1 #include <linux/kernel.h>
2 #include <linux/skbuff.h>
3 #include <linux/export.h>
4 #include <linux/ip.h>
5 #include <linux/ipv6.h>
6 #include <linux/if_vlan.h>
7 #include <net/ip.h>
8 #include <net/ipv6.h>
9 #include <net/gre.h>
10 #include <net/pptp.h>
11 #include <linux/igmp.h>
12 #include <linux/icmp.h>
13 #include <linux/sctp.h>
14 #include <linux/dccp.h>
15 #include <linux/if_tunnel.h>
16 #include <linux/if_pppox.h>
17 #include <linux/ppp_defs.h>
18 #include <linux/stddef.h>
19 #include <linux/if_ether.h>
20 #include <linux/mpls.h>
21 #include <net/flow_dissector.h>
22 #include <scsi/fc/fc_fcoe.h>
23
dissector_set_key(struct flow_dissector * flow_dissector,enum flow_dissector_key_id key_id)24 static void dissector_set_key(struct flow_dissector *flow_dissector,
25 enum flow_dissector_key_id key_id)
26 {
27 flow_dissector->used_keys |= (1 << key_id);
28 }
29
skb_flow_dissector_init(struct flow_dissector * flow_dissector,const struct flow_dissector_key * key,unsigned int key_count)30 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
31 const struct flow_dissector_key *key,
32 unsigned int key_count)
33 {
34 unsigned int i;
35
36 memset(flow_dissector, 0, sizeof(*flow_dissector));
37
38 for (i = 0; i < key_count; i++, key++) {
39 /* User should make sure that every key target offset is withing
40 * boundaries of unsigned short.
41 */
42 BUG_ON(key->offset > USHRT_MAX);
43 BUG_ON(dissector_uses_key(flow_dissector,
44 key->key_id));
45
46 dissector_set_key(flow_dissector, key->key_id);
47 flow_dissector->offset[key->key_id] = key->offset;
48 }
49
50 /* Ensure that the dissector always includes control and basic key.
51 * That way we are able to avoid handling lack of these in fast path.
52 */
53 BUG_ON(!dissector_uses_key(flow_dissector,
54 FLOW_DISSECTOR_KEY_CONTROL));
55 BUG_ON(!dissector_uses_key(flow_dissector,
56 FLOW_DISSECTOR_KEY_BASIC));
57 }
58 EXPORT_SYMBOL(skb_flow_dissector_init);
59
60 /**
61 * __skb_flow_get_ports - extract the upper layer ports and return them
62 * @skb: sk_buff to extract the ports from
63 * @thoff: transport header offset
64 * @ip_proto: protocol for which to get port offset
65 * @data: raw buffer pointer to the packet, if NULL use skb->data
66 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
67 *
68 * The function will try to retrieve the ports at offset thoff + poff where poff
69 * is the protocol port offset returned from proto_ports_offset
70 */
__skb_flow_get_ports(const struct sk_buff * skb,int thoff,u8 ip_proto,void * data,int hlen)71 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
72 void *data, int hlen)
73 {
74 int poff = proto_ports_offset(ip_proto);
75
76 if (!data) {
77 data = skb->data;
78 hlen = skb_headlen(skb);
79 }
80
81 if (poff >= 0) {
82 __be32 *ports, _ports;
83
84 ports = __skb_header_pointer(skb, thoff + poff,
85 sizeof(_ports), data, hlen, &_ports);
86 if (ports)
87 return *ports;
88 }
89
90 return 0;
91 }
92 EXPORT_SYMBOL(__skb_flow_get_ports);
93
94 /**
95 * __skb_flow_dissect - extract the flow_keys struct and return it
96 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
97 * @flow_dissector: list of keys to dissect
98 * @target_container: target structure to put dissected values into
99 * @data: raw buffer pointer to the packet, if NULL use skb->data
100 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
101 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
102 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
103 *
104 * The function will try to retrieve individual keys into target specified
105 * by flow_dissector from either the skbuff or a raw buffer specified by the
106 * rest parameters.
107 *
108 * Caller must take care of zeroing target container memory.
