~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/core/flow_dissector.c

Version: ~ [ linux-5.19-rc8 ] ~ [ linux-5.18.14 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.57 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.133 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.207 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.253 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.289 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.324 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 #include <linux/kernel.h>
  2 #include <linux/skbuff.h>
  3 #include <linux/export.h>
  4 #include <linux/ip.h>
  5 #include <linux/ipv6.h>
  6 #include <linux/if_vlan.h>
  7 #include <net/ip.h>
  8 #include <net/ipv6.h>
  9 #include <linux/igmp.h>
 10 #include <linux/icmp.h>
 11 #include <linux/sctp.h>
 12 #include <linux/dccp.h>
 13 #include <linux/if_tunnel.h>
 14 #include <linux/if_pppox.h>
 15 #include <linux/ppp_defs.h>
 16 #include <linux/stddef.h>
 17 #include <linux/if_ether.h>
 18 #include <linux/mpls.h>
 19 #include <net/flow_dissector.h>
 20 #include <scsi/fc/fc_fcoe.h>
 21 
 22 static void dissector_set_key(struct flow_dissector *flow_dissector,
 23                               enum flow_dissector_key_id key_id)
 24 {
 25         flow_dissector->used_keys |= (1 << key_id);
 26 }
 27 
 28 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
 29                              const struct flow_dissector_key *key,
 30                              unsigned int key_count)
 31 {
 32         unsigned int i;
 33 
 34         memset(flow_dissector, 0, sizeof(*flow_dissector));
 35 
 36         for (i = 0; i < key_count; i++, key++) {
 37                 /* User should make sure that every key target offset is withing
 38                  * boundaries of unsigned short.
 39                  */
 40                 BUG_ON(key->offset > USHRT_MAX);
 41                 BUG_ON(dissector_uses_key(flow_dissector,
 42                                           key->key_id));
 43 
 44                 dissector_set_key(flow_dissector, key->key_id);
 45                 flow_dissector->offset[key->key_id] = key->offset;
 46         }
 47 
 48         /* Ensure that the dissector always includes control and basic key.
 49          * That way we are able to avoid handling lack of these in fast path.
 50          */
 51         BUG_ON(!dissector_uses_key(flow_dissector,
 52                                    FLOW_DISSECTOR_KEY_CONTROL));
 53         BUG_ON(!dissector_uses_key(flow_dissector,
 54                                    FLOW_DISSECTOR_KEY_BASIC));
 55 }
 56 EXPORT_SYMBOL(skb_flow_dissector_init);
 57 
 58 /**
 59  * __skb_flow_get_ports - extract the upper layer ports and return them
 60  * @skb: sk_buff to extract the ports from
 61  * @thoff: transport header offset
 62  * @ip_proto: protocol for which to get port offset
 63  * @data: raw buffer pointer to the packet, if NULL use skb->data
 64  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
 65  *
 66  * The function will try to retrieve the ports at offset thoff + poff where poff
 67  * is the protocol port offset returned from proto_ports_offset
 68  */
 69 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
 70                             void *data, int hlen)
 71 {
 72         int poff = proto_ports_offset(ip_proto);
 73 
 74         if (!data) {
 75                 data = skb->data;
 76                 hlen = skb_headlen(skb);
 77         }
 78 
 79         if (poff >= 0) {
 80                 __be32 *ports, _ports;
 81 
 82                 ports = __skb_header_pointer(skb, thoff + poff,
 83                                              sizeof(_ports), data, hlen, &_ports);
 84                 if (ports)
 85                         return *ports;
 86         }
 87 
 88         return 0;
 89 }
 90 EXPORT_SYMBOL(__skb_flow_get_ports);
 91 
 92 /**
 93  * __skb_flow_dissect - extract the flow_keys struct and return it
 94  * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
 95  * @flow_dissector: list of keys to dissect
 96  * @target_container: target structure to put dissected values into
 97  * @data: raw buffer pointer to the packet, if NULL use skb->data
 98  * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
 99  * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
100  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
101  *
102  * The function will try to retrieve individual keys into target specified
103  * by flow_dissector from either the skbuff or a raw buffer specified by the
104  * rest parameters.
105  *
106  * Caller must take care of zeroing target container memory.
