]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - net/core/flow_dissector.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UBUNTU: [Config] CONFIG_PCIEPORTBUS=n for ppc64el
[mirror_ubuntu-zesty-kernel.git] / net / core / flow_dissector.c
1 #include <linux/kernel.h>
2 #include <linux/skbuff.h>
3 #include <linux/export.h>
4 #include <linux/ip.h>
5 #include <linux/ipv6.h>
6 #include <linux/if_vlan.h>
7 #include <net/ip.h>
8 #include <net/ipv6.h>
9 #include <net/gre.h>
10 #include <net/pptp.h>
11 #include <linux/igmp.h>
12 #include <linux/icmp.h>
13 #include <linux/sctp.h>
14 #include <linux/dccp.h>
15 #include <linux/if_tunnel.h>
16 #include <linux/if_pppox.h>
17 #include <linux/ppp_defs.h>
18 #include <linux/stddef.h>
19 #include <linux/if_ether.h>
20 #include <linux/mpls.h>
21 #include <net/flow_dissector.h>
22 #include <scsi/fc/fc_fcoe.h>
23
24 static void dissector_set_key(struct flow_dissector *flow_dissector,
25 enum flow_dissector_key_id key_id)
26 {
27 flow_dissector->used_keys |= (1 << key_id);
28 }
29
30 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
31 const struct flow_dissector_key *key,
32 unsigned int key_count)
33 {
34 unsigned int i;
35
36 memset(flow_dissector, 0, sizeof(*flow_dissector));
37
38 for (i = 0; i < key_count; i++, key++) {
39 /* User should make sure that every key target offset is withing
40 * boundaries of unsigned short.
41 */
42 BUG_ON(key->offset > USHRT_MAX);
43 BUG_ON(dissector_uses_key(flow_dissector,
44 key->key_id));
45
46 dissector_set_key(flow_dissector, key->key_id);
47 flow_dissector->offset[key->key_id] = key->offset;
48 }
49
50 /* Ensure that the dissector always includes control and basic key.
51 * That way we are able to avoid handling lack of these in fast path.
52 */
53 BUG_ON(!dissector_uses_key(flow_dissector,
54 FLOW_DISSECTOR_KEY_CONTROL));
55 BUG_ON(!dissector_uses_key(flow_dissector,
56 FLOW_DISSECTOR_KEY_BASIC));
57 }
58 EXPORT_SYMBOL(skb_flow_dissector_init);
59
60 /**
61 * skb_flow_get_be16 - extract be16 entity
62 * @skb: sk_buff to extract from
63 * @poff: offset to extract at
64 * @data: raw buffer pointer to the packet
65 * @hlen: packet header length
66 *
67 * The function will try to retrieve a be32 entity at
68 * offset poff
69 */
70 static __be16 skb_flow_get_be16(const struct sk_buff *skb, int poff,
71 void *data, int hlen)
72 {
73 __be16 *u, _u;
74
75 u = __skb_header_pointer(skb, poff, sizeof(_u), data, hlen, &_u);
76 if (u)
77 return *u;
78
79 return 0;
80 }
81
82 /**
83 * __skb_flow_get_ports - extract the upper layer ports and return them
84 * @skb: sk_buff to extract the ports from
85 * @thoff: transport header offset
86 * @ip_proto: protocol for which to get port offset
87 * @data: raw buffer pointer to the packet, if NULL use skb->data
88 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
89 *
90 * The function will try to retrieve the ports at offset thoff + poff where poff
91 * is the protocol port offset returned from proto_ports_offset
92 */
93 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
94 void *data, int hlen)
95 {
96 int poff = proto_ports_offset(ip_proto);
97
98 if (!data) {
99 data = skb->data;
100 hlen = skb_headlen(skb);
101 }
102
103 if (poff >= 0) {
104 __be32 *ports, _ports;
105
106 ports = __skb_header_pointer(skb, thoff + poff,
107 sizeof(_ports), data, hlen, &_ports);
108 if (ports)
109 return *ports;
110 }
111
112 return 0;
113 }
114 EXPORT_SYMBOL(__skb_flow_get_ports);
115
116 /**
117 * __skb_flow_dissect - extract the flow_keys struct and return it
118 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
119 * @flow_dissector: list of keys to dissect
120 * @target_container: target structure to put dissected values into
121 * @data: raw buffer pointer to the packet, if NULL use skb->data
122 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
123 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
124 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
125 *
126 * The function will try to retrieve individual keys into target specified
127 * by flow_dissector from either the skbuff or a raw buffer specified by the
128 * rest parameters.
