],
1531 				     keys->addrs.v6addrs.dst.s6_addr32[i]);
1532 			swap(keys->ports.src, keys->ports.dst);
1533 		}
1534 		break;
1535 	}
1536 }
1537 
1538 static inline u32 __flow_hash_from_keys(struct flow_keys *keys,
1539 					const siphash_key_t *keyval)
1540 {
1541 	u32 hash;
1542 
1543 	__flow_hash_consistentify(keys);
1544 
1545 	hash = siphash(flow_keys_hash_start(keys),
1546 		       flow_keys_hash_length(keys), keyval);
1547 	if (!hash)
1548 		hash = 1;
1549 
1550 	return hash;
1551 }
1552 
1553 u32 flow_hash_from_keys(struct flow_keys *keys)
1554 {
1555 	__flow_hash_secret_init();
1556 	return __flow_hash_from_keys(keys, &hashrnd);
1557 }
1558 EXPORT_SYMBOL(flow_hash_from_keys);
1559 
1560 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
1561 				  struct flow_keys *keys,
1562 				  const siphash_key_t *keyval)
1563 {
1564 	skb_flow_dissect_flow_keys(skb, keys,
1565 				   FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
1566 
1567 	return __flow_hash_from_keys(keys, keyval);
1568 }
1569 
1570 struct _flow_keys_digest_data {
1571 	__be16	n_proto;
1572 	u8	ip_proto;
1573 	u8	padding;
1574 	__be32	ports;
1575 	__be32	src;
1576 	__be32	dst;
1577 };
1578 
1579 void make_flow_keys_digest(struct flow_keys_digest *digest,
1580 			   const struct flow_keys *flow)
1581 {
1582 	struct _flow_keys_digest_data *data =
1583 	    (struct _flow_keys_digest_data *)digest;
1584 
1585 	BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
1586 
1587 	memset(digest, 0, sizeof(*digest));
1588 
1589 	data->n_proto = flow->basic.n_proto;
1590 	data->ip_proto = flow->basic.ip_proto;
1591 	data->ports = flow->ports.ports;
1592 	data->src = flow->addrs.v4addrs.src;
1593 	data->dst = flow->addrs.v4addrs.dst;
1594 }
1595 EXPORT_SYMBOL(make_flow_keys_digest);
1596 
1597 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
1598 
1599 u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
1600 {
1601 	struct flow_keys keys;
1602 
1603 	__flow_hash_secret_init();
1604 
1605 	memset(&keys, 0, sizeof(keys));
1606 	__skb_flow_dissect(NULL, skb, &flow_keys_dissector_symmetric,
1607 			   &keys, NULL, 0, 0, 0,
1608 			   FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
1609 
1610 	return __flow_hash_from_keys(&keys, &hashrnd);
1611 }
1612 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
1613 
1614 /**
1615  * __skb_get_hash: calculate a flow hash
1616  * @skb: sk_buff to calculate flow hash from
1617  *
1618  * This function calculates a flow hash based on src/dst addresses
1619  * and src/dst port numbers.  Sets hash in skb to non-zero hash value
1620  * on success, zero indicates no valid hash.  Also, sets l4_hash in skb
1621  * if hash is a canonical 4-tuple hash over transport ports.
1622  */
1623 void __skb_get_hash(struct sk_buff *skb)
1624 {
1625 	struct flow_keys keys;
1626 	u32 hash;
1627 
1628 	__flow_hash_secret_init();
1629 
1630 	hash = ___skb_get_hash(skb, &keys, &hashrnd);
1631 
1632 	__skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
1633 }
1634 EXPORT_SYMBOL(__skb_get_hash);
1635 
1636 __u32 skb_get_hash_perturb(const struct sk_buff *skb,
1637 			   const siphash_key_t *perturb)
1638 {
1639 	struct flow_keys keys;
1640 
1641 	return ___skb_get_hash(skb, &keys, perturb);
1642 }
1643 EXPORT_SYMBOL(skb_get_hash_perturb);
1644 
1645 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
1646 		   const struct flow_keys_basic *keys, int hlen)
1647 {
1648 	u32 poff = keys->control.thoff;
1649 
1650 	/* skip L4 headers for fragments after the first */
1651 	if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
1652 	    !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
1653 		return poff;
1654 
1655 	switch (keys->basic.ip_proto) {
1656 	case IPPROTO_TCP: {
1657 		/* access doff as u8 to avoid unaligned access */
1658 		const u8 *doff;
1659 		u8 _doff;
1660 
1661 		doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
1662 					    data, hlen, &_doff);
1663 		if (!doff)
1664 			return poff;
1665 
1666 		poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
1667 		break;
1668 	}
1669 	case IPPROTO_UDP:
1670 	case IPPROTO_UDPLITE:
1671 		poff += sizeof(struct udphdr);
1672 		break;
1673 	/* For the rest, we do not really care about header
1674 	 * extensions at this point for now.