107  */
108 bool __skb_flow_dissect(const struct sk_buff *skb,
109                         struct flow_dissector *flow_dissector,
110                         void *target_container,
111                         void *data, __be16 proto, int nhoff, int hlen,
112                         unsigned int flags)
113 {
114         struct flow_dissector_key_control *key_control;
115         struct flow_dissector_key_basic *key_basic;
116         struct flow_dissector_key_addrs *key_addrs;
117         struct flow_dissector_key_ports *key_ports;
118         struct flow_dissector_key_tags *key_tags;
119         struct flow_dissector_key_keyid *key_keyid;
120         u8 ip_proto = 0;
121         bool ret = false;
122 
123         if (!data) {
124                 data = skb->data;
125                 proto = skb->protocol;
126                 nhoff = skb_network_offset(skb);
127                 hlen = skb_headlen(skb);
128         }
129 
130         /* It is ensured by skb_flow_dissector_init() that control key will
131          * be always present.
132          */
133         key_control = skb_flow_dissector_target(flow_dissector,
134                                                 FLOW_DISSECTOR_KEY_CONTROL,
135                                                 target_container);
136 
137         /* It is ensured by skb_flow_dissector_init() that basic key will
138          * be always present.
139          */
140         key_basic = skb_flow_dissector_target(flow_dissector,
141                                               FLOW_DISSECTOR_KEY_BASIC,
142                                               target_container);
143 
144         if (dissector_uses_key(flow_dissector,
145                                FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
146                 struct ethhdr *eth = eth_hdr(skb);
147                 struct flow_dissector_key_eth_addrs *key_eth_addrs;
148 
149                 key_eth_addrs = skb_flow_dissector_target(flow_dissector,
150                                                           FLOW_DISSECTOR_KEY_ETH_ADDRS,
151                                                           target_container);
152                 memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
153         }
154 
155 again:
156         switch (proto) {
157         case htons(ETH_P_IP): {
158                 const struct iphdr *iph;
159                 struct iphdr _iph;
160 ip:
161                 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
162                 if (!iph || iph->ihl < 5)
163                         goto out_bad;
164                 nhoff += iph->ihl * 4;
165 
166                 ip_proto = iph->protocol;
167 
168                 if (dissector_uses_key(flow_dissector,
169                                        FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
170                         key_addrs = skb_flow_dissector_target(flow_dissector,
171                                                               FLOW_DISSECTOR_KEY_IPV4_ADDRS,
172                                                               target_container);
173 
174                         memcpy(&key_addrs->v4addrs, &iph->saddr,
175                                sizeof(key_addrs->v4addrs));
176                         key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
177                 }
178 
179                 if (ip_is_fragment(iph)) {
180                         key_control->flags |= FLOW_DIS_IS_FRAGMENT;
181 
182                         if (iph->frag_off & htons(IP_OFFSET)) {
183                                 goto out_good;
184                         } else {
185                                 key_control->flags |= FLOW_DIS_FIRST_FRAG;
186                                 if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
187                                         goto out_good;
188                         }
189                 }
190 
191                 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
192                         goto out_good;
193 
194                 break;
195         }
196         case htons(ETH_P_IPV6): {
197                 const struct ipv6hdr *iph;
198                 struct ipv6hdr _iph;
199 
200 ipv6:
201                 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
202                 if (!iph)
203                         goto out_bad;
204 
205                 ip_proto = iph->nexthdr;
206                 nhoff += sizeof(struct ipv6hdr);
207 
208                 if (dissector_uses_key(flow_dissector,
209                                        FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
210                         key_addrs = skb_flow_dissector_target(flow_dissector,
211                                                               FLOW_DISSECTOR_KEY_IPV6_ADDRS,
212                                                               target_container);
213 
214                         memcpy(&key_addrs->v6addrs, &iph->saddr,
215                                sizeof(key_addrs->v6addrs));
216                         key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
217                 }
218 
219                 if ((dissector_uses_key(flow_dissector,
220                                         FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
221                      (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
222                     ip6_flowlabel(iph)) {
223                         __be32 flow_label = ip6_flowlabel(iph);
224 
225                         if (dissector_uses_key(flow_dissector,
226                                                FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
227                                 key_tags = skb_flow_dissector_target(flow_dissector,
228                                                                      FLOW_DISSECTOR_KEY_FLOW_LABEL,
229                                                                      target_container);
230                                 key_tags->flow_label = ntohl(flow_label);
231                         }
232                         if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
233                                 goto out_good;
234                 }
235 
236                 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
237                         goto out_good;
238 
239                 break;
240         }
241         case htons(ETH_P_8021AD):
242         case htons(ETH_P_8021Q): {
243                 const struct vlan_hdr *vlan;
244                 struct vlan_hdr _vlan;
245 
246                 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan), data, hlen, &_vlan);
247                 if (!vlan)
