1 #include <linux/kernel.h> 2 #include <linux/skbuff.h> 3 #include <linux/export.h> 4 #include <linux/ip.h> 5 #include <linux/ipv6.h> 6 #include <linux/if_vlan.h> 7 #include <net/dsa.h> 8 #include <net/dst_metadata.h> 9 #include <net/ip.h> 10 #include <net/ipv6.h> 11 #include <net/gre.h> 12 #include <net/pptp.h> 13 #include <net/tipc.h> 14 #include <linux/igmp.h> 15 #include <linux/icmp.h> 16 #include <linux/sctp.h> 17 #include <linux/dccp.h> 18 #include <linux/if_tunnel.h> 19 #include <linux/if_pppox.h> 20 #include <linux/ppp_defs.h> 21 #include <linux/stddef.h> 22 #include <linux/if_ether.h> 23 #include <linux/mpls.h> 24 #include <linux/tcp.h> 25 #include <net/flow_dissector.h> 26 #include <scsi/fc/fc_fcoe.h> 27 #include <uapi/linux/batadv_packet.h> 28 29 static void dissector_set_key(struct flow_dissector *flow_dissector, 30 enum flow_dissector_key_id key_id) 31 { 32 flow_dissector->used_keys |= (1 << key_id); 33 } 34 35 void skb_flow_dissector_init(struct flow_dissector *flow_dissector, 36 const struct flow_dissector_key *key, 37 unsigned int key_count) 38 { 39 unsigned int i; 40 41 memset(flow_dissector, 0, sizeof(*flow_dissector)); 42 43 for (i = 0; i < key_count; i++, key++) { 44 /* User should make sure that every key target offset is withing 45 * boundaries of unsigned short. 46 */ 47 BUG_ON(key->offset > USHRT_MAX); 48 BUG_ON(dissector_uses_key(flow_dissector, 49 key->key_id)); 50 51 dissector_set_key(flow_dissector, key->key_id); 52 flow_dissector->offset[key->key_id] = key->offset; 53 } 54 55 /* Ensure that the dissector always includes control and basic key. 56 * That way we are able to avoid handling lack of these in fast path. 57 */ 58 BUG_ON(!dissector_uses_key(flow_dissector, 59 FLOW_DISSECTOR_KEY_CONTROL)); 60 BUG_ON(!dissector_uses_key(flow_dissector, 61 FLOW_DISSECTOR_KEY_BASIC)); 62 } 63 EXPORT_SYMBOL(skb_flow_dissector_init); 64 65 /** 66 * skb_flow_get_be16 - extract be16 entity 67 * @skb: sk_buff to extract from 68 * @poff: offset to extract at 69 * @data: raw buffer pointer to the packet 70 * @hlen: packet header length 71 * 72 * The function will try to retrieve a be32 entity at 73 * offset poff 74 */ 75 static __be16 skb_flow_get_be16(const struct sk_buff *skb, int poff, 76 void *data, int hlen) 77 { 78 __be16 *u, _u; 79 80 u = __skb_header_pointer(skb, poff, sizeof(_u), data, hlen, &_u); 81 if (u) 82 return *u; 83 84 return 0; 85 } 86 87 /** 88 * __skb_flow_get_ports - extract the upper layer ports and return them 89 * @skb: sk_buff to extract the ports from 90 * @thoff: transport header offset 91 * @ip_proto: protocol for which to get port offset 92 * @data: raw buffer pointer to the packet, if NULL use skb->data 93 * @hlen: packet header length, if @data is NULL use skb_headlen(skb) 94 * 95 * The function will try to retrieve the ports at offset thoff + poff where poff 96 * is the protocol port offset returned from proto_ports_offset 97 */ 98 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto, 99 void *data, int hlen) 100 { 101 int poff = proto_ports_offset(ip_proto); 102 103 if (!data) { 104 data = skb->data; 105 hlen = skb_headlen(skb); 106 } 107 108 if (poff >= 0) { 109 __be32 *ports, _ports; 110 111 ports = __skb_header_pointer(skb, thoff + poff, 112 sizeof(_ports), data, hlen, &_ports); 113 if (ports) 114 return *ports; 115 } 116 117 return 0; 118 } 119 EXPORT_SYMBOL(__skb_flow_get_ports); 120 121 static void 122 skb_flow_dissect_set_enc_addr_type(enum flow_dissector_key_id type, 123 struct flow_dissector *flow_dissector, 124 void *target_container) 125 { 126 struct flow_dissector_key_control *ctrl; 127 128 if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_CONTROL)) 129 return; 130 131 ctrl = skb_flow_dissector_target(flow_dissector, 132 FLOW_DISSECTOR_KEY_ENC_CONTROL, 133 target_container); 134 ctrl->addr_type = type; 135 } 136 137 void 138 skb_flow_dissect_tunnel_info(const struct sk_buff *skb, 139 struct flow_dissector *flow_dissector, 140 void *target_container) 141 { 142 struct ip_tunnel_info *info; 143 struct ip_tunnel_key *key; 144 145 /* A quick check to see if there might be something to do. */ 146 if (!dissector_uses_key(flow_dissector, 147 FLOW_DISSECTOR_KEY_ENC_KEYID) && 148 !dissector_uses_key(flow_dissector, 149 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) && 150 !dissector_uses_key(flow_dissector, 151 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) && 152 !dissector_uses_key(flow_dissector, 153 FLOW_DISSECTOR_KEY_ENC_CONTROL) && 154 !dissector_uses_key(flow_dissector, 155 FLOW_DISSECTOR_KEY_ENC_PORTS)) 156 return; 157 158 info = skb_tunnel_info(skb); 159 if (!info) 160 return; 161 162 key = &info->key; 163 164 switch (ip_tunnel_info_af(info)) { 165 case AF_INET: 166 skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV4_ADDRS, 167 flow_dissector, 168 target_container); 169 if (dissector_uses_key(flow_dissector, 170 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS)) { 171 struct flow_dissector_key_ipv4_addrs *ipv4; 172 173 ipv4 = skb_flow_dissector_target(flow_dissector, 174 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, 175 target_container); 176 ipv4->src = key->u.ipv4.src; 177 ipv4->dst = key->u.ipv4.dst; 178 } 179 break; 180 case AF_INET6: 