129 *
130 * Caller must take care of zeroing target container memory.
131 */
132 bool __skb_flow_dissect(const struct sk_buff *skb,
133 struct flow_dissector *flow_dissector,
134 void *target_container,
135 void *data, __be16 proto, int nhoff, int hlen,
136 unsigned int flags)
137 {
138 struct flow_dissector_key_control *key_control;
139 struct flow_dissector_key_basic *key_basic;
140 struct flow_dissector_key_addrs *key_addrs;
141 struct flow_dissector_key_ports *key_ports;
142 struct flow_dissector_key_icmp *key_icmp;
143 struct flow_dissector_key_tags *key_tags;
144 struct flow_dissector_key_vlan *key_vlan;
145 struct flow_dissector_key_keyid *key_keyid;
146 bool skip_vlan = false;
147 u8 ip_proto = 0;
148 bool ret;
149
150 if (!data) {
151 data = skb->data;
152 proto = skb_vlan_tag_present(skb) ?
153 skb->vlan_proto : skb->protocol;
154 nhoff = skb_network_offset(skb);
155 hlen = skb_headlen(skb);
156 }
157
158 /* It is ensured by skb_flow_dissector_init() that control key will
159 * be always present.
160 */
161 key_control = skb_flow_dissector_target(flow_dissector,
162 FLOW_DISSECTOR_KEY_CONTROL,
163 target_container);
164
165 /* It is ensured by skb_flow_dissector_init() that basic key will
166 * be always present.
167 */
168 key_basic = skb_flow_dissector_target(flow_dissector,
169 FLOW_DISSECTOR_KEY_BASIC,
170 target_container);
171
172 if (dissector_uses_key(flow_dissector,
173 FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
174 struct ethhdr *eth = eth_hdr(skb);
175 struct flow_dissector_key_eth_addrs *key_eth_addrs;
176
177 key_eth_addrs = skb_flow_dissector_target(flow_dissector,
178 FLOW_DISSECTOR_KEY_ETH_ADDRS,
179 target_container);
180 memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
181 }
182
183 again:
184 switch (proto) {
185 case htons(ETH_P_IP): {
186 const struct iphdr *iph;
187 struct iphdr _iph;
188 ip:
189 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
190 if (!iph || iph->ihl < 5)
191 goto out_bad;
192 nhoff += iph->ihl * 4;
193
194 ip_proto = iph->protocol;
195
196 if (dissector_uses_key(flow_dissector,
197 FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
198 key_addrs = skb_flow_dissector_target(flow_dissector,
199 FLOW_DISSECTOR_KEY_IPV4_ADDRS,
200 target_container);
201
202 memcpy(&key_addrs->v4addrs, &iph->saddr,
203 sizeof(key_addrs->v4addrs));
204 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
205 }
206
207 if (ip_is_fragment(iph)) {
208 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
209
210 if (iph->frag_off & htons(IP_OFFSET)) {
211 goto out_good;
212 } else {
213 key_control->flags |= FLOW_DIS_FIRST_FRAG;
214 if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
215 goto out_good;
216 }
217 }
218
219 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
220 goto out_good;
221
222 break;
223 }
224 case htons(ETH_P_IPV6): {
225 const struct ipv6hdr *iph;
226 struct ipv6hdr _iph;
227
228 ipv6:
229 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
230 if (!iph)
231 goto out_bad;
232
233 ip_proto = iph->nexthdr;
234 nhoff += sizeof(struct ipv6hdr);
235
236 if (dissector_uses_key(flow_dissector,
237 FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
238 key_addrs = skb_flow_dissector_target(flow_dissector,
239 FLOW_DISSECTOR_KEY_IPV6_ADDRS,
240 target_container);
241
242 memcpy(&key_addrs->v6addrs, &iph->saddr,
243 sizeof(key_addrs->v6addrs));
244 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
245 }
246
247 if ((dissector_uses_key(flow_dissector,
248 FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