248                         goto out_bad;
249 
250                 if (dissector_uses_key(flow_dissector,
251                                        FLOW_DISSECTOR_KEY_VLANID)) {
252                         key_tags = skb_flow_dissector_target(flow_dissector,
253                                                              FLOW_DISSECTOR_KEY_VLANID,
254                                                              target_container);
255 
256                         key_tags->vlan_id = skb_vlan_tag_get_id(skb);
257                 }
258 
259                 proto = vlan->h_vlan_encapsulated_proto;
260                 nhoff += sizeof(*vlan);
261                 goto again;
262         }
263         case htons(ETH_P_PPP_SES): {
264                 struct {
265                         struct pppoe_hdr hdr;
266                         __be16 proto;
267                 } *hdr, _hdr;
268                 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
269                 if (!hdr)
270                         goto out_bad;
271                 proto = hdr->proto;
272                 nhoff += PPPOE_SES_HLEN;
273                 switch (proto) {
274                 case htons(PPP_IP):
275                         goto ip;
276                 case htons(PPP_IPV6):
277                         goto ipv6;
278                 default:
279                         goto out_bad;
280                 }
281         }
282         case htons(ETH_P_TIPC): {
283                 struct {
284                         __be32 pre[3];
285                         __be32 srcnode;
286                 } *hdr, _hdr;
287                 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
288                 if (!hdr)
289                         goto out_bad;
290 
291                 if (dissector_uses_key(flow_dissector,
292                                        FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
293                         key_addrs = skb_flow_dissector_target(flow_dissector,
294                                                               FLOW_DISSECTOR_KEY_TIPC_ADDRS,
295                                                               target_container);
296                         key_addrs->tipcaddrs.srcnode = hdr->srcnode;
297                         key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
298                 }
299                 goto out_good;
300         }
301 
302         case htons(ETH_P_MPLS_UC):
303         case htons(ETH_P_MPLS_MC): {
304                 struct mpls_label *hdr, _hdr[2];
305 mpls:
306                 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
307                                            hlen, &_hdr);
308                 if (!hdr)
309                         goto out_bad;
310 
311                 if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >>
312                      MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) {
313                         if (dissector_uses_key(flow_dissector,
314                                                FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) {
315                                 key_keyid = skb_flow_dissector_target(flow_dissector,
316                                                                       FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
317                                                                       target_container);
318                                 key_keyid->keyid = hdr[1].entry &
319                                         htonl(MPLS_LS_LABEL_MASK);
320                         }
321 
322                         goto out_good;
323                 }
324 
325                 goto out_good;
326         }
327 
328         case htons(ETH_P_FCOE):
329                 if ((hlen - nhoff) < FCOE_HEADER_LEN)
330                         goto out_bad;
331 
332                 nhoff += FCOE_HEADER_LEN;
333                 goto out_good;
334         default:
335                 goto out_bad;
336         }
337 
338 ip_proto_again:
339         switch (ip_proto) {
340         case IPPROTO_GRE: {
341                 struct gre_hdr {
342                         __be16 flags;
343                         __be16 proto;
344                 } *hdr, _hdr;
345 
346                 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
347                 if (!hdr)
348                         goto out_bad;
349                 /*
350                  * Only look inside GRE if version zero and no
351                  * routing
352                  */
353                 if (hdr->flags & (GRE_VERSION | GRE_ROUTING))
354                         break;
355 
356                 proto = hdr->proto;
357                 nhoff += 4;
358                 if (hdr->flags & GRE_CSUM)
359                         nhoff += 4;
360                 if (hdr->flags & GRE_KEY) {
361                         const __be32 *keyid;
362                         __be32 _keyid;
363 
364                         keyid = __skb_header_pointer(skb, nhoff, sizeof(_keyid),
365                                                      data, hlen, &_keyid);
366 
367                         if (!keyid)
368                                 goto out_bad;
369 
370                         if (dissector_uses_key(flow_dissector,
371                                                FLOW_DISSECTOR_KEY_GRE_KEYID)) {
372                                 key_keyid = skb_flow_dissector_target(flow_dissector,
373                                                                       FLOW_DISSECTOR_KEY_GRE_KEYID,
374                                                                       target_container);
375                                 key_keyid->keyid = *keyid;
376                         }
377                         nhoff += 4;
378                 }
379                 if (hdr->flags & GRE_SEQ)
380                         nhoff += 4;
381                 if (proto == htons(ETH_P_TEB)) {
382                         const struct ethhdr *eth;
383                         struct ethhdr _eth;
384 
385                         eth = __skb_header_pointer(skb, nhoff,
386                                                    sizeof(_eth),
387                                                    data, hlen, &_eth);
388                         if (!eth)
389                                 goto out_bad;
390                         proto = eth->h_proto;
391                         nhoff += sizeof(*eth);
392 
393                         /* Cap headers that we access via pointers at the
394                          * end of the Ethernet header as our maximum alignment
395                          * at that point is only 2 bytes.
