]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/core/flow_dissector.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'openrisc-for-linus' of git://github.com/openrisc/linux
[mirror_ubuntu-artful-kernel.git] / net / core / flow_dissector.c
1 #include <linux/kernel.h>
2 #include <linux/skbuff.h>
3 #include <linux/export.h>
4 #include <linux/ip.h>
5 #include <linux/ipv6.h>
6 #include <linux/if_vlan.h>
7 #include <net/ip.h>
8 #include <net/ipv6.h>
9 #include <net/gre.h>
10 #include <net/pptp.h>
11 #include <linux/igmp.h>
12 #include <linux/icmp.h>
13 #include <linux/sctp.h>
14 #include <linux/dccp.h>
15 #include <linux/if_tunnel.h>
16 #include <linux/if_pppox.h>
17 #include <linux/ppp_defs.h>
18 #include <linux/stddef.h>
19 #include <linux/if_ether.h>
20 #include <linux/mpls.h>
21 #include <net/flow_dissector.h>
22 #include <scsi/fc/fc_fcoe.h>
23
24 static void dissector_set_key(struct flow_dissector *flow_dissector,
25 enum flow_dissector_key_id key_id)
26 {
27 flow_dissector->used_keys |= (1 << key_id);
28 }
29
30 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
31 const struct flow_dissector_key *key,
32 unsigned int key_count)
33 {
34 unsigned int i;
35
36 memset(flow_dissector, 0, sizeof(*flow_dissector));
37
38 for (i = 0; i < key_count; i++, key++) {
39 /* User should make sure that every key target offset is withing
40 * boundaries of unsigned short.
41 */
42 BUG_ON(key->offset > USHRT_MAX);
43 BUG_ON(dissector_uses_key(flow_dissector,
44 key->key_id));
45
46 dissector_set_key(flow_dissector, key->key_id);
47 flow_dissector->offset[key->key_id] = key->offset;
48 }
49
50 /* Ensure that the dissector always includes control and basic key.
51 * That way we are able to avoid handling lack of these in fast path.
52 */
53 BUG_ON(!dissector_uses_key(flow_dissector,
54 FLOW_DISSECTOR_KEY_CONTROL));
55 BUG_ON(!dissector_uses_key(flow_dissector,
56 FLOW_DISSECTOR_KEY_BASIC));
57 }
58 EXPORT_SYMBOL(skb_flow_dissector_init);
59
60 /**
61 * skb_flow_get_be16 - extract be16 entity
62 * @skb: sk_buff to extract from
63 * @poff: offset to extract at
64 * @data: raw buffer pointer to the packet
65 * @hlen: packet header length
66 *
67 * The function will try to retrieve a be32 entity at
68 * offset poff
69 */
70 __be16 skb_flow_get_be16(const struct sk_buff *skb, int poff, void *data,
71 int hlen)
72 {
73 __be16 *u, _u;
74
75 u = __skb_header_pointer(skb, poff, sizeof(_u), data, hlen, &_u);
76 if (u)
77 return *u;
78
79 return 0;
80 }
81
82 /**
83 * __skb_flow_get_ports - extract the upper layer ports and return them
84 * @skb: sk_buff to extract the ports from
85 * @thoff: transport header offset
86 * @ip_proto: protocol for which to get port offset
87 * @data: raw buffer pointer to the packet, if NULL use skb->data
88 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
89 *
90 * The function will try to retrieve the ports at offset thoff + poff where poff
91 * is the protocol port offset returned from proto_ports_offset
92 */
93 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
94 void *data, int hlen)
95 {
96 int poff = proto_ports_offset(ip_proto);
97
98 if (!data) {
99 data = skb->data;
100 hlen = skb_headlen(skb);
101 }
102
103 if (poff >= 0) {
104 __be32 *ports, _ports;
105
106 ports = __skb_header_pointer(skb, thoff + poff,
107 sizeof(_ports), data, hlen, &_ports);
108 if (ports)
109 return *ports;
110 }
111
112 return 0;
113 }
114 EXPORT_SYMBOL(__skb_flow_get_ports);
115
116 /**
117 * __skb_flow_dissect - extract the flow_keys struct and return it
118 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
119 * @flow_dissector: list of keys to dissect
120 * @target_container: target structure to put dissected values into
121 * @data: raw buffer pointer to the packet, if NULL use skb->data
122 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
123 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
124 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
125 *
126 * The function will try to retrieve individual keys into target specified
127 * by flow_dissector from either the skbuff or a raw buffer specified by the
128 * rest parameters.