249 (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
250 ip6_flowlabel(iph)) {
251 __be32 flow_label = ip6_flowlabel(iph);
252
253 if (dissector_uses_key(flow_dissector,
254 FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
255 key_tags = skb_flow_dissector_target(flow_dissector,
256 FLOW_DISSECTOR_KEY_FLOW_LABEL,
257 target_container);
258 key_tags->flow_label = ntohl(flow_label);
259 }
260 if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
261 goto out_good;
262 }
263
264 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
265 goto out_good;
266
267 break;
268 }
269 case htons(ETH_P_8021AD):
270 case htons(ETH_P_8021Q): {
271 const struct vlan_hdr *vlan;
272 struct vlan_hdr _vlan;
273 bool vlan_tag_present = skb && skb_vlan_tag_present(skb);
274
275 if (vlan_tag_present)
276 proto = skb->protocol;
277
278 if (!vlan_tag_present || eth_type_vlan(skb->protocol)) {
279 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
280 data, hlen, &_vlan);
281 if (!vlan)
282 goto out_bad;
283 proto = vlan->h_vlan_encapsulated_proto;
284 nhoff += sizeof(*vlan);
285 if (skip_vlan)
286 goto again;
287 }
288
289 skip_vlan = true;
290 if (dissector_uses_key(flow_dissector,
291 FLOW_DISSECTOR_KEY_VLAN)) {
292 key_vlan = skb_flow_dissector_target(flow_dissector,
293 FLOW_DISSECTOR_KEY_VLAN,
294 target_container);
295
296 if (vlan_tag_present) {
297 key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
298 key_vlan->vlan_priority =
299 (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT);
300 } else {
301 key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
302 VLAN_VID_MASK;
303 key_vlan->vlan_priority =
304 (ntohs(vlan->h_vlan_TCI) &
305 VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
306 }
307 }
308
309 goto again;
310 }
311 case htons(ETH_P_PPP_SES): {
312 struct {
313 struct pppoe_hdr hdr;
314 __be16 proto;
315 } *hdr, _hdr;
316 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
317 if (!hdr)
318 goto out_bad;
319 proto = hdr->proto;
320 nhoff += PPPOE_SES_HLEN;
321 switch (proto) {
322 case htons(PPP_IP):
323 goto ip;
324 case htons(PPP_IPV6):
325 goto ipv6;
326 default:
327 goto out_bad;
328 }
329 }
330 case htons(ETH_P_TIPC): {
331 struct {
332 __be32 pre[3];
333 __be32 srcnode;
334 } *hdr, _hdr;
335 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
336 if (!hdr)
337 goto out_bad;
338
339 if (dissector_uses_key(flow_dissector,
340 FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
341 key_addrs = skb_flow_dissector_target(flow_dissector,
342 FLOW_DISSECTOR_KEY_TIPC_ADDRS,
343 target_container);
344 key_addrs->tipcaddrs.srcnode = hdr->srcnode;
345 key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
346 }
347 goto out_good;
348 }
349
350 case htons(ETH_P_MPLS_UC):
351 case htons(ETH_P_MPLS_MC): {
352 struct mpls_label *hdr, _hdr[2];
353 mpls:
354 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
355 hlen, &_hdr);
356 if (!hdr)
357 goto out_bad;
358
359 if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >>
360 MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) {
361 if (dissector_uses_key(flow_dissector,
362 FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) {
363 key_keyid = skb_flow_dissector_target(flow_dissector,
364 FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
365 target_container);
366 key_keyid->keyid = hdr[1].entry &
367 htonl(MPLS_LS_LABEL_MASK);
368 }
369
370 goto out_good;
371 }
372
373 goto out_good;
374 }
375
376 case htons(ETH_P_FCOE):
377 if ((hlen - nhoff) < FCOE_HEADER_LEN)
378 goto out_bad;
379
380 nhoff += FCOE_HEADER_LEN;
381 goto out_good;