396                          */
397                         if (NET_IP_ALIGN)
398                                 hlen = nhoff;
399                 }
400 
401                 key_control->flags |= FLOW_DIS_ENCAPSULATION;
402                 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
403                         goto out_good;
404 
405                 goto again;
406         }
407         case NEXTHDR_HOP:
408         case NEXTHDR_ROUTING:
409         case NEXTHDR_DEST: {
410                 u8 _opthdr[2], *opthdr;
411 
412                 if (proto != htons(ETH_P_IPV6))
413                         break;
414 
415                 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
416                                               data, hlen, &_opthdr);
417                 if (!opthdr)
418                         goto out_bad;
419 
420                 ip_proto = opthdr[0];
421                 nhoff += (opthdr[1] + 1) << 3;
422 
423                 goto ip_proto_again;
424         }
425         case NEXTHDR_FRAGMENT: {
426                 struct frag_hdr _fh, *fh;
427 
428                 if (proto != htons(ETH_P_IPV6))
429                         break;
430 
431                 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
432                                           data, hlen, &_fh);
433 
434                 if (!fh)
435                         goto out_bad;
436 
437                 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
438 
439                 nhoff += sizeof(_fh);
440                 ip_proto = fh->nexthdr;
441 
442                 if (!(fh->frag_off & htons(IP6_OFFSET))) {
443                         key_control->flags |= FLOW_DIS_FIRST_FRAG;
444                         if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
445                                 goto ip_proto_again;
446                 }
447                 goto out_good;
448         }
449         case IPPROTO_IPIP:
450                 proto = htons(ETH_P_IP);
451 
452                 key_control->flags |= FLOW_DIS_ENCAPSULATION;
453                 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
454                         goto out_good;
455 
456                 goto ip;
457         case IPPROTO_IPV6:
458                 proto = htons(ETH_P_IPV6);
459 
460                 key_control->flags |= FLOW_DIS_ENCAPSULATION;
461                 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
462                         goto out_good;
463 
464                 goto ipv6;
465         case IPPROTO_MPLS:
466                 proto = htons(ETH_P_MPLS_UC);
467                 goto mpls;
468         default:
469                 break;
470         }
471 
472         if (dissector_uses_key(flow_dissector,
473                                FLOW_DISSECTOR_KEY_PORTS)) {
474                 key_ports = skb_flow_dissector_target(flow_dissector,
475                                                       FLOW_DISSECTOR_KEY_PORTS,
476                                                       target_container);
477                 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
478                                                         data, hlen);
479         }
480 
481 out_good:
482         ret = true;
483 
484 out_bad:
485         key_basic->n_proto = proto;
486         key_basic->ip_proto = ip_proto;
487         key_control->thoff = (u16)nhoff;
488 
489         return ret;
490 }
491 EXPORT_SYMBOL(__skb_flow_dissect);
492 
493 static u32 hashrnd __read_mostly;
494 static __always_inline void __flow_hash_secret_init(void)
495 {
496         net_get_random_once(&hashrnd, sizeof(hashrnd));
497 }
498 
499 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,
500                                              u32 keyval)
501 {
502         return jhash2(words, length, keyval);
503 }
504 
505 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)
506 {
507         const void *p = flow;
508 
509         BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));
510         return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);
511 }
512 
513 static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
514 {
515         size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
516         BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
517         BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=
518                      sizeof(*flow) - sizeof(flow->addrs));
519 
520         switch (flow->control.addr_type) {
521         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
522                 diff -= sizeof(flow->addrs.v4addrs);
523                 break;
524         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
525                 diff -= sizeof(flow->addrs.v6addrs);
526                 break;
527         case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
528                 diff -= sizeof(flow->addrs.tipcaddrs);
529                 break;
530         }
531         return (sizeof(*flow) - diff) / sizeof(u32);
532 }
533 
534 __be32 flow_get_u32_src(const struct flow_keys *flow)
535 {
536         switch (flow->control.addr_type) {
537         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
538                 return flow->addrs.v4addrs.src;
539         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