181 skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV6_ADDRS, 182 flow_dissector, 183 target_container); 184 if (dissector_uses_key(flow_dissector, 185 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS)) { 186 struct flow_dissector_key_ipv6_addrs *ipv6; 187 188 ipv6 = skb_flow_dissector_target(flow_dissector, 189 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, 190 target_container); 191 ipv6->src = key->u.ipv6.src; 192 ipv6->dst = key->u.ipv6.dst; 193 } 194 break; 195 } 196 197 if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_KEYID)) { 198 struct flow_dissector_key_keyid *keyid; 199 200 keyid = skb_flow_dissector_target(flow_dissector, 201 FLOW_DISSECTOR_KEY_ENC_KEYID, 202 target_container); 203 keyid->keyid = tunnel_id_to_key32(key->tun_id); 204 } 205 206 if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_PORTS)) { 207 struct flow_dissector_key_ports *tp; 208 209 tp = skb_flow_dissector_target(flow_dissector, 210 FLOW_DISSECTOR_KEY_ENC_PORTS, 211 target_container); 212 tp->src = key->tp_src; 213 tp->dst = key->tp_dst; 214 } 215 } 216 EXPORT_SYMBOL(skb_flow_dissect_tunnel_info); 217 218 static enum flow_dissect_ret 219 __skb_flow_dissect_mpls(const struct sk_buff *skb, 220 struct flow_dissector *flow_dissector, 221 void *target_container, void *data, int nhoff, int hlen) 222 { 223 struct flow_dissector_key_keyid *key_keyid; 224 struct mpls_label *hdr, _hdr[2]; 225 u32 entry, label; 226 227 if (!dissector_uses_key(flow_dissector, 228 FLOW_DISSECTOR_KEY_MPLS_ENTROPY) && 229 !dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_MPLS)) 230 return FLOW_DISSECT_RET_OUT_GOOD; 231 232 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, 233 hlen, &_hdr); 234 if (!hdr) 235 return FLOW_DISSECT_RET_OUT_BAD; 236 237 entry = ntohl(hdr[0].entry); 238 label = (entry & MPLS_LS_LABEL_MASK) >> MPLS_LS_LABEL_SHIFT; 239 240 if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_MPLS)) { 241 struct flow_dissector_key_mpls *key_mpls; 242 243 key_mpls = skb_flow_dissector_target(flow_dissector, 244 FLOW_DISSECTOR_KEY_MPLS, 245 target_container); 246 key_mpls->mpls_label = label; 247 key_mpls->mpls_ttl = (entry & MPLS_LS_TTL_MASK) 248 >> MPLS_LS_TTL_SHIFT; 249 key_mpls->mpls_tc = (entry & MPLS_LS_TC_MASK) 250 >> MPLS_LS_TC_SHIFT; 251 key_mpls->mpls_bos = (entry & MPLS_LS_S_MASK) 252 >> MPLS_LS_S_SHIFT; 253 } 254 255 if (label == MPLS_LABEL_ENTROPY) { 256 key_keyid = skb_flow_dissector_target(flow_dissector, 257 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, 258 target_container); 259 key_keyid->keyid = hdr[1].entry & htonl(MPLS_LS_LABEL_MASK); 260 } 261 return FLOW_DISSECT_RET_OUT_GOOD; 262 } 263 264 static enum flow_dissect_ret 265 __skb_flow_dissect_arp(const struct sk_buff *skb, 266 struct flow_dissector *flow_dissector, 267 void *target_container, void *data, int nhoff, int hlen) 268 { 269 struct flow_dissector_key_arp *key_arp; 270 struct { 271 unsigned char ar_sha[ETH_ALEN]; 272 unsigned char ar_sip[4]; 273 unsigned char ar_tha[ETH_ALEN]; 274 unsigned char ar_tip[4]; 275 } *arp_eth, _arp_eth; 276 const struct arphdr *arp; 277 struct arphdr _arp; 278 279 if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ARP)) 280 return FLOW_DISSECT_RET_OUT_GOOD; 281 282 arp = __skb_header_pointer(skb, nhoff, sizeof(_arp), data, 283 hlen, &_arp); 284 if (!arp) 285 return FLOW_DISSECT_RET_OUT_BAD; 286 287 if (arp->ar_hrd != htons(ARPHRD_ETHER) || 288 arp->ar_pro != htons(ETH_P_IP) || 289 arp->ar_hln != ETH_ALEN || 290 arp->ar_pln != 4 || 291 (arp->ar_op != htons(ARPOP_REPLY) && 292 arp->ar_op != htons(ARPOP_REQUEST))) 293 return FLOW_DISSECT_RET_OUT_BAD; 294 295 arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp), 296 sizeof(_arp_eth), data, 297 hlen, &_arp_eth); 298 if (!arp_eth) 299 return FLOW_DISSECT_RET_OUT_BAD; 300 301 key_arp = skb_flow_dissector_target(flow_dissector, 302 FLOW_DISSECTOR_KEY_ARP, 303 target_container); 304 305 memcpy(&key_arp->sip, arp_eth->ar_sip, sizeof(key_arp->sip)); 306 memcpy(&key_arp->tip, arp_eth->ar_tip, sizeof(key_arp->tip)); 307 308 /* Only store the lower byte of the opcode; 309 * this covers ARPOP_REPLY and ARPOP_REQUEST. 310 */ 311 key_arp->op = ntohs(arp->ar_op) & 0xff; 312 313 ether_addr_copy(key_arp->sha, arp_eth->ar_sha); 314 ether_addr_copy(key_arp->tha, arp_eth->ar_tha); 315 316 return FLOW_DISSECT_RET_OUT_GOOD; 317 } 318 319 static enum flow_dissect_ret 320 __skb_flow_dissect_gre(const struct sk_buff *skb, 321 struct flow_dissector_key_control *key_control, 322 struct flow_dissector *flow_dissector, 323 void *target_container, void *data, 324 __be16 *p_proto, int *p_nhoff, int *p_hlen, 325 unsigned int flags) 326 { 327 struct flow_dissector_key_keyid *key_keyid; 328 struct gre_base_hdr *hdr, _hdr; 329 int offset = 0; 330 u16 gre_ver; 331 332 hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), 333 data, *p_hlen, &_hdr); 334 if (!hdr) 335 return FLOW_DISSECT_RET_OUT_BAD; 336 337 /* Only look inside GRE without routing */ 338 if (hdr->flags & GRE_ROUTING) 339 return FLOW_DISSECT_RET_OUT_GOOD; 340 341 /* Only look inside GRE for version 0 and 1 */ 342 gre_ver = ntohs(hdr->flags & GRE_VERSION); 343 if (gre_ver > 1) 344 return FLOW_DISSECT_RET_OUT_GOOD; 345 346 *p_proto = hdr->protocol; 347 if (gre_ver) { 348 /* Version1 must be PPTP, and check the flags */ 349 if (!