382 default:
383 goto out_bad;
384 }
385
386 ip_proto_again:
387 switch (ip_proto) {
388 case IPPROTO_GRE: {
389 struct gre_base_hdr *hdr, _hdr;
390 u16 gre_ver;
391 int offset = 0;
392
393 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
394 if (!hdr)
395 goto out_bad;
396
397 /* Only look inside GRE without routing */
398 if (hdr->flags & GRE_ROUTING)
399 break;
400
401 /* Only look inside GRE for version 0 and 1 */
402 gre_ver = ntohs(hdr->flags & GRE_VERSION);
403 if (gre_ver > 1)
404 break;
405
406 proto = hdr->protocol;
407 if (gre_ver) {
408 /* Version1 must be PPTP, and check the flags */
409 if (!(proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
410 break;
411 }
412
413 offset += sizeof(struct gre_base_hdr);
414
415 if (hdr->flags & GRE_CSUM)
416 offset += sizeof(((struct gre_full_hdr *)0)->csum) +
417 sizeof(((struct gre_full_hdr *)0)->reserved1);
418
419 if (hdr->flags & GRE_KEY) {
420 const __be32 *keyid;
421 __be32 _keyid;
422
423 keyid = __skb_header_pointer(skb, nhoff + offset, sizeof(_keyid),
424 data, hlen, &_keyid);
425 if (!keyid)
426 goto out_bad;
427
428 if (dissector_uses_key(flow_dissector,
429 FLOW_DISSECTOR_KEY_GRE_KEYID)) {
430 key_keyid = skb_flow_dissector_target(flow_dissector,
431 FLOW_DISSECTOR_KEY_GRE_KEYID,
432 target_container);
433 if (gre_ver == 0)
434 key_keyid->keyid = *keyid;
435 else
436 key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
437 }
438 offset += sizeof(((struct gre_full_hdr *)0)->key);
439 }
440
441 if (hdr->flags & GRE_SEQ)
442 offset += sizeof(((struct pptp_gre_header *)0)->seq);
443
444 if (gre_ver == 0) {
445 if (proto == htons(ETH_P_TEB)) {
446 const struct ethhdr *eth;
447 struct ethhdr _eth;
448
449 eth = __skb_header_pointer(skb, nhoff + offset,
450 sizeof(_eth),
451 data, hlen, &_eth);
452 if (!eth)
453 goto out_bad;
454 proto = eth->h_proto;
455 offset += sizeof(*eth);
456
457 /* Cap headers that we access via pointers at the
458 * end of the Ethernet header as our maximum alignment
459 * at that point is only 2 bytes.
460 */
461 if (NET_IP_ALIGN)
462 hlen = (nhoff + offset);
463 }
464 } else { /* version 1, must be PPTP */
465 u8 _ppp_hdr[PPP_HDRLEN];
466 u8 *ppp_hdr;
467
468 if (hdr->flags & GRE_ACK)
469 offset += sizeof(((struct pptp_gre_header *)0)->ack);
470
471 ppp_hdr = __skb_header_pointer(skb, nhoff + offset,
472 sizeof(_ppp_hdr),
473 data, hlen, _ppp_hdr);
474 if (!ppp_hdr)
475 goto out_bad;
476
477 switch (PPP_PROTOCOL(ppp_hdr)) {
478 case PPP_IP:
479 proto = htons(ETH_P_IP);
480 break;
481 case PPP_IPV6:
482 proto = htons(ETH_P_IPV6);
483 break;
484 default:
485 /* Could probably catch some more like MPLS */
486 break;
487 }
488
489 offset += PPP_HDRLEN;
490 }
491
492 nhoff += offset;
493 key_control->flags |= FLOW_DIS_ENCAPSULATION;
494 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
495 goto out_good;
496
497 goto again;
498 }
499 case NEXTHDR_HOP:
500 case NEXTHDR_ROUTING:
501 case NEXTHDR_DEST: {
502 u8 _opthdr[2], *opthdr;
503
504 if (proto != htons(ETH_P_IPV6))
505 break;
506
507 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
508 data, hlen, &_opthdr);
509 if (!opthdr)
510 goto out_bad;
511
512 ip_proto = opthdr[0];
513 nhoff += (opthdr[1] + 1) << 3;
514
515 goto ip_proto_again;
516 }
517 case NEXTHDR_FRAGMENT: {
518 struct frag_hdr _fh, *fh;
519
520 if (proto != htons(ETH_P_IPV6))
521 break;
522
523 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
524 data, hlen, &_fh);
525
526 if (!fh)
527 goto out_bad;
528
529 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
530
531 nhoff += sizeof(_fh);