129 *
130 * Caller must take care of zeroing target container memory.
131 */
132 bool __skb_flow_dissect(const struct sk_buff *skb,
133 struct flow_dissector *flow_dissector,
134 void *target_container,
135 void *data, __be16 proto, int nhoff, int hlen,
136 unsigned int flags)
137 {
138 struct flow_dissector_key_control *key_control;
139 struct flow_dissector_key_basic *key_basic;
140 struct flow_dissector_key_addrs *key_addrs;
141 struct flow_dissector_key_ports *key_ports;
142 struct flow_dissector_key_icmp *key_icmp;
143 struct flow_dissector_key_tags *key_tags;
144 struct flow_dissector_key_vlan *key_vlan;
145 struct flow_dissector_key_keyid *key_keyid;
146 bool skip_vlan = false;
147 u8 ip_proto = 0;
148 bool ret;
149
150 if (!data) {
151 data = skb->data;
152 proto = skb_vlan_tag_present(skb) ?
153 skb->vlan_proto : skb->protocol;
154 nhoff = skb_network_offset(skb);
155 hlen = skb_headlen(skb);
156 }
157
158 /* It is ensured by skb_flow_dissector_init() that control key will
159 * be always present.
160 */
161 key_control = skb_flow_dissector_target(flow_dissector,
162 FLOW_DISSECTOR_KEY_CONTROL,
163 target_container);
164
165 /* It is ensured by skb_flow_dissector_init() that basic key will
166 * be always present.
167 */
168 key_basic = skb_flow_dissector_target(flow_dissector,
169 FLOW_DISSECTOR_KEY_BASIC,
170 target_container);
171
172 if (dissector_uses_key(flow_dissector,
173 FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
174 struct ethhdr *eth = eth_hdr(skb);
175 struct flow_dissector_key_eth_addrs *key_eth_addrs;
176
177 key_eth_addrs = skb_flow_dissector_target(flow_dissector,
178 FLOW_DISSECTOR_KEY_ETH_ADDRS,
179 target_container);
180 memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
181 }
182
183 again:
184 switch (proto) {
185 case htons(ETH_P_IP): {
186 const struct iphdr *iph;
187 struct iphdr _iph;
188 ip:
189 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
190 if (!iph || iph->ihl < 5)
191 goto out_bad;
192 nhoff += iph->ihl * 4;
193
194 ip_proto = iph->protocol;
195
196 if (dissector_uses_key(flow_dissector,
197 FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
198 key_addrs = skb_flow_dissector_target(flow_dissector,
199 FLOW_DISSECTOR_KEY_IPV4_ADDRS,
200 target_container);
201
202 memcpy(&key_addrs->v4addrs, &iph->saddr,
203 sizeof(key_addrs->v4addrs));
204 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
205 }
206
207 if (ip_is_fragment(iph)) {
208 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
209
210 if (iph->frag_off & htons(IP_OFFSET)) {
211 goto out_good;
212 } else {
213 key_control->flags |= FLOW_DIS_FIRST_FRAG;
214 if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
215 goto out_good;
216 }
217 }
218
219 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
220 goto out_good;
221
222 break;
223 }
224 case htons(ETH_P_IPV6): {
225 const struct ipv6hdr *iph;
226 struct ipv6hdr _iph;
227
228 ipv6:
229 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
230 if (!iph)
231 goto out_bad;
232
233 ip_proto = iph->nexthdr;
234 nhoff += sizeof(struct ipv6hdr);
235
236 if (dissector_uses_key(flow_dissector,
237 FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
238 key_addrs = skb_flow_dissector_target(flow_dissector,
239 FLOW_DISSECTOR_KEY_IPV6_ADDRS,
240 target_container);
241
242 memcpy(&key_addrs->v6addrs, &iph->saddr,
243 sizeof(key_addrs->v6addrs));
244 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
245 }
246
247 if ((dissector_uses_key(flow_dissector,
248 FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