(*p_proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY))) 350 return FLOW_DISSECT_RET_OUT_GOOD; 351 } 352 353 offset += sizeof(struct gre_base_hdr); 354 355 if (hdr->flags & GRE_CSUM) 356 offset += sizeof(((struct gre_full_hdr *) 0)->csum) + 357 sizeof(((struct gre_full_hdr *) 0)->reserved1); 358 359 if (hdr->flags & GRE_KEY) { 360 const __be32 *keyid; 361 __be32 _keyid; 362 363 keyid = __skb_header_pointer(skb, *p_nhoff + offset, 364 sizeof(_keyid), 365 data, *p_hlen, &_keyid); 366 if (!keyid) 367 return FLOW_DISSECT_RET_OUT_BAD; 368 369 if (dissector_uses_key(flow_dissector, 370 FLOW_DISSECTOR_KEY_GRE_KEYID)) { 371 key_keyid = skb_flow_dissector_target(flow_dissector, 372 FLOW_DISSECTOR_KEY_GRE_KEYID, 373 target_container); 374 if (gre_ver == 0) 375 key_keyid->keyid = *keyid; 376 else 377 key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK; 378 } 379 offset += sizeof(((struct gre_full_hdr *) 0)->key); 380 } 381 382 if (hdr->flags & GRE_SEQ) 383 offset += sizeof(((struct pptp_gre_header *) 0)->seq); 384 385 if (gre_ver == 0) { 386 if (*p_proto == htons(ETH_P_TEB)) { 387 const struct ethhdr *eth; 388 struct ethhdr _eth; 389 390 eth = __skb_header_pointer(skb, *p_nhoff + offset, 391 sizeof(_eth), 392 data, *p_hlen, &_eth); 393 if (!eth) 394 return FLOW_DISSECT_RET_OUT_BAD; 395 *p_proto = eth->h_proto; 396 offset += sizeof(*eth); 397 398 /* Cap headers that we access via pointers at the 399 * end of the Ethernet header as our maximum alignment 400 * at that point is only 2 bytes. 401 */ 402 if (NET_IP_ALIGN) 403 *p_hlen = *p_nhoff + offset; 404 } 405 } else { /* version 1, must be PPTP */ 406 u8 _ppp_hdr[PPP_HDRLEN]; 407 u8 *ppp_hdr; 408 409 if (hdr->flags & GRE_ACK) 410 offset += sizeof(((struct pptp_gre_header *) 0)->ack); 411 412 ppp_hdr = __skb_header_pointer(skb, *p_nhoff + offset, 413 sizeof(_ppp_hdr), 414 data, *p_hlen, _ppp_hdr); 415 if (!ppp_hdr) 416 return FLOW_DISSECT_RET_OUT_BAD; 417 418 switch (PPP_PROTOCOL(ppp_hdr)) { 419 case PPP_IP: 420 *p_proto = htons(ETH_P_IP); 421 break; 422 case PPP_IPV6: 423 *p_proto = htons(ETH_P_IPV6); 424 break; 425 default: 426 /* Could probably catch some more like MPLS */ 427 break; 428 } 429 430 offset += PPP_HDRLEN; 431 } 432 433 *p_nhoff += offset; 434 key_control->flags |= FLOW_DIS_ENCAPSULATION; 435 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) 436 return FLOW_DISSECT_RET_OUT_GOOD; 437 438 return FLOW_DISSECT_RET_PROTO_AGAIN; 439 } 440 441 /** 442 * __skb_flow_dissect_batadv() - dissect batman-adv header 443 * @skb: sk_buff to with the batman-adv header 444 * @key_control: flow dissectors control key 445 * @data: raw buffer pointer to the packet, if NULL use skb->data 446 * @p_proto: pointer used to update the protocol to process next 447 * @p_nhoff: pointer used to update inner network header offset 448 * @hlen: packet header length 449 * @flags: any combination of FLOW_DISSECTOR_F_* 450 * 451 * ETH_P_BATMAN packets are tried to be dissected. Only 452 * &struct batadv_unicast packets are actually processed because they contain an 453 * inner ethernet header and are usually followed by actual network header. This 454 * allows the flow dissector to continue processing the packet. 455 * 456 * Return: FLOW_DISSECT_RET_PROTO_AGAIN when &struct batadv_unicast was found, 457 * FLOW_DISSECT_RET_OUT_GOOD when dissector should stop after encapsulation, 458 * otherwise FLOW_DISSECT_RET_OUT_BAD 459 */ 460 static enum flow_dissect_ret 461 __skb_flow_dissect_batadv(const struct sk_buff *skb, 462 struct flow_dissector_key_control *key_control, 463 void *data, __be16 *p_proto, int *p_nhoff, int hlen, 464 unsigned int flags) 465 { 466 struct { 467 struct batadv_unicast_packet batadv_unicast; 468 struct ethhdr eth; 469 } *hdr, _hdr; 470 471 hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen, 472 &_hdr); 473 if (!hdr) 474 return FLOW_DISSECT_RET_OUT_BAD; 475 476 if (hdr->batadv_unicast.version != BATADV_COMPAT_VERSION) 477 return FLOW_DISSECT_RET_OUT_BAD; 478 479 if (hdr->batadv_unicast.packet_type != BATADV_UNICAST) 480 return FLOW_DISSECT_RET_OUT_BAD; 481 482 *p_proto = hdr->eth.h_proto; 483 *p_nhoff += sizeof(*hdr); 484 485 key_control->flags |= FLOW_DIS_ENCAPSULATION; 486 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) 487 return FLOW_DISSECT_RET_OUT_GOOD; 488 489 return FLOW_DISSECT_RET_PROTO_AGAIN; 490 } 491 492 static void 493 __skb_flow_dissect_tcp(const struct sk_buff *skb, 494 struct flow_dissector *flow_dissector, 495 void *target_container, void *data, int thoff, int hlen) 496 { 497 struct flow_dissector_key_tcp *key_tcp; 498 struct tcphdr *th, _th; 499 500 if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_TCP)) 501 return; 502 503 th = __skb_header_pointer(skb, thoff, sizeof(_th), data, hlen, &_th); 504 if (!th) 505 return; 506 507 if (unlikely(__tcp_hdrlen(th) < sizeof(_th))) 508 return; 509 510 key_tcp = skb_flow_dissector_target(flow_dissector, 511 FLOW_DISSECTOR_KEY_TCP, 512 target_container); 513 key_tcp->flags = (*(__be16 *) &tcp_flag_word(th) & htons(0x0FFF)); 514 } 515 516 static void 517 __skb_flow_dissect_ipv4(const struct sk_buff *skb, 518 