109 */
__skb_flow_dissect(const struct sk_buff * skb,struct flow_dissector * flow_dissector,void * target_container,void * data,__be16 proto,int nhoff,int hlen,unsigned int flags)110 bool __skb_flow_dissect(const struct sk_buff *skb,
111 struct flow_dissector *flow_dissector,
112 void *target_container,
113 void *data, __be16 proto, int nhoff, int hlen,
114 unsigned int flags)
115 {
116 struct flow_dissector_key_control *key_control;
117 struct flow_dissector_key_basic *key_basic;
118 struct flow_dissector_key_addrs *key_addrs;
119 struct flow_dissector_key_ports *key_ports;
120 struct flow_dissector_key_tags *key_tags;
121 struct flow_dissector_key_vlan *key_vlan;
122 struct flow_dissector_key_keyid *key_keyid;
123 bool skip_vlan = false;
124 u8 ip_proto = 0;
125 bool ret;
126
127 if (!data) {
128 data = skb->data;
129 proto = skb_vlan_tag_present(skb) ?
130 skb->vlan_proto : skb->protocol;
131 nhoff = skb_network_offset(skb);
132 hlen = skb_headlen(skb);
133 }
134
135 /* It is ensured by skb_flow_dissector_init() that control key will
136 * be always present.
137 */
138 key_control = skb_flow_dissector_target(flow_dissector,
139 FLOW_DISSECTOR_KEY_CONTROL,
140 target_container);
141
142 /* It is ensured by skb_flow_dissector_init() that basic key will
143 * be always present.
144 */
145 key_basic = skb_flow_dissector_target(flow_dissector,
146 FLOW_DISSECTOR_KEY_BASIC,
147 target_container);
148
149 if (dissector_uses_key(flow_dissector,
150 FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
151 struct ethhdr *eth = eth_hdr(skb);
152 struct flow_dissector_key_eth_addrs *key_eth_addrs;
153
154 key_eth_addrs = skb_flow_dissector_target(flow_dissector,
155 FLOW_DISSECTOR_KEY_ETH_ADDRS,
156 target_container);
157 memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs));
158 }
159
160 again:
161 switch (proto) {
162 case htons(ETH_P_IP): {
163 const struct iphdr *iph;
164 struct iphdr _iph;
165 ip:
166 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
167 if (!iph || iph->ihl < 5)
168 goto out_bad;
169 nhoff += iph->ihl * 4;
170
171 ip_proto = iph->protocol;
172
173 if (dissector_uses_key(flow_dissector,
174 FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
175 key_addrs = skb_flow_dissector_target(flow_dissector,
176 FLOW_DISSECTOR_KEY_IPV4_ADDRS,
177 target_container);
178
179 memcpy(&key_addrs->v4addrs, &iph->saddr,
180 sizeof(key_addrs->v4addrs));
181 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
182 }
183
184 if (ip_is_fragment(iph)) {
185 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
186
187 if (iph->frag_off & htons(IP_OFFSET)) {
188 goto out_good;
189 } else {
190 key_control->flags |= FLOW_DIS_FIRST_FRAG;
191 if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
192 goto out_good;
193 }
194 }
195
196 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
197 goto out_good;
198
199 break;
200 }
201 case htons(ETH_P_IPV6): {
202 const struct ipv6hdr *iph;
203 struct ipv6hdr _iph;
204
205 ipv6:
206 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
207 if (!iph)
208 goto out_bad;
209
210 ip_proto = iph->nexthdr;
211 nhoff += sizeof(struct ipv6hdr);
212
213 if (dissector_uses_key(flow_dissector,
214 FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
215 key_addrs = skb_flow_dissector_target(flow_dissector,
216 FLOW_DISSECTOR_KEY_IPV6_ADDRS,
217 target_container);
218
219 memcpy(&key_addrs->v6addrs, &iph->saddr,
220 sizeof(key_addrs->v6addrs));
221 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
222 }
223
224 if ((dissector_uses_key(flow_dissector,
225 FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
226 (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