249 (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
250 ip6_flowlabel(iph)) {
251 __be32 flow_label = ip6_flowlabel(iph);
252
253 if (dissector_uses_key(flow_dissector,
254 FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
255 key_tags = skb_flow_dissector_target(flow_dissector,
256 FLOW_DISSECTOR_KEY_FLOW_LABEL,
257 target_container);
258 key_tags->flow_label = ntohl(flow_label);
259 }
260 if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
261 goto out_good;
262 }
263
264 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
265 goto out_good;
266
267 break;
268 }
269 case htons(ETH_P_8021AD):
270 case htons(ETH_P_8021Q): {
271 const struct vlan_hdr *vlan;
272 struct vlan_hdr _vlan;
273 bool vlan_tag_present = skb && skb_vlan_tag_present(skb);
274
275 if (vlan_tag_present)
276 proto = skb->protocol;
277
278 if (!vlan_tag_present || eth_type_vlan(skb->protocol)) {
279 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
280 data, hlen, &_vlan);
281 if (!vlan)
282 goto out_bad;
283 proto = vlan->h_vlan_encapsulated_proto;
284 nhoff += sizeof(*vlan);
285 if (skip_vlan)
286 goto again;
287 }
288
289 skip_vlan = true;
290 if (dissector_uses_key(flow_dissector,
291 FLOW_DISSECTOR_KEY_VLAN)) {
292 key_vlan = skb_flow_dissector_target(flow_dissector,
293 FLOW_DISSECTOR_KEY_VLAN,
294 target_container);
295
296 if (vlan_tag_present) {
297 key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
298 key_vlan->vlan_priority =
299 (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT);
300 } else {
301 key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
302 VLAN_VID_MASK;
303 key_vlan->vlan_priority =
304 (ntohs(vlan->h_vlan_TCI) &
305 VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
306 }
307 }
308
309 goto again;
310 }
311 case htons(ETH_P_PPP_SES): {
312 struct {
313 struct pppoe_hdr hdr;
314 __be16 proto;
315 } *hdr, _hdr;
316 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
317 if (!hdr)
318 goto out_bad;
319 proto = hdr->proto;
320 nhoff += PPPOE_SES_HLEN;
321 switch (proto) {
322 case htons(PPP_IP):
323 goto ip;
324 case htons(PPP_IPV6):
325 goto ipv6;
326 default:
327 goto out_bad;
328 }
329 }
330 case htons(ETH_P_TIPC): {
331 struct {
332 __be32 pre[3];
333 __be32 srcnode;
334 } *hdr, _hdr;
335 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
336 if (!hdr)
337 goto out_bad;
338
339 if (dissector_uses_key(flow_dissector,
340 FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
341 key_addrs = skb_flow_dissector_target(flow_dissector,
342 FLOW_DISSECTOR_KEY_TIPC_ADDRS,
343 target_container);
344 key_addrs->tipcaddrs.srcnode = hdr->srcnode;
345 key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
346 }
347 goto out_good;
348 }
349
350 case htons(ETH_P_MPLS_UC):
351 case htons(ETH_P_MPLS_MC): {
352 struct mpls_label *hdr, _hdr[2];
353 mpls:
354 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
355 hlen, &_hdr);
356 if (!hdr)
357 goto out_bad;
358
359 if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >>
360 MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) {
361 if (dissector_uses_key(flow_dissector,
362 FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) {
363 key_keyid = skb_flow_dissector_target(flow_dissector,
364 FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
365 target_container);
366 key_keyid->keyid = hdr[1].entry &
367 htonl(MPLS_LS_LABEL_MASK);
368 }
369
370 goto out_good;
371 }
372
373 goto out_good;
374 }
375
376 case htons(ETH_P_FCOE):
377 if ((hlen - nhoff) < FCOE_HEADER_LEN)
378 goto out_bad;
379
380 nhoff += FCOE_HEADER_LEN;