struct flow_dissector *flow_dissector, 519 void *target_container, void *data, const struct iphdr *iph) 520 { 521 struct flow_dissector_key_ip *key_ip; 522 523 if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) 524 return; 525 526 key_ip = skb_flow_dissector_target(flow_dissector, 527 FLOW_DISSECTOR_KEY_IP, 528 target_container); 529 key_ip->tos = iph->tos; 530 key_ip->ttl = iph->ttl; 531 } 532 533 static void 534 __skb_flow_dissect_ipv6(const struct sk_buff *skb, 535 struct flow_dissector *flow_dissector, 536 void *target_container, void *data, const struct ipv6hdr *iph) 537 { 538 struct flow_dissector_key_ip *key_ip; 539 540 if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP)) 541 return; 542 543 key_ip = skb_flow_dissector_target(flow_dissector, 544 FLOW_DISSECTOR_KEY_IP, 545 target_container); 546 key_ip->tos = ipv6_get_dsfield(iph); 547 key_ip->ttl = iph->hop_limit; 548 } 549 550 /* Maximum number of protocol headers that can be parsed in 551 * __skb_flow_dissect 552 */ 553 #define MAX_FLOW_DISSECT_HDRS 15 554 555 static bool skb_flow_dissect_allowed(int *num_hdrs) 556 { 557 ++*num_hdrs; 558 559 return (*num_hdrs <= MAX_FLOW_DISSECT_HDRS); 560 } 561 562 /** 563 * __skb_flow_dissect - extract the flow_keys struct and return it 564 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified 565 * @flow_dissector: list of keys to dissect 566 * @target_container: target structure to put dissected values into 567 * @data: raw buffer pointer to the packet, if NULL use skb->data 568 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol 569 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb) 570 * @hlen: packet header length, if @data is NULL use skb_headlen(skb) 571 * 572 * The function will try to retrieve individual keys into target specified 573 * by flow_dissector from either the skbuff or a raw buffer specified by the 574 * rest parameters. 575 * 576 * Caller must take care of zeroing target container memory. 577 */ 578 bool __skb_flow_dissect(const struct sk_buff *skb, 579 struct flow_dissector *flow_dissector, 580 void *target_container, 581 void *data, __be16 proto, int nhoff, int hlen, 582 unsigned int flags) 583 { 584 struct flow_dissector_key_control *key_control; 585 struct flow_dissector_key_basic *key_basic; 586 struct flow_dissector_key_addrs *key_addrs; 587 struct flow_dissector_key_ports *key_ports; 588 struct flow_dissector_key_icmp *key_icmp; 589 struct flow_dissector_key_tags *key_tags; 590 struct flow_dissector_key_vlan *key_vlan; 591 enum flow_dissect_ret fdret; 592 enum flow_dissector_key_id dissector_vlan = FLOW_DISSECTOR_KEY_MAX; 593 int num_hdrs = 0; 594 u8 ip_proto = 0; 595 bool ret; 596 597 if (!data) { 598 data = skb->data; 599 proto = skb_vlan_tag_present(skb) ? 600 skb->vlan_proto : skb->protocol; 601 nhoff = skb_network_offset(skb); 602 hlen = skb_headlen(skb); 603 #if IS_ENABLED(CONFIG_NET_DSA) 604 if (unlikely(skb->dev && netdev_uses_dsa(skb->dev))) { 605 const struct dsa_device_ops *ops; 606 int offset; 607 608 ops = skb->dev->dsa_ptr->tag_ops; 609 if (ops->flow_dissect && 610 !ops->flow_dissect(skb, &proto, &offset)) { 611 hlen -= offset; 612 nhoff += offset; 613 } 614 } 615 #endif 616 } 617 618 /* It is ensured by skb_flow_dissector_init() that control key will 619 * be always present. 620 */ 621 key_control = skb_flow_dissector_target(flow_dissector, 622 FLOW_DISSECTOR_KEY_CONTROL, 623 target_container); 624 625 /* It is ensured by skb_flow_dissector_init() that basic key will 626 * be always present. 627 */ 628 key_basic = skb_flow_dissector_target(flow_dissector, 629 FLOW_DISSECTOR_KEY_BASIC, 630 target_container); 631 632 if (dissector_uses_key(flow_dissector, 633 FLOW_DISSECTOR_KEY_ETH_ADDRS)) { 634 struct ethhdr *eth = eth_hdr(skb); 635 struct flow_dissector_key_eth_addrs *key_eth_addrs; 636 637 key_eth_addrs = skb_flow_dissector_target(flow_dissector, 638 FLOW_DISSECTOR_KEY_ETH_ADDRS, 639 target_container); 640 memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs)); 641 } 642 643 proto_again: 644 fdret = FLOW_DISSECT_RET_CONTINUE; 645 646 switch (proto) { 647 case htons(ETH_P_IP): { 648 const struct iphdr *iph; 649 struct iphdr _iph; 650 651 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph); 652 if (!iph || iph->ihl < 5) { 653 fdret = FLOW_DISSECT_RET_OUT_BAD; 654 break; 655 } 656 657 nhoff += iph->ihl * 4; 658 659 ip_proto = iph->protocol; 660 661 if (dissector_uses_key(flow_dissector, 662 FLOW_DISSECTOR_KEY_IPV4_ADDRS)) { 663 key_addrs = skb_flow_dissector_target(flow_dissector, 664 FLOW_DISSECTOR_KEY_IPV4_ADDRS, 665 target_container); 666 667 memcpy(&key_addrs->v4addrs, &iph->saddr, 668 sizeof(key_addrs->v4addrs)); 669 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 670 } 671 672 if (ip_is_fragment(iph)) { 673 key_control->flags |= FLOW_DIS_IS_FRAGMENT; 674 675 if (iph->frag_off & htons(IP_OFFSET)) { 676 fdret = FLOW_DISSECT_RET_OUT_GOOD; 677 break; 678 } else { 679 key_control->flags |= FLOW_DIS_FIRST_FRAG; 680 if (!