227 ip6_flowlabel(iph)) {
228 __be32 flow_label = ip6_flowlabel(iph);
229
230 if (dissector_uses_key(flow_dissector,
231 FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
232 key_tags = skb_flow_dissector_target(flow_dissector,
233 FLOW_DISSECTOR_KEY_FLOW_LABEL,
234 target_container);
235 key_tags->flow_label = ntohl(flow_label);
236 }
237 if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
238 goto out_good;
239 }
240
241 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
242 goto out_good;
243
244 break;
245 }
246 case htons(ETH_P_8021AD):
247 case htons(ETH_P_8021Q): {
248 const struct vlan_hdr *vlan;
249 struct vlan_hdr _vlan;
250 bool vlan_tag_present = skb && skb_vlan_tag_present(skb);
251
252 if (vlan_tag_present)
253 proto = skb->protocol;
254
255 if (!vlan_tag_present || eth_type_vlan(skb->protocol)) {
256 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
257 data, hlen, &_vlan);
258 if (!vlan)
259 goto out_bad;
260 proto = vlan->h_vlan_encapsulated_proto;
261 nhoff += sizeof(*vlan);
262 if (skip_vlan)
263 goto again;
264 }
265
266 skip_vlan = true;
267 if (dissector_uses_key(flow_dissector,
268 FLOW_DISSECTOR_KEY_VLAN)) {
269 key_vlan = skb_flow_dissector_target(flow_dissector,
270 FLOW_DISSECTOR_KEY_VLAN,
271 target_container);
272
273 if (vlan_tag_present) {
274 key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
275 key_vlan->vlan_priority =
276 (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT);
277 } else {
278 key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
279 VLAN_VID_MASK;
280 key_vlan->vlan_priority =
281 (ntohs(vlan->h_vlan_TCI) &
282 VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
283 }
284 }
285
286 goto again;
287 }
288 case htons(ETH_P_PPP_SES): {
289 struct {
290 struct pppoe_hdr hdr;
291 __be16 proto;
292 } *hdr, _hdr;
293 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
294 if (!hdr)
295 goto out_bad;
296 proto = hdr->proto;
297 nhoff += PPPOE_SES_HLEN;
298 switch (proto) {
299 case htons(PPP_IP):
300 goto ip;
301 case htons(PPP_IPV6):
302 goto ipv6;
303 default:
304 goto out_bad;
305 }
306 }
307 case htons(ETH_P_TIPC): {
308 struct {
309 __be32 pre[3];
310 __be32 srcnode;
311 } *hdr, _hdr;
312 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
313 if (!hdr)
314 goto out_bad;
315
316 if (dissector_uses_key(flow_dissector,
317 FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
318 key_addrs = skb_flow_dissector_target(flow_dissector,
319 FLOW_DISSECTOR_KEY_TIPC_ADDRS,
320 target_container);
321 key_addrs->tipcaddrs.srcnode = hdr->srcnode;
322 key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
323 }
324 goto out_good;
325 }
326
327 case htons(ETH_P_MPLS_UC):
328 case htons(ETH_P_MPLS_MC): {
329 struct mpls_label *hdr, _hdr[2];
330 mpls:
331 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
332 hlen, &_hdr);
333 if (!hdr)
334 goto out_bad;
335
336 if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >>
337 MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) {
338 if (dissector_uses_key(flow_dissector,
339 FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) {
340 key_keyid = skb_flow_dissector_target(flow_dissector,
341 FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
342 target_container);
343 key_keyid->keyid = hdr[1].entry &
344 htonl(MPLS_LS_LABEL_MASK);
345 }
346
347 goto out_good;
348 }
349
350 goto out_good;
351 }
352
353 case htons(ETH_P_FCOE):
354 if ((hlen - nhoff) < FCOE_HEADER_LEN)
355 goto out_bad;
356
357 nhoff += FCOE_HEADER_LEN;
358 goto out_good;
359 default:
360 goto out_bad;
361 }
362
363 ip_proto_again:
364 switch (ip_proto) {