532 ip_proto = fh->nexthdr;
533
534 if (!(fh->frag_off & htons(IP6_OFFSET))) {
535 key_control->flags |= FLOW_DIS_FIRST_FRAG;
536 if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
537 goto ip_proto_again;
538 }
539 goto out_good;
540 }
541 case IPPROTO_IPIP:
542 proto = htons(ETH_P_IP);
543
544 key_control->flags |= FLOW_DIS_ENCAPSULATION;
545 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
546 goto out_good;
547
548 goto ip;
549 case IPPROTO_IPV6:
550 proto = htons(ETH_P_IPV6);
551
552 key_control->flags |= FLOW_DIS_ENCAPSULATION;
553 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
554 goto out_good;
555
556 goto ipv6;
557 case IPPROTO_MPLS:
558 proto = htons(ETH_P_MPLS_UC);
559 goto mpls;
560 default:
561 break;
562 }
563
564 if (dissector_uses_key(flow_dissector,
565 FLOW_DISSECTOR_KEY_PORTS)) {
566 key_ports = skb_flow_dissector_target(flow_dissector,
567 FLOW_DISSECTOR_KEY_PORTS,
568 target_container);
569 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
570 data, hlen);
571 }
572
573 if (dissector_uses_key(flow_dissector,
574 FLOW_DISSECTOR_KEY_ICMP)) {
575 key_icmp = skb_flow_dissector_target(flow_dissector,
576 FLOW_DISSECTOR_KEY_ICMP,
577 target_container);
578 key_icmp->icmp = skb_flow_get_be16(skb, nhoff, data, hlen);
579 }
580
581 out_good:
582 ret = true;
583
584 key_control->thoff = (u16)nhoff;
585 out:
586 key_basic->n_proto = proto;
587 key_basic->ip_proto = ip_proto;
588
589 return ret;
590
591 out_bad:
592 ret = false;
593 key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
594 goto out;
595 }
596 EXPORT_SYMBOL(__skb_flow_dissect);
597
598 static u32 hashrnd __read_mostly;
599 static __always_inline void __flow_hash_secret_init(void)
600 {
601 net_get_random_once(&hashrnd, sizeof(hashrnd));
602 }
603
604 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,
605 u32 keyval)
606 {
607 return jhash2(words, length, keyval);
608 }
609
610 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)
611 {
612 const void *p = flow;
613
614 BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));
615 return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);
616 }
617
618 static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
619 {
620 size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
621 BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
622 BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=
623 sizeof(*flow) - sizeof(flow->addrs));
624
625 switch (flow->control.addr_type) {
626 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
627 diff -= sizeof(flow->addrs.v4addrs);
628 break;
629 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
630 diff -= sizeof(flow->addrs.v6addrs);
631 break;
632 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
633 diff -= sizeof(flow->addrs.tipcaddrs);
634 break;
635 }
636 return (sizeof(*flow) - diff) / sizeof(u32);
637 }
638
639 __be32 flow_get_u32_src(const struct flow_keys *flow)
640 {
641 switch (flow->control.addr_type) {
642 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
643 return flow->addrs.v4addrs.src;
644 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
645 return (__force __be32)ipv6_addr_hash(
646 &flow->addrs.v6addrs.src);
647 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
648 return flow->addrs.tipcaddrs.srcnode;
649 default:
650 return 0;
651 }
652 }
653 EXPORT_SYMBOL(flow_get_u32_src);
654
655 __be32 flow_get_u32_dst(const struct flow_keys *flow)
656 {
657 switch (flow->control.addr_type) {
658 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