540                 return (__force __be32)ipv6_addr_hash(
541                         &flow->addrs.v6addrs.src);
542         case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
543                 return flow->addrs.tipcaddrs.srcnode;
544         default:
545                 return 0;
546         }
547 }
548 EXPORT_SYMBOL(flow_get_u32_src);
549 
550 __be32 flow_get_u32_dst(const struct flow_keys *flow)
551 {
552         switch (flow->control.addr_type) {
553         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
554                 return flow->addrs.v4addrs.dst;
555         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
556                 return (__force __be32)ipv6_addr_hash(
557                         &flow->addrs.v6addrs.dst);
558         default:
559                 return 0;
560         }
561 }
562 EXPORT_SYMBOL(flow_get_u32_dst);
563 
564 static inline void __flow_hash_consistentify(struct flow_keys *keys)
565 {
566         int addr_diff, i;
567 
568         switch (keys->control.addr_type) {
569         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
570                 addr_diff = (__force u32)keys->addrs.v4addrs.dst -
571                             (__force u32)keys->addrs.v4addrs.src;
572                 if ((addr_diff < 0) ||
573                     (addr_diff == 0 &&
574                      ((__force u16)keys->ports.dst <
575                       (__force u16)keys->ports.src))) {
576                         swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
577                         swap(keys->ports.src, keys->ports.dst);
578                 }
579                 break;
580         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
581                 addr_diff = memcmp(&keys->addrs.v6addrs.dst,
582                                    &keys->addrs.v6addrs.src,
583                                    sizeof(keys->addrs.v6addrs.dst));
584                 if ((addr_diff < 0) ||
585                     (addr_diff == 0 &&
586                      ((__force u16)keys->ports.dst <
587                       (__force u16)keys->ports.src))) {
588                         for (i = 0; i < 4; i++)
589                                 swap(keys->addrs.v6addrs.src.s6_addr32[i],
590                                      keys->addrs.v6addrs.dst.s6_addr32[i]);
591                         swap(keys->ports.src, keys->ports.dst);
592                 }
593                 break;
594         }
595 }
596 
597 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
598 {
599         u32 hash;
600 
601         __flow_hash_consistentify(keys);
602 
603         hash = __flow_hash_words(flow_keys_hash_start(keys),
604                                  flow_keys_hash_length(keys), keyval);
605         if (!hash)
606                 hash = 1;
607 
608         return hash;
609 }
610 
611 u32 flow_hash_from_keys(struct flow_keys *keys)
612 {
613         __flow_hash_secret_init();
614         return __flow_hash_from_keys(keys, hashrnd);
615 }
616 EXPORT_SYMBOL(flow_hash_from_keys);
617 
618 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
619                                   struct flow_keys *keys, u32 keyval)
620 {
621         skb_flow_dissect_flow_keys(skb, keys,
622                                    FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
623 
624         return __flow_hash_from_keys(keys, keyval);
625 }
626 
627 struct _flow_keys_digest_data {
628         __be16  n_proto;
629         u8      ip_proto;
630         u8      padding;
631         __be32  ports;
632         __be32  src;
633         __be32  dst;
634 };
635 
636 void make_flow_keys_digest(struct flow_keys_digest *digest,
637                            const struct flow_keys *flow)
638 {
639         struct _flow_keys_digest_data *data =
640             (struct _flow_keys_digest_data *)digest;
641 
642         BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
643 
644         memset(digest, 0, sizeof(*digest));
645 
646         data->n_proto = flow->basic.n_proto;
647         data->ip_proto = flow->basic.ip_proto;
648         data->ports = flow->ports.ports;
649         data->src = flow->addrs.v4addrs.src;
650         data->dst = flow->addrs.v4addrs.dst;
651 }
652 EXPORT_SYMBOL(make_flow_keys_digest);
653 
654 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
655 
656 u32 __skb_get_hash_symmetric(struct sk_buff *skb)
657 {
658         struct flow_keys keys;
659 
660         __flow_hash_secret_init();
661 
662         memset(&keys, 0, sizeof(keys));
663         __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
664                            NULL, 0, 0, 0,
665                            FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
666 
667         return __flow_hash_from_keys(&keys, hashrnd);
668 }
669 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
670 
671 /**
672  * __skb_get_hash: calculate a flow hash
673  * @skb: sk_buff to calculate flow hash from
674  *
675  * This function calculates a flow hash based on src/dst addresses
676  * and src/dst port numbers.  Sets hash in skb to non-zero hash value
677  * on success, zero indicates no valid hash.  Also, sets l4_hash in skb
678  * if hash is a canonical 4-tuple hash over transport ports.