365 case IPPROTO_GRE: {
366 struct gre_base_hdr *hdr, _hdr;
367 u16 gre_ver;
368 int offset = 0;
369
370 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
371 if (!hdr)
372 goto out_bad;
373
374 /* Only look inside GRE without routing */
375 if (hdr->flags & GRE_ROUTING)
376 break;
377
378 /* Only look inside GRE for version 0 and 1 */
379 gre_ver = ntohs(hdr->flags & GRE_VERSION);
380 if (gre_ver > 1)
381 break;
382
383 proto = hdr->protocol;
384 if (gre_ver) {
385 /* Version1 must be PPTP, and check the flags */
386 if (!(proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
387 break;
388 }
389
390 offset += sizeof(struct gre_base_hdr);
391
392 if (hdr->flags & GRE_CSUM)
393 offset += sizeof(((struct gre_full_hdr *)0)->csum) +
394 sizeof(((struct gre_full_hdr *)0)->reserved1);
395
396 if (hdr->flags & GRE_KEY) {
397 const __be32 *keyid;
398 __be32 _keyid;
399
400 keyid = __skb_header_pointer(skb, nhoff + offset, sizeof(_keyid),
401 data, hlen, &_keyid);
402 if (!keyid)
403 goto out_bad;
404
405 if (dissector_uses_key(flow_dissector,
406 FLOW_DISSECTOR_KEY_GRE_KEYID)) {
407 key_keyid = skb_flow_dissector_target(flow_dissector,
408 FLOW_DISSECTOR_KEY_GRE_KEYID,
409 target_container);
410 if (gre_ver == 0)
411 key_keyid->keyid = *keyid;
412 else
413 key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
414 }
415 offset += sizeof(((struct gre_full_hdr *)0)->key);
416 }
417
418 if (hdr->flags & GRE_SEQ)
419 offset += sizeof(((struct pptp_gre_header *)0)->seq);
420
421 if (gre_ver == 0) {
422 if (proto == htons(ETH_P_TEB)) {
423 const struct ethhdr *eth;
424 struct ethhdr _eth;
425
426 eth = __skb_header_pointer(skb, nhoff + offset,
427 sizeof(_eth),
428 data, hlen, &_eth);
429 if (!eth)
430 goto out_bad;
431 proto = eth->h_proto;
432 offset += sizeof(*eth);
433
434 /* Cap headers that we access via pointers at the
435 * end of the Ethernet header as our maximum alignment
436 * at that point is only 2 bytes.
437 */
438 if (NET_IP_ALIGN)
439 hlen = (nhoff + offset);
440 }
441 } else { /* version 1, must be PPTP */
442 u8 _ppp_hdr[PPP_HDRLEN];
443 u8 *ppp_hdr;
444
445 if (hdr->flags & GRE_ACK)
446 offset += sizeof(((struct pptp_gre_header *)0)->ack);
447
448 ppp_hdr = __skb_header_pointer(skb, nhoff + offset,
449 sizeof(_ppp_hdr),
450 data, hlen, _ppp_hdr);
451 if (!ppp_hdr)
452 goto out_bad;
453
454 switch (PPP_PROTOCOL(ppp_hdr)) {
455 case PPP_IP:
456 proto = htons(ETH_P_IP);
457 break;
458 case PPP_IPV6:
459 proto = htons(ETH_P_IPV6);
460 break;
461 default:
462 /* Could probably catch some more like MPLS */
463 break;
464 }
465
466 offset += PPP_HDRLEN;
467 }
468
469 nhoff += offset;
470 key_control->flags |= FLOW_DIS_ENCAPSULATION;
471 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
472 goto out_good;
473
474 goto again;
475 }
476 case NEXTHDR_HOP:
477 case NEXTHDR_ROUTING:
478 case NEXTHDR_DEST: {
479 u8 _opthdr[2], *opthdr;
480
481 if (proto != htons(ETH_P_IPV6))
482 break;
483
484 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
485 data, hlen, &_opthdr);
486 if (!opthdr)
487 goto out_bad;
488
489 ip_proto = opthdr[0];
490 nhoff += (opthdr[1] + 1) << 3;
491
492 goto ip_proto_again;
493 }
494 case NEXTHDR_FRAGMENT: {
495 struct frag_hdr _fh, *fh;
496
497 if (proto != htons(ETH_P_IPV6))
498 break;
499
500 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
501 data, hlen, &_fh);
502
503 if (!fh)
504 goto out_bad;
505
506 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
507
508 nhoff += sizeof(_fh);
509 ip_proto = fh->nexthdr;
510
511 if (!(fh->frag_off & htons(IP6_OFFSET))) {
512 key_control->flags |= FLOW_DIS_FIRST_FRAG;
513 if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