381 goto out_good;
382 default:
383 goto out_bad;
384 }
385
386 ip_proto_again:
387 switch (ip_proto) {
388 case IPPROTO_GRE: {
389 struct gre_base_hdr *hdr, _hdr;
390 u16 gre_ver;
391 int offset = 0;
392
393 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
394 if (!hdr)
395 goto out_bad;
396
397 /* Only look inside GRE without routing */
398 if (hdr->flags & GRE_ROUTING)
399 break;
400
401 /* Only look inside GRE for version 0 and 1 */
402 gre_ver = ntohs(hdr->flags & GRE_VERSION);
403 if (gre_ver > 1)
404 break;
405
406 proto = hdr->protocol;
407 if (gre_ver) {
408 /* Version1 must be PPTP, and check the flags */
409 if (!(proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
410 break;
411 }
412
413 offset += sizeof(struct gre_base_hdr);
414
415 if (hdr->flags & GRE_CSUM)
416 offset += sizeof(((struct gre_full_hdr *)0)->csum) +
417 sizeof(((struct gre_full_hdr *)0)->reserved1);
418
419 if (hdr->flags & GRE_KEY) {
420 const __be32 *keyid;
421 __be32 _keyid;
422
423 keyid = __skb_header_pointer(skb, nhoff + offset, sizeof(_keyid),
424 data, hlen, &_keyid);
425 if (!keyid)
426 goto out_bad;
427
428 if (dissector_uses_key(flow_dissector,
429 FLOW_DISSECTOR_KEY_GRE_KEYID)) {
430 key_keyid = skb_flow_dissector_target(flow_dissector,
431 FLOW_DISSECTOR_KEY_GRE_KEYID,
432 target_container);
433 if (gre_ver == 0)
434 key_keyid->keyid = *keyid;
435 else
436 key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
437 }
438 offset += sizeof(((struct gre_full_hdr *)0)->key);
439 }
440
441 if (hdr->flags & GRE_SEQ)
442 offset += sizeof(((struct pptp_gre_header *)0)->seq);
443
444 if (gre_ver == 0) {
445 if (proto == htons(ETH_P_TEB)) {
446 const struct ethhdr *eth;
447 struct ethhdr _eth;
448
449 eth = __skb_header_pointer(skb, nhoff + offset,
450 sizeof(_eth),
451 data, hlen, &_eth);
452 if (!eth)
453 goto out_bad;
454 proto = eth->h_proto;
455 offset += sizeof(*eth);
456
457 /* Cap headers that we access via pointers at the
458 * end of the Ethernet header as our maximum alignment
459 * at that point is only 2 bytes.
460 */
461 if (NET_IP_ALIGN)
462 hlen = (nhoff + offset);
463 }
464 } else { /* version 1, must be PPTP */
465 u8 _ppp_hdr[PPP_HDRLEN];
466 u8 *ppp_hdr;
467
468 if (hdr->flags & GRE_ACK)
469 offset += sizeof(((struct pptp_gre_header *)0)->ack);
470
471 ppp_hdr = skb_header_pointer(skb, nhoff + offset,
472 sizeof(_ppp_hdr), _ppp_hdr);
473 if (!ppp_hdr)
474 goto out_bad;
475
476 switch (PPP_PROTOCOL(ppp_hdr)) {
477 case PPP_IP:
478 proto = htons(ETH_P_IP);
479 break;
480 case PPP_IPV6:
481 proto = htons(ETH_P_IPV6);
482 break;
483 default:
484 /* Could probably catch some more like MPLS */
485 break;
486 }
487
488 offset += PPP_HDRLEN;
489 }
490
491 nhoff += offset;
492 key_control->flags |= FLOW_DIS_ENCAPSULATION;
493 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
494 goto out_good;
495
496 goto again;
497 }
498 case NEXTHDR_HOP:
499 case NEXTHDR_ROUTING:
500 case NEXTHDR_DEST: {
501 u8 _opthdr[2], *opthdr;
502
503 if (proto != htons(ETH_P_IPV6))
504 break;
505
506 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
507 data, hlen, &_opthdr);
508 if (!opthdr)
509 goto out_bad;
510
511 ip_proto = opthdr[0];
512 nhoff += (opthdr[1] + 1) << 3;
513
514 goto ip_proto_again;
515 }
516 case NEXTHDR_FRAGMENT: {
517 struct frag_hdr _fh, *fh;
518
519 if (proto != htons(ETH_P_IPV6))
520 break;
521
522 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
523 data, hlen, &_fh);
524
525 if (!fh)
526 goto out_bad;
527
528 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
529
530 nhoff += sizeof(_fh);