(flags & 681 FLOW_DISSECTOR_F_PARSE_1ST_FRAG)) { 682 fdret = FLOW_DISSECT_RET_OUT_GOOD; 683 break; 684 } 685 } 686 } 687 688 __skb_flow_dissect_ipv4(skb, flow_dissector, 689 target_container, data, iph); 690 691 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) { 692 fdret = FLOW_DISSECT_RET_OUT_GOOD; 693 break; 694 } 695 696 break; 697 } 698 case htons(ETH_P_IPV6): { 699 const struct ipv6hdr *iph; 700 struct ipv6hdr _iph; 701 702 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph); 703 if (!iph) { 704 fdret = FLOW_DISSECT_RET_OUT_BAD; 705 break; 706 } 707 708 ip_proto = iph->nexthdr; 709 nhoff += sizeof(struct ipv6hdr); 710 711 if (dissector_uses_key(flow_dissector, 712 FLOW_DISSECTOR_KEY_IPV6_ADDRS)) { 713 key_addrs = skb_flow_dissector_target(flow_dissector, 714 FLOW_DISSECTOR_KEY_IPV6_ADDRS, 715 target_container); 716 717 memcpy(&key_addrs->v6addrs, &iph->saddr, 718 sizeof(key_addrs->v6addrs)); 719 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 720 } 721 722 if ((dissector_uses_key(flow_dissector, 723 FLOW_DISSECTOR_KEY_FLOW_LABEL) || 724 (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) && 725 ip6_flowlabel(iph)) { 726 __be32 flow_label = ip6_flowlabel(iph); 727 728 if (dissector_uses_key(flow_dissector, 729 FLOW_DISSECTOR_KEY_FLOW_LABEL)) { 730 key_tags = skb_flow_dissector_target(flow_dissector, 731 FLOW_DISSECTOR_KEY_FLOW_LABEL, 732 target_container); 733 key_tags->flow_label = ntohl(flow_label); 734 } 735 if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL) { 736 fdret = FLOW_DISSECT_RET_OUT_GOOD; 737 break; 738 } 739 } 740 741 __skb_flow_dissect_ipv6(skb, flow_dissector, 742 target_container, data, iph); 743 744 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) 745 fdret = FLOW_DISSECT_RET_OUT_GOOD; 746 747 break; 748 } 749 case htons(ETH_P_8021AD): 750 case htons(ETH_P_8021Q): { 751 const struct vlan_hdr *vlan = NULL; 752 struct vlan_hdr _vlan; 753 __be16 saved_vlan_tpid = proto; 754 755 if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX && 756 skb && skb_vlan_tag_present(skb)) { 757 proto = skb->protocol; 758 } else { 759 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan), 760 data, hlen, &_vlan); 761 if (!vlan) { 762 fdret = FLOW_DISSECT_RET_OUT_BAD; 763 break; 764 } 765 766 proto = vlan->h_vlan_encapsulated_proto; 767 nhoff += sizeof(*vlan); 768 } 769 770 if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX) { 771 dissector_vlan = FLOW_DISSECTOR_KEY_VLAN; 772 } else if (dissector_vlan == FLOW_DISSECTOR_KEY_VLAN) { 773 dissector_vlan = FLOW_DISSECTOR_KEY_CVLAN; 774 } else { 775 fdret = FLOW_DISSECT_RET_PROTO_AGAIN; 776 break; 777 } 778 779 if (dissector_uses_key(flow_dissector, dissector_vlan)) { 780 key_vlan = skb_flow_dissector_target(flow_dissector, 781 dissector_vlan, 782 target_container); 783 784 if (!vlan) { 785 key_vlan->vlan_id = skb_vlan_tag_get_id(skb); 786 key_vlan->vlan_priority = 787 (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT); 788 } else { 789 key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) & 790 VLAN_VID_MASK; 791 key_vlan->vlan_priority = 792 (ntohs(vlan->h_vlan_TCI) & 793 VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT; 794 } 795 key_vlan->vlan_tpid = saved_vlan_tpid; 796 } 797 798 fdret = FLOW_DISSECT_RET_PROTO_AGAIN; 799 break; 800 } 801 case htons(ETH_P_PPP_SES): { 802 struct { 803 struct pppoe_hdr hdr; 804 __be16 proto; 805 } *hdr, _hdr; 806 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); 807 if (!hdr) { 808 fdret = FLOW_DISSECT_RET_OUT_BAD; 809 break; 810 } 811 812 proto = hdr->proto; 813 nhoff += PPPOE_SES_HLEN; 814 switch (proto) { 815 case htons(PPP_IP): 816 proto = htons(ETH_P_IP); 817 fdret = FLOW_DISSECT_RET_PROTO_AGAIN; 818 break; 819 case htons(PPP_IPV6): 820 proto = htons(ETH_P_IPV6); 821 fdret = FLOW_DISSECT_RET_PROTO_AGAIN; 822 break; 823 default: 824 fdret = FLOW_DISSECT_RET_OUT_BAD; 825 break; 826 } 827 break; 828 } 829 case htons(ETH_P_TIPC): { 830 struct tipc_basic_hdr *hdr, _hdr; 831 832 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), 833 data, hlen, &_hdr); 834 if (!hdr) { 835 fdret = FLOW_DISSECT_RET_OUT_BAD; 836 break; 837 } 838 839 if (dissector_uses_key(flow_dissector, 840 FLOW_DISSECTOR_KEY_TIPC)) { 841 key_addrs = skb_flow_dissector_target(flow_dissector, 842 FLOW_DISSECTOR_KEY_TIPC, 843 target_container); 844 key_addrs->tipckey.key = tipc_hdr_rps_key(hdr); 845 key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC; 846 } 847 fdret = FLOW_DISSECT_RET_OUT_GOOD; 848 break; 849 } 850 851 case htons(ETH_P_MPLS_UC): 852 case htons(ETH_P_MPLS_MC): 853 fdret = __skb_flow_dissect_mpls(skb, flow_dissector, 854 target_container, data, 855 nhoff, hlen); 856 break; 857 case htons(ETH_P_FCOE): 858 if ((hlen - nhoff) < FCOE_HEADER_LEN) { 859 fdret = FLOW_DISSECT_RET_OUT_BAD; 860 break; 861 } 862 863 nhoff += FCOE_HEADER_LEN; 864 fdret = FLOW_DISSECT_RET_OUT_GOOD; 865 break; 866 867 case htons(ETH_P_ARP): 868 case htons(ETH_P_RARP): 869 fdret = __skb_flow_dissect_arp(skb, flow_dissector, 870 target_container, data, 871 nhoff, hlen); 872 break; 873 874 case htons(ETH_P_BATMAN): 875 fdret = __skb_flow_dissect_batadv(skb, key_control, data, 876 &proto, &nhoff, hlen, flags); 877 break; 878 879 default: 880 fdret = FLOW_DISSECT_RET_OUT_BAD; 881 break; 882 } 883 884 /* Process result of proto processing */ 885 switch (fdret) { 886 case FLOW_DISSECT_RET_OUT_GOOD: 887 goto out_good; 888 case FLOW_DISSECT_RET_PROTO_AGAIN: 889 if (skb_flow_dissect_allowed(&num_hdrs)) 890 goto proto_again; 891 goto out_good; 892 case FLOW_DISSECT_RET_CONTINUE: 893 case FLOW_DISSECT_RET_IPPROTO_AGAIN: 894 break; 895 case FLOW_DISSECT_RET_OUT_BAD: 896 default: 897 goto out_bad; 898 } 899 900 ip_proto_again: 901 fdret = FLOW_DISSECT_RET_CONTINUE; 902 903 switch (ip_proto) { 904 case IPPROTO_GRE: 905 fdret = __skb_flow_dissect_gre(skb, key_control, flow_dissector, 906 target_container, data, 907 &proto, &nhoff, &hlen, flags); 908 break; 909 910 case NEXTHDR_HOP: 911 case NEXTHDR_ROUTING: 912 case NEXTHDR_DEST: { 913 u8 _opthdr[2], *opthdr; 914 915 if (proto != htons(ETH_P_IPV6)) 916 break; 917 918 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr), 919 data, hlen, &_opthdr); 920 if (!opthdr) { 921 fdret = FLOW_DISSECT_RET_OUT_BAD; 922 break; 923 } 924 925 ip_proto = opthdr[0]; 926 nhoff += (opthdr[1] + 1) << 3; 927 928 fdret = FLOW_DISSECT_RET_IPPROTO_AGAIN; 929 break; 930 } 931 case NEXTHDR_FRAGMENT: { 932 struct frag_hdr _fh, *fh; 933 934 if (proto != htons(ETH_P_IPV6)) 935 break; 936 937 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh), 938 data, hlen, &_fh); 939 940 if (!fh) { 941 fdret = FLOW_DISSECT_RET_OUT_BAD; 942 break; 943 } 944 945 key_control->flags |= FLOW_DIS_IS_FRAGMENT; 946 947 nhoff += sizeof(_fh); 948 ip_proto = fh->nexthdr; 949 950 if (!(fh->frag_off & htons(IP6_OFFSET))) { 951 key_control->flags |= FLOW_DIS_FIRST_FRAG; 952 if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG) { 953 fdret = FLOW_DISSECT_RET_IPPROTO_AGAIN; 954 break; 955 } 956 } 957 958 fdret = FLOW_DISSECT_RET_OUT_GOOD; 959 break; 960 } 961 case IPPROTO_IPIP: 962 proto = htons(ETH_P_IP); 963 964 key_control->flags |= FLOW_DIS_ENCAPSULATION; 965 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) { 966 fdret = FLOW_DISSECT_RET_OUT_GOOD; 967 break; 968 } 969 970 fdret = FLOW_DISSECT_RET_PROTO_AGAIN; 971 break; 972 973 case IPPROTO_IPV6: 974 proto = htons(ETH_P_IPV6); 975 976 key_control->flags |= FLOW_DIS_ENCAPSULATION; 977 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) { 978 fdret = FLOW_DISSECT_RET_OUT_GOOD; 979 break; 980 } 981 982 fdret = FLOW_DISSECT_RET_PROTO_AGAIN; 983 break; 984 985 986 case IPPROTO_MPLS: 987 proto = htons(ETH_P_MPLS_UC); 988 fdret = FLOW_DISSECT_RET_PROTO_AGAIN; 989 break; 990 991 case IPPROTO_TCP: 992 __skb_flow_dissect_tcp(skb, flow_dissector, target_container, 993 data, nhoff, hlen); 994 break; 995 996 default: 997 break; 998 } 999 1000 if (dissector_uses_key(flow_dissector, 1001 FLOW_DISSECTOR_KEY_PORTS)) { 1002 key_ports = skb_flow_dissector_target(flow_dissector, 1003 FLOW_DISSECTOR_KEY_PORTS, 1004 target_container); 1005 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto, 1006 data, hlen); 1007 } 1008 1009 if (dissector_uses_key(flow_dissector, 1010 FLOW_DISSECTOR_KEY_ICMP)) { 1011 key_icmp = skb_flow_dissector_target(flow_dissector, 1012 FLOW_DISSECTOR_KEY_ICMP, 1013 target_container); 1014 key_icmp->icmp = skb_flow_get_be16(skb, nhoff, data, hlen); 1015 } 1016 1017 /* Process result of IP proto processing */ 1018 switch (fdret) { 1019 case FLOW_DISSECT_RET_PROTO_AGAIN: 1020 if (skb_flow_dissect_allowed(&num_hdrs)) 1021 goto proto_again; 1022 break; 1023 case FLOW_DISSECT_RET_IPPROTO_AGAIN: 1024 if (skb_flow_dissect_allowed(&num_hdrs)) 1025 goto ip_proto_again; 1026 break; 1027 case FLOW_DISSECT_RET_OUT_GOOD: 1028 case FLOW_DISSECT_RET_CONTINUE: 1029 break; 1030 case FLOW_DISSECT_RET_OUT_BAD: 1031 default: 1032 goto out_bad; 1033 } 1034 1035 out_good: 1036 ret = true; 1037 1038 out: 1039 key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen); 1040 key_basic->n_proto = proto; 1041 key_basic->ip_proto = ip_proto; 1042 1043 return ret; 1044 1045 out_bad: 1046 ret = false; 1047 goto out; 1048 } 1049 EXPORT_SYMBOL(__skb_flow_dissect); 1050 1051 static u32 hashrnd __read_mostly; 1052 static __always_inline void __flow_hash_secret_init(void) 1053 { 1054 net_get_random_once(&hashrnd, sizeof(hashrnd)); 1055 } 1056 1057 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length, 1058 u32 keyval) 1059 { 1060 return jhash2(words, length, keyval); 1061 } 1062 1063 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow) 1064 { 1065 const void *p = flow; 1066 1067 BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32)); 1068 return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET); 1069 } 1070 1071 static inline size_t flow_keys_hash_length(const struct flow_keys *flow) 1072 { 1073 size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs); 1074 BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32)); 1075 BUILD_BUG_ON(offsetof(typeof(*flow), addrs) != 1076 sizeof(*flow) - sizeof(flow->addrs)); 1077 1078 switch (flow->control.addr_type) { 1079 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 1080 diff -= sizeof(flow->addrs.v4addrs); 1081 break; 1082 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 1083 diff -= sizeof(flow->addrs.v6addrs); 1084 break; 1085 case FLOW_DISSECTOR_KEY_TIPC: 1086 diff -= sizeof(flow->addrs.tipckey); 1087 break; 1088 } 1089 return (sizeof(*flow) - diff) / sizeof(u32); 1090 } 1091 1092 __be32 flow_get_u32_src(const struct flow_keys *flow) 1093 { 1094 switch (flow->control.addr_type) { 1095 