514 goto ip_proto_again;
515 }
516 goto out_good;
517 }
518 case IPPROTO_IPIP:
519 proto = htons(ETH_P_IP);
520
521 key_control->flags |= FLOW_DIS_ENCAPSULATION;
522 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
523 goto out_good;
524
525 goto ip;
526 case IPPROTO_IPV6:
527 proto = htons(ETH_P_IPV6);
528
529 key_control->flags |= FLOW_DIS_ENCAPSULATION;
530 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
531 goto out_good;
532
533 goto ipv6;
534 case IPPROTO_MPLS:
535 proto = htons(ETH_P_MPLS_UC);
536 goto mpls;
537 default:
538 break;
539 }
540
541 if (dissector_uses_key(flow_dissector,
542 FLOW_DISSECTOR_KEY_PORTS)) {
543 key_ports = skb_flow_dissector_target(flow_dissector,
544 FLOW_DISSECTOR_KEY_PORTS,
545 target_container);
546 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
547 data, hlen);
548 }
549
550 out_good:
551 ret = true;
552
553 out:
554 key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
555 key_basic->n_proto = proto;
556 key_basic->ip_proto = ip_proto;
557
558 return ret;
559
560 out_bad:
561 ret = false;
562 goto out;
563 }
564 EXPORT_SYMBOL(__skb_flow_dissect);
565
566 static u32 hashrnd __read_mostly;
__flow_hash_secret_init(void)567 static __always_inline void __flow_hash_secret_init(void)
568 {
569 net_get_random_once(&hashrnd, sizeof(hashrnd));
570 }
571
__flow_hash_words(const u32 * words,u32 length,u32 keyval)572 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,
573 u32 keyval)
574 {
575 return jhash2(words, length, keyval);
576 }
577
flow_keys_hash_start(const struct flow_keys * flow)578 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)
579 {
580 const void *p = flow;
581
582 BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));
583 return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);
584 }
585
flow_keys_hash_length(const struct flow_keys * flow)586 static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
587 {
588 size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
589 BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
590 BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=
591 sizeof(*flow) - sizeof(flow->addrs));
592
593 switch (flow->control.addr_type) {
594 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
595 diff -= sizeof(flow->addrs.v4addrs);
596 break;
597 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
598 diff -= sizeof(flow->addrs.v6addrs);
599 break;
600 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
601 diff -= sizeof(flow->addrs.tipcaddrs);
602 break;
603 }
604 return (sizeof(*flow) - diff) / sizeof(u32);
605 }
606
flow_get_u32_src(const struct flow_keys * flow)607 __be32 flow_get_u32_src(const struct flow_keys *flow)
608 {
609 switch (flow->control.addr_type) {
610 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
611 return flow->addrs.v4addrs.src;
612 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
613 return (__force __be32)ipv6_addr_hash(
614 &flow->addrs.v6addrs.src);
615 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
616 return flow->addrs.tipcaddrs.srcnode;
617 default:
618 return 0;
619 }
620 }
621 EXPORT_SYMBOL(flow_get_u32_src);
622
flow_get_u32_dst(const struct flow_keys * flow)623 __be32 flow_get_u32_dst(const struct flow_keys *flow)
624 {
625 switch (flow->control.addr_type) {
626 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
627 return flow->addrs.v4addrs.dst;
628 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
629 return (__force __be32)ipv6_addr_hash(
630 &flow->addrs.v6addrs.dst);
631 default:
632 return 0;
633 }
634 }
635 EXPORT_SYMBOL(flow_get_u32_dst);
636