531 ip_proto = fh->nexthdr;
532
533 if (!(fh->frag_off & htons(IP6_OFFSET))) {
534 key_control->flags |= FLOW_DIS_FIRST_FRAG;
535 if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
536 goto ip_proto_again;
537 }
538 goto out_good;
539 }
540 case IPPROTO_IPIP:
541 proto = htons(ETH_P_IP);
542
543 key_control->flags |= FLOW_DIS_ENCAPSULATION;
544 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
545 goto out_good;
546
547 goto ip;
548 case IPPROTO_IPV6:
549 proto = htons(ETH_P_IPV6);
550
551 key_control->flags |= FLOW_DIS_ENCAPSULATION;
552 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
553 goto out_good;
554
555 goto ipv6;
556 case IPPROTO_MPLS:
557 proto = htons(ETH_P_MPLS_UC);
558 goto mpls;
559 default:
560 break;
561 }
562
563 if (dissector_uses_key(flow_dissector,
564 FLOW_DISSECTOR_KEY_PORTS)) {
565 key_ports = skb_flow_dissector_target(flow_dissector,
566 FLOW_DISSECTOR_KEY_PORTS,
567 target_container);
568 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
569 data, hlen);
570 }
571
572 if (dissector_uses_key(flow_dissector,
573 FLOW_DISSECTOR_KEY_ICMP)) {
574 key_icmp = skb_flow_dissector_target(flow_dissector,
575 FLOW_DISSECTOR_KEY_ICMP,
576 target_container);
577 key_icmp->icmp = skb_flow_get_be16(skb, nhoff, data, hlen);
578 }
579
580 out_good:
581 ret = true;
582
583 key_control->thoff = (u16)nhoff;
584 out:
585 key_basic->n_proto = proto;
586 key_basic->ip_proto = ip_proto;
587
588 return ret;
589
590 out_bad:
591 ret = false;
592 key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
593 goto out;
594 }
595 EXPORT_SYMBOL(__skb_flow_dissect);
596
597 static u32 hashrnd __read_mostly;
598 static __always_inline void __flow_hash_secret_init(void)
599 {
600 net_get_random_once(&hashrnd, sizeof(hashrnd));
601 }
602
603 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,
604 u32 keyval)
605 {
606 return jhash2(words, length, keyval);
607 }
608
609 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)
610 {
611 const void *p = flow;
612
613 BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));
614 return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);
615 }
616
617 static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
618 {
619 size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
620 BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
621 BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=
622 sizeof(*flow) - sizeof(flow->addrs));
623
624 switch (flow->control.addr_type) {
625 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
626 diff -= sizeof(flow->addrs.v4addrs);
627 break;
628 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
629 diff -= sizeof(flow->addrs.v6addrs);
630 break;
631 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
632 diff -= sizeof(flow->addrs.tipcaddrs);
633 break;
634 }
635 return (sizeof(*flow) - diff) / sizeof(u32);
636 }
637
638 __be32 flow_get_u32_src(const struct flow_keys *flow)
639 {
640 switch (flow->control.addr_type) {
641 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
642 return flow->addrs.v4addrs.src;
643 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
644 return (__force __be32)ipv6_addr_hash(
645 &flow->addrs.v6addrs.src);
646 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
647 return flow->addrs.tipcaddrs.srcnode;
648 default:
649 return 0;
650 }
651 }
652 EXPORT_SYMBOL(flow_get_u32_src);
653
654 __be32 flow_get_u32_dst(const struct flow_keys *flow)
655 {
656 switch (flow->control.addr_type) {
657 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
658 return flow->addrs.v4addrs.dst;