679  */
680 void __skb_get_hash(struct sk_buff *skb)
681 {
682         struct flow_keys keys;
683 
684         __flow_hash_secret_init();
685 
686         __skb_set_sw_hash(skb, ___skb_get_hash(skb, &keys, hashrnd),
687                           flow_keys_have_l4(&keys));
688 }
689 EXPORT_SYMBOL(__skb_get_hash);
690 
691 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
692 {
693         struct flow_keys keys;
694 
695         return ___skb_get_hash(skb, &keys, perturb);
696 }
697 EXPORT_SYMBOL(skb_get_hash_perturb);
698 
699 __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6)
700 {
701         struct flow_keys keys;
702 
703         memset(&keys, 0, sizeof(keys));
704 
705         memcpy(&keys.addrs.v6addrs.src, &fl6->saddr,
706                sizeof(keys.addrs.v6addrs.src));
707         memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr,
708                sizeof(keys.addrs.v6addrs.dst));
709         keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
710         keys.ports.src = fl6->fl6_sport;
711         keys.ports.dst = fl6->fl6_dport;
712         keys.keyid.keyid = fl6->fl6_gre_key;
713         keys.tags.flow_label = (__force u32)fl6->flowlabel;
714         keys.basic.ip_proto = fl6->flowi6_proto;
715 
716         __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
717                           flow_keys_have_l4(&keys));
718 
719         return skb->hash;
720 }
721 EXPORT_SYMBOL(__skb_get_hash_flowi6);
722 
723 __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4)
724 {
725         struct flow_keys keys;
726 
727         memset(&keys, 0, sizeof(keys));
728 
729         keys.addrs.v4addrs.src = fl4->saddr;
730         keys.addrs.v4addrs.dst = fl4->daddr;
731         keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
732         keys.ports.src = fl4->fl4_sport;
733         keys.ports.dst = fl4->fl4_dport;
734         keys.keyid.keyid = fl4->fl4_gre_key;
735         keys.basic.ip_proto = fl4->flowi4_proto;
736 
737         __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
738                           flow_keys_have_l4(&keys));
739 
740         return skb->hash;
741 }
742 EXPORT_SYMBOL(__skb_get_hash_flowi4);
743 
744 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
745                    const struct flow_keys *keys, int hlen)
746 {
747         u32 poff = keys->control.thoff;
748 
749         /* skip L4 headers for fragments after the first */
750         if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
751             !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
752                 return poff;
753 
754         switch (keys->basic.ip_proto) {
755         case IPPROTO_TCP: {
756                 /* access doff as u8 to avoid unaligned access */
757                 const u8 *doff;
758                 u8 _doff;
759 
760                 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
761                                             data, hlen, &_doff);
762                 if (!doff)
763                         return poff;
764 
765                 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
766                 break;
767         }
768         case IPPROTO_UDP:
769         case IPPROTO_UDPLITE:
770                 poff += sizeof(struct udphdr);
771                 break;
772         /* For the rest, we do not really care about header
773          * extensions at this point for now.
774          */
775         case IPPROTO_ICMP:
776                 poff += sizeof(struct icmphdr);
777                 break;
778         case IPPROTO_ICMPV6:
779                 poff += sizeof(struct icmp6hdr);
780                 break;
781         case IPPROTO_IGMP:
782                 poff += sizeof(struct igmphdr);
783                 break;
784         case IPPROTO_DCCP:
785                 poff += sizeof(struct dccp_hdr);
786                 break;
787         case IPPROTO_SCTP:
788                 poff += sizeof(struct sctphdr);
789                 break;
790         }
791 
792         return poff;
793 }
794 
795 /**
796  * skb_get_poff - get the offset to the payload
797  * @skb: sk_buff to get the payload offset from
798  *
799  * The function will get the offset to the payload as far as it could
800  * be dissected.  The main user is currently BPF, so that we can dynamically
801  * truncate packets without needing to push actual payload to the user
802  * space and can analyze headers only, instead.