__flow_hash_consistentify(struct flow_keys * keys)637 static inline void __flow_hash_consistentify(struct flow_keys *keys)
638 {
639 int addr_diff, i;
640
641 switch (keys->control.addr_type) {
642 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
643 addr_diff = (__force u32)keys->addrs.v4addrs.dst -
644 (__force u32)keys->addrs.v4addrs.src;
645 if ((addr_diff < 0) ||
646 (addr_diff == 0 &&
647 ((__force u16)keys->ports.dst <
648 (__force u16)keys->ports.src))) {
649 swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
650 swap(keys->ports.src, keys->ports.dst);
651 }
652 break;
653 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
654 addr_diff = memcmp(&keys->addrs.v6addrs.dst,
655 &keys->addrs.v6addrs.src,
656 sizeof(keys->addrs.v6addrs.dst));
657 if ((addr_diff < 0) ||
658 (addr_diff == 0 &&
659 ((__force u16)keys->ports.dst <
660 (__force u16)keys->ports.src))) {
661 for (i = 0; i < 4; i++)
662 swap(keys->addrs.v6addrs.src.s6_addr32[i],
663 keys->addrs.v6addrs.dst.s6_addr32[i]);
664 swap(keys->ports.src, keys->ports.dst);
665 }
666 break;
667 }
668 }
669
__flow_hash_from_keys(struct flow_keys * keys,u32 keyval)670 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
671 {
672 u32 hash;
673
674 __flow_hash_consistentify(keys);
675
676 hash = __flow_hash_words(flow_keys_hash_start(keys),
677 flow_keys_hash_length(keys), keyval);
678 if (!hash)
679 hash = 1;
680
681 return hash;
682 }
683
flow_hash_from_keys(struct flow_keys * keys)684 u32 flow_hash_from_keys(struct flow_keys *keys)
685 {
686 __flow_hash_secret_init();
687 return __flow_hash_from_keys(keys, hashrnd);
688 }
689 EXPORT_SYMBOL(flow_hash_from_keys);
690
___skb_get_hash(const struct sk_buff * skb,struct flow_keys * keys,u32 keyval)691 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
692 struct flow_keys *keys, u32 keyval)
693 {
694 skb_flow_dissect_flow_keys(skb, keys,
695 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
696
697 return __flow_hash_from_keys(keys, keyval);
698 }
699
700 struct _flow_keys_digest_data {
701 __be16 n_proto;
702 u8 ip_proto;
703 u8 padding;
704 __be32 ports;
705 __be32 src;
706 __be32 dst;
707 };
708
make_flow_keys_digest(struct flow_keys_digest * digest,const struct flow_keys * flow)709 void make_flow_keys_digest(struct flow_keys_digest *digest,
710 const struct flow_keys *flow)
711 {
712 struct _flow_keys_digest_data *data =
713 (struct _flow_keys_digest_data *)digest;
714
715 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
716
717 memset(digest, 0, sizeof(*digest));
718
719 data->n_proto = flow->basic.n_proto;
720 data->ip_proto = flow->basic.ip_proto;
721 data->ports = flow->ports.ports;
722 data->src = flow->addrs.v4addrs.src;
723 data->dst = flow->addrs.v4addrs.dst;
724 }
725 EXPORT_SYMBOL(make_flow_keys_digest);
726
727 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
728
__skb_get_hash_symmetric(struct sk_buff * skb)729 u32 __skb_get_hash_symmetric(struct sk_buff *skb)
730 {
731 struct flow_keys keys;
732
733 __flow_hash_secret_init();
734
735 memset(&keys, 0, sizeof(keys));
736 __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
737 NULL, 0, 0, 0,
738 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
739
740 return __flow_hash_from_keys(&keys, hashrnd);
741 }
742 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
743
744 /**
745 * __skb_get_hash: calculate a flow hash
746 * @skb: sk_buff to calculate flow hash from
747 *
748 * This function calculates a flow hash based on src/dst addresses
749 * and src/dst port numbers. Sets hash in skb to non-zero hash value
750 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
751 * if hash is a canonical 4-tuple hash over transport ports.