659 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
660 return (__force __be32)ipv6_addr_hash(
661 &flow->addrs.v6addrs.dst);
662 default:
663 return 0;
664 }
665 }
666 EXPORT_SYMBOL(flow_get_u32_dst);
667
668 static inline void __flow_hash_consistentify(struct flow_keys *keys)
669 {
670 int addr_diff, i;
671
672 switch (keys->control.addr_type) {
673 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
674 addr_diff = (__force u32)keys->addrs.v4addrs.dst -
675 (__force u32)keys->addrs.v4addrs.src;
676 if ((addr_diff < 0) ||
677 (addr_diff == 0 &&
678 ((__force u16)keys->ports.dst <
679 (__force u16)keys->ports.src))) {
680 swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
681 swap(keys->ports.src, keys->ports.dst);
682 }
683 break;
684 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
685 addr_diff = memcmp(&keys->addrs.v6addrs.dst,
686 &keys->addrs.v6addrs.src,
687 sizeof(keys->addrs.v6addrs.dst));
688 if ((addr_diff < 0) ||
689 (addr_diff == 0 &&
690 ((__force u16)keys->ports.dst <
691 (__force u16)keys->ports.src))) {
692 for (i = 0; i < 4; i++)
693 swap(keys->addrs.v6addrs.src.s6_addr32[i],
694 keys->addrs.v6addrs.dst.s6_addr32[i]);
695 swap(keys->ports.src, keys->ports.dst);
696 }
697 break;
698 }
699 }
700
701 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
702 {
703 u32 hash;
704
705 __flow_hash_consistentify(keys);
706
707 hash = __flow_hash_words(flow_keys_hash_start(keys),
708 flow_keys_hash_length(keys), keyval);
709 if (!hash)
710 hash = 1;
711
712 return hash;
713 }
714
715 u32 flow_hash_from_keys(struct flow_keys *keys)
716 {
717 __flow_hash_secret_init();
718 return __flow_hash_from_keys(keys, hashrnd);
719 }
720 EXPORT_SYMBOL(flow_hash_from_keys);
721
722 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
723 struct flow_keys *keys, u32 keyval)
724 {
725 skb_flow_dissect_flow_keys(skb, keys,
726 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
727
728 return __flow_hash_from_keys(keys, keyval);
729 }
730
731 struct _flow_keys_digest_data {
732 __be16 n_proto;
733 u8 ip_proto;
734 u8 padding;
735 __be32 ports;
736 __be32 src;
737 __be32 dst;
738 };
739
740 void make_flow_keys_digest(struct flow_keys_digest *digest,
741 const struct flow_keys *flow)
742 {
743 struct _flow_keys_digest_data *data =
744 (struct _flow_keys_digest_data *)digest;
745
746 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
747
748 memset(digest, 0, sizeof(*digest));
749
750 data->n_proto = flow->basic.n_proto;
751 data->ip_proto = flow->basic.ip_proto;
752 data->ports = flow->ports.ports;
753 data->src = flow->addrs.v4addrs.src;
754 data->dst = flow->addrs.v4addrs.dst;
755 }
756 EXPORT_SYMBOL(make_flow_keys_digest);
757
758 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
759
760 u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
761 {
762 struct flow_keys keys;
763
764 __flow_hash_secret_init();
765
766 memset(&keys, 0, sizeof(keys));
767 __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
768 NULL, 0, 0, 0,
769 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
770
771 return __flow_hash_from_keys(&keys, hashrnd);
772 }
773 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
774
775 /**
776 * __skb_get_hash: calculate a flow hash
777 * @skb: sk_buff to calculate flow hash from
778 *
779 * This function calculates a flow hash based on src/dst addresses
780 * and src/dst port numbers. Sets hash in skb to non-zero hash value
781 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
782 * if hash is a canonical 4-tuple hash over transport ports.