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 1096 return flow->addrs.v4addrs.src; 1097 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 1098 return (__force __be32)ipv6_addr_hash( 1099 &flow->addrs.v6addrs.src); 1100 case FLOW_DISSECTOR_KEY_TIPC: 1101 return flow->addrs.tipckey.key; 1102 default: 1103 return 0; 1104 } 1105 } 1106 EXPORT_SYMBOL(flow_get_u32_src); 1107 1108 __be32 flow_get_u32_dst(const struct flow_keys *flow) 1109 { 1110 switch (flow->control.addr_type) { 1111 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 1112 return flow->addrs.v4addrs.dst; 1113 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 1114 return (__force __be32)ipv6_addr_hash( 1115 &flow->addrs.v6addrs.dst); 1116 default: 1117 return 0; 1118 } 1119 } 1120 EXPORT_SYMBOL(flow_get_u32_dst); 1121 1122 static inline void __flow_hash_consistentify(struct flow_keys *keys) 1123 { 1124 int addr_diff, i; 1125 1126 switch (keys->control.addr_type) { 1127 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 1128 addr_diff = (__force u32)keys->addrs.v4addrs.dst - 1129 (__force u32)keys->addrs.v4addrs.src; 1130 if ((addr_diff < 0) || 1131 (addr_diff == 0 && 1132 ((__force u16)keys->ports.dst < 1133 (__force u16)keys->ports.src))) { 1134 swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst); 1135 swap(keys->ports.src, keys->ports.dst); 1136 } 1137 break; 1138 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 1139 addr_diff = memcmp(&keys->addrs.v6addrs.dst, 1140 &keys->addrs.v6addrs.src, 1141 sizeof(keys->addrs.v6addrs.dst)); 1142 if ((addr_diff < 0) || 1143 (addr_diff == 0 && 1144 ((__force u16)keys->ports.dst < 1145 (__force u16)keys->ports.src))) { 1146 for (i = 0; i < 4; i++) 1147 swap(keys->addrs.v6addrs.src.s6_addr32[i], 1148 keys->addrs.v6addrs.dst.s6_addr32[i]); 1149 swap(keys->ports.src, keys->ports.dst); 1150 } 1151 break; 1152 } 1153 } 1154 1155 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval) 1156 { 1157 u32 hash; 1158 1159 __flow_hash_consistentify(keys); 1160 1161 hash = __flow_hash_words(flow_keys_hash_start(keys), 1162 flow_keys_hash_length(keys), keyval); 1163 if (!hash) 1164 hash = 1; 1165 1166 return hash; 1167 } 1168 1169 u32 flow_hash_from_keys(struct flow_keys *keys) 1170 { 1171 __flow_hash_secret_init(); 1172 return __flow_hash_from_keys(keys, hashrnd); 1173 } 1174 EXPORT_SYMBOL(flow_hash_from_keys); 1175 1176 static inline u32 ___skb_get_hash(const struct sk_buff *skb, 1177 struct flow_keys *keys, u32 keyval) 1178 { 1179 skb_flow_dissect_flow_keys(skb, keys, 1180 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL); 1181 1182 return __flow_hash_from_keys(keys, keyval); 1183 } 1184 1185 struct _flow_keys_digest_data { 1186 __be16 n_proto; 1187 u8 ip_proto; 1188 u8 padding; 1189 __be32 ports; 1190 __be32 src; 1191 __be32 dst; 1192 }; 1193 1194 void make_flow_keys_digest(struct flow_keys_digest *digest, 1195 const struct flow_keys *flow) 1196 { 1197 struct _flow_keys_digest_data *data = 1198 (struct _flow_keys_digest_data *)digest; 1199 1200 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest)); 1201 1202 memset(digest, 0, sizeof(*digest)); 1203 1204 data->n_proto = flow->basic.n_proto; 1205 data->ip_proto = flow->basic.ip_proto; 1206 data->ports = flow->ports.ports; 1207 data->src = flow->addrs.v4addrs.src; 1208 data->dst = flow->addrs.v4addrs.dst; 1209 } 1210 EXPORT_SYMBOL(make_flow_keys_digest); 1211 1212 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly; 1213 1214 u32 __skb_get_hash_symmetric(const struct sk_buff *skb) 1215 { 1216 struct flow_keys keys; 1217 1218 __flow_hash_secret_init(); 1219 1220 memset(&keys, 0, sizeof(keys)); 1221 __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys, 1222 NULL, 0, 0, 0, 1223 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL); 1224 1225 return __flow_hash_from_keys(&keys, hashrnd); 1226 } 1227 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric); 1228 1229 /** 1230 * __skb_get_hash: calculate a flow hash 1231 * @skb: sk_buff to calculate flow hash from 1232 * 1233 * This function calculates a flow hash based on src/dst addresses 1234 * and src/dst port numbers. Sets hash in skb to non-zero hash value 1235 * on success, zero indicates no valid hash. Also, sets l4_hash in skb 1236 * if hash is a canonical 4-tuple hash over transport ports. 1237 */ 1238 void __skb_get_hash(struct sk_buff *skb) 1239 { 1240 struct flow_keys keys; 1241 u32 hash; 1242 1243 __flow_hash_secret_init(); 1244 1245 hash = ___skb_get_hash(skb, &keys, hashrnd); 1246 1247 __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys)); 1248 } 1249 EXPORT_SYMBOL(__skb_get_hash); 1250 1251 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb) 1252 { 1253 struct flow_keys keys; 1254 1255 return ___skb_get_hash(skb, &keys, perturb); 1256 } 1257 EXPORT_SYMBOL(skb_get_hash_perturb); 1258 1259 u32 __skb_get_poff(const struct sk_buff *skb, void *data, 1260 const struct flow_keys_basic *keys, int hlen) 1261 { 1262 u32 poff = keys->control.thoff; 1263 1264 /* skip L4 headers for fragments after the first */ 1265 if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) && 1266 !