752 */
__skb_get_hash(struct sk_buff * skb)753 void __skb_get_hash(struct sk_buff *skb)
754 {
755 struct flow_keys keys;
756 u32 hash;
757
758 __flow_hash_secret_init();
759
760 hash = ___skb_get_hash(skb, &keys, hashrnd);
761
762 __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
763 }
764 EXPORT_SYMBOL(__skb_get_hash);
765
skb_get_hash_perturb(const struct sk_buff * skb,u32 perturb)766 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
767 {
768 struct flow_keys keys;
769
770 return ___skb_get_hash(skb, &keys, perturb);
771 }
772 EXPORT_SYMBOL(skb_get_hash_perturb);
773
__skb_get_hash_flowi6(struct sk_buff * skb,const struct flowi6 * fl6)774 __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6)
775 {
776 struct flow_keys keys;
777
778 memset(&keys, 0, sizeof(keys));
779
780 memcpy(&keys.addrs.v6addrs.src, &fl6->saddr,
781 sizeof(keys.addrs.v6addrs.src));
782 memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr,
783 sizeof(keys.addrs.v6addrs.dst));
784 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
785 keys.ports.src = fl6->fl6_sport;
786 keys.ports.dst = fl6->fl6_dport;
787 keys.keyid.keyid = fl6->fl6_gre_key;
788 keys.tags.flow_label = (__force u32)fl6->flowlabel;
789 keys.basic.ip_proto = fl6->flowi6_proto;
790
791 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
792 flow_keys_have_l4(&keys));
793
794 return skb->hash;
795 }
796 EXPORT_SYMBOL(__skb_get_hash_flowi6);
797
__skb_get_hash_flowi4(struct sk_buff * skb,const struct flowi4 * fl4)798 __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4)
799 {
800 struct flow_keys keys;
801
802 memset(&keys, 0, sizeof(keys));
803
804 keys.addrs.v4addrs.src = fl4->saddr;
805 keys.addrs.v4addrs.dst = fl4->daddr;
806 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
807 keys.ports.src = fl4->fl4_sport;
808 keys.ports.dst = fl4->fl4_dport;
809 keys.keyid.keyid = fl4->fl4_gre_key;
810 keys.basic.ip_proto = fl4->flowi4_proto;
811
812 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
813 flow_keys_have_l4(&keys));
814
815 return skb->hash;
816 }
817 EXPORT_SYMBOL(__skb_get_hash_flowi4);
818
__skb_get_poff(const struct sk_buff * skb,void * data,const struct flow_keys * keys,int hlen)819 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
820 const struct flow_keys *keys, int hlen)
821 {
822 u32 poff = keys->control.thoff;
823
824 /* skip L4 headers for fragments after the first */
825 if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
826 !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
827 return poff;
828
829 switch (keys->basic.ip_proto) {
830 case IPPROTO_TCP: {
831 /* access doff as u8 to avoid unaligned access */
832 const u8 *doff;
833 u8 _doff;
834
835 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
836 data, hlen, &_doff);
837 if (!doff)
838 return poff;
839
840 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
841 break;
842 }
843 case IPPROTO_UDP:
844 case IPPROTO_UDPLITE:
845 poff += sizeof(struct udphdr);
846 break;
847 /* For the rest, we do not really care about header
848 * extensions at this point for now.
849 */
850 case IPPROTO_ICMP:
851 poff += sizeof(struct icmphdr);
852 break;
853 case IPPROTO_ICMPV6:
854 poff += sizeof(struct icmp6hdr);
855 break;
856 case IPPROTO_IGMP:
857 poff += sizeof(struct igmphdr);
858 break;
859 case IPPROTO_DCCP:
860 poff += sizeof(struct dccp_hdr);
861 break;
862 case IPPROTO_SCTP:
863 poff += sizeof(struct sctphdr);
864 break;
865 }
866
867 return poff;
868 }
869
870 /**
871 * skb_get_poff - get the offset to the payload
872 * @skb: sk_buff to get the payload offset from
873 *
874 * The function will get the offset to the payload as far as it could
875 * be dissected. The main user is currently BPF, so that we can dynamically
876 * truncate packets without needing to push actual payload to the user
877 * space and can analyze headers only, instead.