783 */
784 void __skb_get_hash(struct sk_buff *skb)
785 {
786 struct flow_keys keys;
787 u32 hash;
788
789 __flow_hash_secret_init();
790
791 hash = ___skb_get_hash(skb, &keys, hashrnd);
792
793 __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
794 }
795 EXPORT_SYMBOL(__skb_get_hash);
796
797 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
798 {
799 struct flow_keys keys;
800
801 return ___skb_get_hash(skb, &keys, perturb);
802 }
803 EXPORT_SYMBOL(skb_get_hash_perturb);
804
805 __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6)
806 {
807 struct flow_keys keys;
808
809 memset(&keys, 0, sizeof(keys));
810
811 memcpy(&keys.addrs.v6addrs.src, &fl6->saddr,
812 sizeof(keys.addrs.v6addrs.src));
813 memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr,
814 sizeof(keys.addrs.v6addrs.dst));
815 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
816 keys.ports.src = fl6->fl6_sport;
817 keys.ports.dst = fl6->fl6_dport;
818 keys.keyid.keyid = fl6->fl6_gre_key;
819 keys.tags.flow_label = (__force u32)fl6->flowlabel;
820 keys.basic.ip_proto = fl6->flowi6_proto;
821
822 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
823 flow_keys_have_l4(&keys));
824
825 return skb->hash;
826 }
827 EXPORT_SYMBOL(__skb_get_hash_flowi6);
828
829 __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4)
830 {
831 struct flow_keys keys;
832
833 memset(&keys, 0, sizeof(keys));
834
835 keys.addrs.v4addrs.src = fl4->saddr;
836 keys.addrs.v4addrs.dst = fl4->daddr;
837 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
838 keys.ports.src = fl4->fl4_sport;
839 keys.ports.dst = fl4->fl4_dport;
840 keys.keyid.keyid = fl4->fl4_gre_key;
841 keys.basic.ip_proto = fl4->flowi4_proto;
842
843 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
844 flow_keys_have_l4(&keys));
845
846 return skb->hash;
847 }
848 EXPORT_SYMBOL(__skb_get_hash_flowi4);
849
850 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
851 const struct flow_keys *keys, int hlen)
852 {
853 u32 poff = keys->control.thoff;
854
855 /* skip L4 headers for fragments after the first */
856 if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
857 !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
858 return poff;
859
860 switch (keys->basic.ip_proto) {
861 case IPPROTO_TCP: {
862 /* access doff as u8 to avoid unaligned access */
863 const u8 *doff;
864 u8 _doff;
865
866 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
867 data, hlen, &_doff);
868 if (!doff)
869 return poff;
870
871 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
872 break;
873 }
874 case IPPROTO_UDP:
875 case IPPROTO_UDPLITE:
876 poff += sizeof(struct udphdr);
877 break;
878 /* For the rest, we do not really care about header
879 * extensions at this point for now.
880 */
881 case IPPROTO_ICMP:
882 poff += sizeof(struct icmphdr);
883 break;
884 case IPPROTO_ICMPV6:
885 poff += sizeof(struct icmp6hdr);
886 break;
887 case IPPROTO_IGMP:
888 poff += sizeof(struct igmphdr);
889 break;
890 case IPPROTO_DCCP:
891 poff += sizeof(struct dccp_hdr);
892 break;
893 case IPPROTO_SCTP:
894 poff += sizeof(struct sctphdr);
895 break;
896 }
897
898 return poff;
899 }
900
901 /**
902 * skb_get_poff - get the offset to the payload
903 * @skb: sk_buff to get the payload offset from
904 *
905 * The function will get the offset to the payload as far as it could
906 * be dissected. The main user is currently BPF, so that we can dynamically
907 * truncate packets without needing to push actual payload to the user
908 * space and can analyze headers only, instead.