1675 	 */
1676 	case IPPROTO_ICMP:
1677 		poff += sizeof(struct icmphdr);
1678 		break;
1679 	case IPPROTO_ICMPV6:
1680 		poff += sizeof(struct icmp6hdr);
1681 		break;
1682 	case IPPROTO_IGMP:
1683 		poff += sizeof(struct igmphdr);
1684 		break;
1685 	case IPPROTO_DCCP:
1686 		poff += sizeof(struct dccp_hdr);
1687 		break;
1688 	case IPPROTO_SCTP:
1689 		poff += sizeof(struct sctphdr);
1690 		break;
1691 	}
1692 
1693 	return poff;
1694 }
1695 
1696 /**
1697  * skb_get_poff - get the offset to the payload
1698  * @skb: sk_buff to get the payload offset from
1699  *
1700  * The function will get the offset to the payload as far as it could
1701  * be dissected.  The main user is currently BPF, so that we can dynamically
1702  * truncate packets without needing to push actual payload to the user
1703  * space and can analyze headers only, instead.
1704  */
1705 u32 skb_get_poff(const struct sk_buff *skb)
1706 {
1707 	struct flow_keys_basic keys;
1708 
1709 	if (!skb_flow_dissect_flow_keys_basic(NULL, skb, &keys,
1710 					      NULL, 0, 0, 0, 0))
1711 		return 0;
1712 
1713 	return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
1714 }
1715 
1716 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
1717 {
1718 	memset(keys, 0, sizeof(*keys));
1719 
1720 	memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
1721 	    sizeof(keys->addrs.v6addrs.src));
1722 	memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
1723 	    sizeof(keys->addrs.v6addrs.dst));
1724 	keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1725 	keys->ports.src = fl6->fl6_sport;
1726 	keys->ports.dst = fl6->fl6_dport;
1727 	keys->keyid.keyid = fl6->fl6_gre_key;
1728 	keys->tags.flow_label = (__force u32)flowi6_get_flowlabel(fl6);
1729 	keys->basic.ip_proto = fl6->flowi6_proto;
1730 
1731 	return flow_hash_from_keys(keys);
1732 }
1733 EXPORT_SYMBOL(__get_hash_from_flowi6);
1734 
1735 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
1736 	{
1737 		.key_id = FLOW_DISSECTOR_KEY_CONTROL,
1738 		.offset = offsetof(struct flow_keys, control),
1739 	},
1740 	{
1741 		.key_id = FLOW_DISSECTOR_KEY_BASIC,
1742 		.offset = offsetof(struct flow_keys, basic),
1743 	},
1744 	{
1745 		.key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1746 		.offset = offsetof(struct flow_keys, addrs.v4addrs),
1747 	},
1748 	{
1749 		.key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1750 		.offset = offsetof(struct flow_keys, addrs.v6addrs),
1751 	},
1752 	{
1753 		.key_id = FLOW_DISSECTOR_KEY_TIPC,
1754 		.offset = offsetof(struct flow_keys, addrs.tipckey),
1755 	},
1756 	{
1757 		.key_id = FLOW_DISSECTOR_KEY_PORTS,
1758 		.offset = offsetof(struct flow_keys, ports),
1759 	},
1760 	{
1761 		.key_id = FLOW_DISSECTOR_KEY_VLAN,
1762 		.offset = offsetof(struct flow_keys, vlan),
1763 	},
1764 	{
1765 		.key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
1766 		.offset = offsetof(struct flow_keys, tags),
1767 	},
1768 	{
1769 		.key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
1770 		.offset = offsetof(struct flow_keys, keyid),
1771 	},
1772 };
1773 
1774 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
1775 	{
1776 		.key_id = FLOW_DISSECTOR_KEY_CONTROL,
1777 		.offset = offsetof(struct flow_keys, control),
1778 	},
1779 	{
1780 		.key_id = FLOW_DISSECTOR_KEY_BASIC,
1781 		.offset = offsetof(struct flow_keys, basic),
1782 	},
1783 	{
1784 		.key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1785 		.offset = offsetof(struct flow_keys, addrs.v4addrs),
1786 	},
1787 	{
1788 		.key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1789 		.offset = offsetof(struct flow_keys, addrs.v6addrs),
1790 	},
1791 	{
1792 		.key_id = FLOW_DISSECTOR_KEY_PORTS,
1793 		.offset = offsetof(struct flow_keys, ports),
1794 	},
1795 };
1796 
1797 static const struct flow_dissector_key flow_keys_basic_dissector_keys[] = {
1798 	{
1799 		.key_id = FLOW_DISSECTOR_KEY_CONTROL,
1800 		.offset = offsetof(struct flow_keys, control),
1801 	},
1802 	{
1803 		.key_id = FLOW_DISSECTOR_KEY_BASIC,
1804 		.offset = offsetof(struct flow_keys, basic),
1805 	},
1806 };
1807 
1808 struct flow_dissector flow_keys_dissector __read_mostly;
1809 EXPORT_SYMBOL(flow_keys_dissector);
1810 
1811 struct flow_dissector flow_keys_basic_dissector __read_mostly;
1812 EXPORT_SYMBOL(flow_keys_basic_dissector);
1813 
1814 static int __init init_default_flow_dissectors(void)
1815 {
1816 	skb_flow_dissector_init(&flow_keys_dissector,
1817 				flow_keys_dissector_keys,
1818 				ARRAY_SIZE(flow_keys_dissector_keys));
1819 	skb_flow_dissector_init(&flow_keys_dissector_symmetric,
1820 				flow_keys_dissector_symmetric_keys,
1821 				ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
1822 	skb_flow_dissector_init(&flow_keys_basic_dissector,
1823 				flow_keys_basic_dissector_keys,
1824 				ARRAY_SIZE(flow_keys_basic_dissector_keys));
1825 	return 0;
1826 }
1827 core_initcall(init_default_flow_dissectors);
1828