(keys->control.flags & FLOW_DIS_FIRST_FRAG)) 1267 return poff; 1268 1269 switch (keys->basic.ip_proto) { 1270 case IPPROTO_TCP: { 1271 /* access doff as u8 to avoid unaligned access */ 1272 const u8 *doff; 1273 u8 _doff; 1274 1275 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff), 1276 data, hlen, &_doff); 1277 if (!doff) 1278 return poff; 1279 1280 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2); 1281 break; 1282 } 1283 case IPPROTO_UDP: 1284 case IPPROTO_UDPLITE: 1285 poff += sizeof(struct udphdr); 1286 break; 1287 /* For the rest, we do not really care about header 1288 * extensions at this point for now. 1289 */ 1290 case IPPROTO_ICMP: 1291 poff += sizeof(struct icmphdr); 1292 break; 1293 case IPPROTO_ICMPV6: 1294 poff += sizeof(struct icmp6hdr); 1295 break; 1296 case IPPROTO_IGMP: 1297 poff += sizeof(struct igmphdr); 1298 break; 1299 case IPPROTO_DCCP: 1300 poff += sizeof(struct dccp_hdr); 1301 break; 1302 case IPPROTO_SCTP: 1303 poff += sizeof(struct sctphdr); 1304 break; 1305 } 1306 1307 return poff; 1308 } 1309 1310 /** 1311 * skb_get_poff - get the offset to the payload 1312 * @skb: sk_buff to get the payload offset from 1313 * 1314 * The function will get the offset to the payload as far as it could 1315 * be dissected. The main user is currently BPF, so that we can dynamically 1316 * truncate packets without needing to push actual payload to the user 1317 * space and can analyze headers only, instead. 1318 */ 1319 u32 skb_get_poff(const struct sk_buff *skb) 1320 { 1321 struct flow_keys_basic keys; 1322 1323 if (!skb_flow_dissect_flow_keys_basic(skb, &keys, NULL, 0, 0, 0, 0)) 1324 return 0; 1325 1326 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb)); 1327 } 1328 1329 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys) 1330 { 1331 memset(keys, 0, sizeof(*keys)); 1332 1333 memcpy(&keys->addrs.v6addrs.src, &fl6->saddr, 1334 sizeof(keys->addrs.v6addrs.src)); 1335 memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr, 1336 sizeof(keys->addrs.v6addrs.dst)); 1337 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 1338 keys->ports.src = fl6->fl6_sport; 1339 keys->ports.dst = fl6->fl6_dport; 1340 keys->keyid.keyid = fl6->fl6_gre_key; 1341 keys->tags.flow_label = (__force u32)flowi6_get_flowlabel(fl6); 1342 keys->basic.ip_proto = fl6->flowi6_proto; 1343 1344 return flow_hash_from_keys(keys); 1345 } 1346 EXPORT_SYMBOL(__get_hash_from_flowi6); 1347 1348 static const struct flow_dissector_key flow_keys_dissector_keys[] = { 1349 { 1350 .key_id = FLOW_DISSECTOR_KEY_CONTROL, 1351 .offset = offsetof(struct flow_keys, control), 1352 }, 1353 { 1354 .key_id = FLOW_DISSECTOR_KEY_BASIC, 1355 .offset = offsetof(struct flow_keys, basic), 1356 }, 1357 { 1358 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS, 1359 .offset = offsetof(struct flow_keys, addrs.v4addrs), 1360 }, 1361 { 1362 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS, 1363 .offset = offsetof(struct flow_keys, addrs.v6addrs), 1364 }, 1365 { 1366 .key_id = FLOW_DISSECTOR_KEY_TIPC, 1367 .offset = offsetof(struct flow_keys, addrs.tipckey), 1368 }, 1369 { 1370 .key_id = FLOW_DISSECTOR_KEY_PORTS, 1371 .offset = offsetof(struct flow_keys, ports), 1372 }, 1373 { 1374 .key_id = FLOW_DISSECTOR_KEY_VLAN, 1375 .offset = offsetof(struct flow_keys, vlan), 1376 }, 1377 { 1378 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL, 1379 .offset = offsetof(struct flow_keys, tags), 1380 }, 1381 { 1382 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID, 1383 .offset = offsetof(struct flow_keys, keyid), 1384 }, 1385 }; 1386 1387 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = { 1388 { 1389 .key_id = FLOW_DISSECTOR_KEY_CONTROL, 1390 .offset = offsetof(struct flow_keys, control), 1391 }, 1392 { 1393 .key_id = FLOW_DISSECTOR_KEY_BASIC, 1394 .offset = offsetof(struct flow_keys, basic), 1395 }, 1396 { 1397 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS, 1398 .offset = offsetof(struct flow_keys, addrs.v4addrs), 1399 }, 1400 { 1401 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS, 1402 .offset = offsetof(struct flow_keys, addrs.v6addrs), 1403 }, 1404 { 1405 .key_id = FLOW_DISSECTOR_KEY_PORTS, 1406 .offset = offsetof(struct flow_keys, ports), 1407 }, 1408 }; 1409 1410 static const struct flow_dissector_key flow_keys_basic_dissector_keys[] = { 1411 { 1412 .key_id = FLOW_DISSECTOR_KEY_CONTROL, 1413 .offset = offsetof(struct flow_keys, control), 1414 }, 1415 { 1416 .key_id = FLOW_DISSECTOR_KEY_BASIC, 1417 .offset = offsetof(struct flow_keys, basic), 1418 }, 1419 }; 1420 1421 struct flow_dissector flow_keys_dissector __read_mostly; 1422 EXPORT_SYMBOL(flow_keys_dissector); 1423 1424 struct flow_dissector flow_keys_basic_dissector __read_mostly; 1425 EXPORT_SYMBOL(flow_keys_basic_dissector); 1426 1427 static int __init init_default_flow_dissectors(void) 1428 { 1429 skb_flow_dissector_init(&flow_keys_dissector, 1430 flow_keys_dissector_keys, 1431 ARRAY_SIZE(flow_keys_dissector_keys)); 1432 skb_flow_dissector_init(&flow_keys_dissector_symmetric, 1433 flow_keys_dissector_symmetric_keys, 1434 ARRAY_SIZE(flow_keys_dissector_symmetric_keys)); 1435 skb_flow_dissector_init(&flow_keys_basic_dissector, 1436 flow_keys_basic_dissector_keys, 1437 ARRAY_SIZE(flow_keys_basic_dissector_keys)); 1438 return 0; 1439 } 1440 1441 core_initcall(init_default_flow_dissectors); 1442