909 */
910 u32 skb_get_poff(const struct sk_buff *skb)
911 {
912 struct flow_keys keys;
913
914 if (!skb_flow_dissect_flow_keys(skb, &keys, 0))
915 return 0;
916
917 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
918 }
919
920 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
921 {
922 memset(keys, 0, sizeof(*keys));
923
924 memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
925 sizeof(keys->addrs.v6addrs.src));
926 memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
927 sizeof(keys->addrs.v6addrs.dst));
928 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
929 keys->ports.src = fl6->fl6_sport;
930 keys->ports.dst = fl6->fl6_dport;
931 keys->keyid.keyid = fl6->fl6_gre_key;
932 keys->tags.flow_label = (__force u32)fl6->flowlabel;
933 keys->basic.ip_proto = fl6->flowi6_proto;
934
935 return flow_hash_from_keys(keys);
936 }
937 EXPORT_SYMBOL(__get_hash_from_flowi6);
938
939 __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys)
940 {
941 memset(keys, 0, sizeof(*keys));
942
943 keys->addrs.v4addrs.src = fl4->saddr;
944 keys->addrs.v4addrs.dst = fl4->daddr;
945 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
946 keys->ports.src = fl4->fl4_sport;
947 keys->ports.dst = fl4->fl4_dport;
948 keys->keyid.keyid = fl4->fl4_gre_key;
949 keys->basic.ip_proto = fl4->flowi4_proto;
950
951 return flow_hash_from_keys(keys);
952 }
953 EXPORT_SYMBOL(__get_hash_from_flowi4);
954
955 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
956 {
957 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
958 .offset = offsetof(struct flow_keys, control),
959 },
960 {
961 .key_id = FLOW_DISSECTOR_KEY_BASIC,
962 .offset = offsetof(struct flow_keys, basic),
963 },
964 {
965 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
966 .offset = offsetof(struct flow_keys, addrs.v4addrs),
967 },
968 {
969 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
970 .offset = offsetof(struct flow_keys, addrs.v6addrs),
971 },
972 {
973 .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
974 .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
975 },
976 {
977 .key_id = FLOW_DISSECTOR_KEY_PORTS,
978 .offset = offsetof(struct flow_keys, ports),
979 },
980 {
981 .key_id = FLOW_DISSECTOR_KEY_VLAN,
982 .offset = offsetof(struct flow_keys, vlan),
983 },
984 {
985 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
986 .offset = offsetof(struct flow_keys, tags),
987 },
988 {
989 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
990 .offset = offsetof(struct flow_keys, keyid),
991 },
992 };
993
994 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
995 {
996 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
997 .offset = offsetof(struct flow_keys, control),
998 },
999 {
1000 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1001 .offset = offsetof(struct flow_keys, basic),
1002 },
1003 {
1004 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1005 .offset = offsetof(struct flow_keys, addrs.v4addrs),
1006 },
1007 {
1008 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1009 .offset = offsetof(struct flow_keys, addrs.v6addrs),
1010 },
1011 {
1012 .key_id = FLOW_DISSECTOR_KEY_PORTS,
1013 .offset = offsetof(struct flow_keys, ports),
1014 },
1015 };
1016
1017 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
1018 {
1019 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1020 .offset = offsetof(struct flow_keys, control),
1021 },
1022 {
1023 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1024 .offset = offsetof(struct flow_keys, basic),
1025 },
1026 };
1027
1028 struct flow_dissector flow_keys_dissector __read_mostly;
1029 EXPORT_SYMBOL(flow_keys_dissector);
1030
1031 struct flow_dissector flow_keys_buf_dissector __read_mostly;
1032
1033 static int __init init_default_flow_dissectors(void)
1034 {
1035 skb_flow_dissector_init(&flow_keys_dissector,
1036 flow_keys_dissector_keys,
1037 ARRAY_SIZE(flow_keys_dissector_keys));
1038 skb_flow_dissector_init(&flow_keys_dissector_symmetric,
1039 flow_keys_dissector_symmetric_keys,
1040 ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
1041 skb_flow_dissector_init(&flow_keys_buf_dissector,
1042 flow_keys_buf_dissector_keys,
1043 ARRAY_SIZE(flow_keys_buf_dissector_keys));
1044 return 0;
1045 }
1046
1047 core_initcall(init_default_flow_dissectors);
Ubuntu Artful kernel mirror