659 return flow->addrs.v4addrs.dst;
660 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
661 return (__force __be32)ipv6_addr_hash(
662 &flow->addrs.v6addrs.dst);
663 default:
664 return 0;
665 }
666 }
667 EXPORT_SYMBOL(flow_get_u32_dst);
668
669 static inline void __flow_hash_consistentify(struct flow_keys *keys)
670 {
671 int addr_diff, i;
672
673 switch (keys->control.addr_type) {
674 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
675 addr_diff = (__force u32)keys->addrs.v4addrs.dst -
676 (__force u32)keys->addrs.v4addrs.src;
677 if ((addr_diff < 0) ||
678 (addr_diff == 0 &&
679 ((__force u16)keys->ports.dst <
680 (__force u16)keys->ports.src))) {
681 swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
682 swap(keys->ports.src, keys->ports.dst);
683 }
684 break;
685 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
686 addr_diff = memcmp(&keys->addrs.v6addrs.dst,
687 &keys->addrs.v6addrs.src,
688 sizeof(keys->addrs.v6addrs.dst));
689 if ((addr_diff < 0) ||
690 (addr_diff == 0 &&
691 ((__force u16)keys->ports.dst <
692 (__force u16)keys->ports.src))) {
693 for (i = 0; i < 4; i++)
694 swap(keys->addrs.v6addrs.src.s6_addr32[i],
695 keys->addrs.v6addrs.dst.s6_addr32[i]);
696 swap(keys->ports.src, keys->ports.dst);
697 }
698 break;
699 }
700 }
701
702 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
703 {
704 u32 hash;
705
706 __flow_hash_consistentify(keys);
707
708 hash = __flow_hash_words(flow_keys_hash_start(keys),
709 flow_keys_hash_length(keys), keyval);
710 if (!hash)
711 hash = 1;
712
713 return hash;
714 }
715
716 u32 flow_hash_from_keys(struct flow_keys *keys)
717 {
718 __flow_hash_secret_init();
719 return __flow_hash_from_keys(keys, hashrnd);
720 }
721 EXPORT_SYMBOL(flow_hash_from_keys);
722
723 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
724 struct flow_keys *keys, u32 keyval)
725 {
726 skb_flow_dissect_flow_keys(skb, keys,
727 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
728
729 return __flow_hash_from_keys(keys, keyval);
730 }
731
732 struct _flow_keys_digest_data {
733 __be16 n_proto;
734 u8 ip_proto;
735 u8 padding;
736 __be32 ports;
737 __be32 src;
738 __be32 dst;
739 };
740
741 void make_flow_keys_digest(struct flow_keys_digest *digest,
742 const struct flow_keys *flow)
743 {
744 struct _flow_keys_digest_data *data =
745 (struct _flow_keys_digest_data *)digest;
746
747 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
748
749 memset(digest, 0, sizeof(*digest));
750
751 data->n_proto = flow->basic.n_proto;
752 data->ip_proto = flow->basic.ip_proto;
753 data->ports = flow->ports.ports;
754 data->src = flow->addrs.v4addrs.src;
755 data->dst = flow->addrs.v4addrs.dst;
756 }
757 EXPORT_SYMBOL(make_flow_keys_digest);
758
759 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
760
761 u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
762 {
763 struct flow_keys keys;
764
765 __flow_hash_secret_init();
766
767 memset(&keys, 0, sizeof(keys));
768 __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
769 NULL, 0, 0, 0,
770 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
771
772 return __flow_hash_from_keys(&keys, hashrnd);
773 }
774 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
775
776 /**
777 * __skb_get_hash: calculate a flow hash
778 * @skb: sk_buff to calculate flow hash from
779 *
780 * This function calculates a flow hash based on src/dst addresses
781 * and src/dst port numbers. Sets hash in skb to non-zero hash value
782 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
783 * if hash is a canonical 4-tuple hash over transport ports.