878 */
skb_get_poff(const struct sk_buff * skb)879 u32 skb_get_poff(const struct sk_buff *skb)
880 {
881 struct flow_keys keys;
882
883 if (!skb_flow_dissect_flow_keys(skb, &keys, 0))
884 return 0;
885
886 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
887 }
888
__get_hash_from_flowi6(const struct flowi6 * fl6,struct flow_keys * keys)889 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
890 {
891 memset(keys, 0, sizeof(*keys));
892
893 memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
894 sizeof(keys->addrs.v6addrs.src));
895 memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
896 sizeof(keys->addrs.v6addrs.dst));
897 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
898 keys->ports.src = fl6->fl6_sport;
899 keys->ports.dst = fl6->fl6_dport;
900 keys->keyid.keyid = fl6->fl6_gre_key;
901 keys->tags.flow_label = (__force u32)fl6->flowlabel;
902 keys->basic.ip_proto = fl6->flowi6_proto;
903
904 return flow_hash_from_keys(keys);
905 }
906 EXPORT_SYMBOL(__get_hash_from_flowi6);
907
__get_hash_from_flowi4(const struct flowi4 * fl4,struct flow_keys * keys)908 __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys)
909 {
910 memset(keys, 0, sizeof(*keys));
911
912 keys->addrs.v4addrs.src = fl4->saddr;
913 keys->addrs.v4addrs.dst = fl4->daddr;
914 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
915 keys->ports.src = fl4->fl4_sport;
916 keys->ports.dst = fl4->fl4_dport;
917 keys->keyid.keyid = fl4->fl4_gre_key;
918 keys->basic.ip_proto = fl4->flowi4_proto;
919
920 return flow_hash_from_keys(keys);
921 }
922 EXPORT_SYMBOL(__get_hash_from_flowi4);
923
924 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
925 {
926 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
927 .offset = offsetof(struct flow_keys, control),
928 },
929 {
930 .key_id = FLOW_DISSECTOR_KEY_BASIC,
931 .offset = offsetof(struct flow_keys, basic),
932 },
933 {
934 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
935 .offset = offsetof(struct flow_keys, addrs.v4addrs),
936 },
937 {
938 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
939 .offset = offsetof(struct flow_keys, addrs.v6addrs),
940 },
941 {
942 .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
943 .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
944 },
945 {
946 .key_id = FLOW_DISSECTOR_KEY_PORTS,
947 .offset = offsetof(struct flow_keys, ports),
948 },
949 {
950 .key_id = FLOW_DISSECTOR_KEY_VLAN,
951 .offset = offsetof(struct flow_keys, vlan),
952 },
953 {
954 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
955 .offset = offsetof(struct flow_keys, tags),
956 },
957 {
958 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
959 .offset = offsetof(struct flow_keys, keyid),
960 },
961 };
962
963 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
964 {
965 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
966 .offset = offsetof(struct flow_keys, control),
967 },
968 {
969 .key_id = FLOW_DISSECTOR_KEY_BASIC,
970 .offset = offsetof(struct flow_keys, basic),
971 },
972 {
973 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
974 .offset = offsetof(struct flow_keys, addrs.v4addrs),
975 },
976 {
977 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
978 .offset = offsetof(struct flow_keys, addrs.v6addrs),
979 },
980 {
981 .key_id = FLOW_DISSECTOR_KEY_PORTS,
982 .offset = offsetof(struct flow_keys, ports),
983 },
984 };
985
986 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
987 {
988 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
989 .offset = offsetof(struct flow_keys, control),
990 },
991 {
992 .key_id = FLOW_DISSECTOR_KEY_BASIC,
993 .offset = offsetof(struct flow_keys, basic),
994 },
995 };
996
997 struct flow_dissector flow_keys_dissector __read_mostly;
998 EXPORT_SYMBOL(flow_keys_dissector);
999
1000 struct flow_dissector flow_keys_buf_dissector __read_mostly;
1001
init_default_flow_dissectors(void)1002 static int __init init_default_flow_dissectors(void)
1003 {
1004 skb_flow_dissector_init(&flow_keys_dissector,
1005 flow_keys_dissector_keys,
1006 ARRAY_SIZE(flow_keys_dissector_keys));
1007 skb_flow_dissector_init(&flow_keys_dissector_symmetric,
1008 flow_keys_dissector_symmetric_keys,
1009 ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
1010 skb_flow_dissector_init(&flow_keys_buf_dissector,
1011 flow_keys_buf_dissector_keys,
1012 ARRAY_SIZE(flow_keys_buf_dissector_keys));
1013 return 0;
1014 }
1015
1016 core_initcall(init_default_flow_dissectors);
1017