784 */
785 void __skb_get_hash(struct sk_buff *skb)
786 {
787 struct flow_keys keys;
788 u32 hash;
789
790 __flow_hash_secret_init();
791
792 hash = ___skb_get_hash(skb, &keys, hashrnd);
793
794 __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
795 }
796 EXPORT_SYMBOL(__skb_get_hash);
797
798 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
799 {
800 struct flow_keys keys;
801
802 return ___skb_get_hash(skb, &keys, perturb);
803 }
804 EXPORT_SYMBOL(skb_get_hash_perturb);
805
806 __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6)
807 {
808 struct flow_keys keys;
809
810 memset(&keys, 0, sizeof(keys));
811
812 memcpy(&keys.addrs.v6addrs.src, &fl6->saddr,
813 sizeof(keys.addrs.v6addrs.src));
814 memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr,
815 sizeof(keys.addrs.v6addrs.dst));
816 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
817 keys.ports.src = fl6->fl6_sport;
818 keys.ports.dst = fl6->fl6_dport;
819 keys.keyid.keyid = fl6->fl6_gre_key;
820 keys.tags.flow_label = (__force u32)fl6->flowlabel;
821 keys.basic.ip_proto = fl6->flowi6_proto;
822
823 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
824 flow_keys_have_l4(&keys));
825
826 return skb->hash;
827 }
828 EXPORT_SYMBOL(__skb_get_hash_flowi6);
829
830 __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4)
831 {
832 struct flow_keys keys;
833
834 memset(&keys, 0, sizeof(keys));
835
836 keys.addrs.v4addrs.src = fl4->saddr;
837 keys.addrs.v4addrs.dst = fl4->daddr;
838 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
839 keys.ports.src = fl4->fl4_sport;
840 keys.ports.dst = fl4->fl4_dport;
841 keys.keyid.keyid = fl4->fl4_gre_key;
842 keys.basic.ip_proto = fl4->flowi4_proto;
843
844 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
845 flow_keys_have_l4(&keys));
846
847 return skb->hash;
848 }
849 EXPORT_SYMBOL(__skb_get_hash_flowi4);
850
851 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
852 const struct flow_keys *keys, int hlen)
853 {
854 u32 poff = keys->control.thoff;
855
856 /* skip L4 headers for fragments after the first */
857 if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
858 !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
859 return poff;
860
861 switch (keys->basic.ip_proto) {
862 case IPPROTO_TCP: {
863 /* access doff as u8 to avoid unaligned access */
864 const u8 *doff;
865 u8 _doff;
866
867 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
868 data, hlen, &_doff);
869 if (!doff)
870 return poff;
871
872 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
873 break;
874 }
875 case IPPROTO_UDP:
876 case IPPROTO_UDPLITE:
877 poff += sizeof(struct udphdr);
878 break;
879 /* For the rest, we do not really care about header
880 * extensions at this point for now.
881 */
882 case IPPROTO_ICMP:
883 poff += sizeof(struct icmphdr);
884 break;
885 case IPPROTO_ICMPV6:
886 poff += sizeof(struct icmp6hdr);
887 break;
888 case IPPROTO_IGMP:
889 poff += sizeof(struct igmphdr);
890 break;
891 case IPPROTO_DCCP:
892 poff += sizeof(struct dccp_hdr);
893 break;
894 case IPPROTO_SCTP:
895 poff += sizeof(struct sctphdr);
896 break;
897 }
898
899 return poff;
900 }
901
902 /**
903 * skb_get_poff - get the offset to the payload
904 * @skb: sk_buff to get the payload offset from
905 *
906 * The function will get the offset to the payload as far as it could
907 * be dissected. The main user is currently BPF, so that we can dynamically
908 * truncate packets without needing to push actual payload to the user
909 * space and can analyze headers only, instead.
910 */
911 u32 skb_get_poff(const struct sk_buff *skb)
912 {
913 struct flow_keys keys;
914
915 if (!skb_flow_dissect_flow_keys(skb, &keys, 0))
916 return 0;
917
918 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
919 }
920
921 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
922 {
923 memset(keys, 0, sizeof(*keys));
924
925 memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
926 sizeof(keys->addrs.v6addrs.src));
927 memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
928 sizeof(keys->addrs.v6addrs.dst));
929 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
930 keys->ports.src = fl6->fl6_sport;
931 keys->ports.dst = fl6->fl6_dport;
932 keys->keyid.keyid = fl6->fl6_gre_key;
933 keys->tags.flow_label = (__force u32)fl6->flowlabel;
934 keys->basic.ip_proto = fl6->flowi6_proto;
935
936 return flow_hash_from_keys(keys);
937 }
938 EXPORT_SYMBOL(__get_hash_from_flowi6);
939
940 __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys)
941 {
942 memset(keys, 0, sizeof(*keys));
943
944 keys->addrs.v4addrs.src = fl4->saddr;
945 keys->addrs.v4addrs.dst = fl4->daddr;
946 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
947 keys->ports.src = fl4->fl4_sport;
948 keys->ports.dst = fl4->fl4_dport;
949 keys->keyid.keyid = fl4->fl4_gre_key;
950 keys->basic.ip_proto = fl4->flowi4_proto;
951
952 return flow_hash_from_keys(keys);
953 }
954 EXPORT_SYMBOL(__get_hash_from_flowi4);
955
956 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
957 {
958 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
959 .offset = offsetof(struct flow_keys, control),
960 },
961 {
962 .key_id = FLOW_DISSECTOR_KEY_BASIC,
963 .offset = offsetof(struct flow_keys, basic),
964 },
965 {
966 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
967 .offset = offsetof(struct flow_keys, addrs.v4addrs),
968 },
969 {
970 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
971 .offset = offsetof(struct flow_keys, addrs.v6addrs),
972 },
973 {
974 .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
975 .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
976 },
977 {
978 .key_id = FLOW_DISSECTOR_KEY_PORTS,
979 .offset = offsetof(struct flow_keys, ports),
980 },
981 {
982 .key_id = FLOW_DISSECTOR_KEY_VLAN,
983 .offset = offsetof(struct flow_keys, vlan),
984 },
985 {
986 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
987 .offset = offsetof(struct flow_keys, tags),
988 },
989 {
990 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
991 .offset = offsetof(struct flow_keys, keyid),
992 },
993 };
994
995 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
996 {
997 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
998 .offset = offsetof(struct flow_keys, control),
999 },
1000 {
1001 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1002 .offset = offsetof(struct flow_keys, basic),
1003 },
1004 {
1005 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1006 .offset = offsetof(struct flow_keys, addrs.v4addrs),
1007 },
1008 {
1009 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1010 .offset = offsetof(struct flow_keys, addrs.v6addrs),
1011 },
1012 {
1013 .key_id = FLOW_DISSECTOR_KEY_PORTS,
1014 .offset = offsetof(struct flow_keys, ports),
1015 },
1016 };
1017
1018 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
1019 {
1020 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1021 .offset = offsetof(struct flow_keys, control),
1022 },
1023 {
1024 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1025 .offset = offsetof(struct flow_keys, basic),
1026 },
1027 };
1028
1029 struct flow_dissector flow_keys_dissector __read_mostly;
1030 EXPORT_SYMBOL(flow_keys_dissector);
1031
1032 struct flow_dissector flow_keys_buf_dissector __read_mostly;
1033
1034 static int __init init_default_flow_dissectors(void)
1035 {
1036 skb_flow_dissector_init(&flow_keys_dissector,
1037 flow_keys_dissector_keys,
1038 ARRAY_SIZE(flow_keys_dissector_keys));
1039 skb_flow_dissector_init(&flow_keys_dissector_symmetric,
1040 flow_keys_dissector_symmetric_keys,
1041 ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
1042 skb_flow_dissector_init(&flow_keys_buf_dissector,
1043 flow_keys_buf_dissector_keys,
1044 ARRAY_SIZE(flow_keys_buf_dissector_keys));
1045 return 0;
1046 }
1047
1048 core_initcall(init_default_flow_dissectors);
ubuntu-zesty-kernel mirror