803  */
804 u32 skb_get_poff(const struct sk_buff *skb)
805 {
806         struct flow_keys keys;
807 
808         if (!skb_flow_dissect_flow_keys(skb, &keys, 0))
809                 return 0;
810 
811         return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
812 }
813 
814 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
815 {
816         memset(keys, 0, sizeof(*keys));
817 
818         memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
819             sizeof(keys->addrs.v6addrs.src));
820         memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
821             sizeof(keys->addrs.v6addrs.dst));
822         keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
823         keys->ports.src = fl6->fl6_sport;
824         keys->ports.dst = fl6->fl6_dport;
825         keys->keyid.keyid = fl6->fl6_gre_key;
826         keys->tags.flow_label = (__force u32)fl6->flowlabel;
827         keys->basic.ip_proto = fl6->flowi6_proto;
828 
829         return flow_hash_from_keys(keys);
830 }
831 EXPORT_SYMBOL(__get_hash_from_flowi6);
832 
833 __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys)
834 {
835         memset(keys, 0, sizeof(*keys));
836 
837         keys->addrs.v4addrs.src = fl4->saddr;
838         keys->addrs.v4addrs.dst = fl4->daddr;
839         keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
840         keys->ports.src = fl4->fl4_sport;
841         keys->ports.dst = fl4->fl4_dport;
842         keys->keyid.keyid = fl4->fl4_gre_key;
843         keys->basic.ip_proto = fl4->flowi4_proto;
844 
845         return flow_hash_from_keys(keys);
846 }
847 EXPORT_SYMBOL(__get_hash_from_flowi4);
848 
849 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
850         {
851                 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
852                 .offset = offsetof(struct flow_keys, control),
853         },
854         {
855                 .key_id = FLOW_DISSECTOR_KEY_BASIC,
856                 .offset = offsetof(struct flow_keys, basic),
857         },
858         {
859                 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
860                 .offset = offsetof(struct flow_keys, addrs.v4addrs),
861         },
862         {
863                 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
864                 .offset = offsetof(struct flow_keys, addrs.v6addrs),
865         },
866         {
867                 .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
868                 .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
869         },
870         {
871                 .key_id = FLOW_DISSECTOR_KEY_PORTS,
872                 .offset = offsetof(struct flow_keys, ports),
873         },
874         {
875                 .key_id = FLOW_DISSECTOR_KEY_VLANID,
876                 .offset = offsetof(struct flow_keys, tags),
877         },
878         {
879                 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
880                 .offset = offsetof(struct flow_keys, tags),
881         },
882         {
883                 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
884                 .offset = offsetof(struct flow_keys, keyid),
885         },
886 };
887 
888 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
889         {
890                 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
891                 .offset = offsetof(struct flow_keys, control),
892         },
893         {
894                 .key_id = FLOW_DISSECTOR_KEY_BASIC,
895                 .offset = offsetof(struct flow_keys, basic),
896         },
897         {
898                 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
899                 .offset = offsetof(struct flow_keys, addrs.v4addrs),
900         },
901         {
902                 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
903                 .offset = offsetof(struct flow_keys, addrs.v6addrs),
904         },
905         {
906                 .key_id = FLOW_DISSECTOR_KEY_PORTS,
907                 .offset = offsetof(struct flow_keys, ports),
908         },
909 };
910 
911 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
912         {
913                 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
914                 .offset = offsetof(struct flow_keys, control),
915         },
916         {
917                 .key_id = FLOW_DISSECTOR_KEY_BASIC,
918                 .offset = offsetof(struct flow_keys, basic),
919         },
920 };
921 
922 struct flow_dissector flow_keys_dissector __read_mostly;
923 EXPORT_SYMBOL(flow_keys_dissector);
924 
925 struct flow_dissector flow_keys_buf_dissector __read_mostly;
926 
927 static int __init init_default_flow_dissectors(void)
928 {
929         skb_flow_dissector_init(&flow_keys_dissector,
930                                 flow_keys_dissector_keys,
931                                 ARRAY_SIZE(flow_keys_dissector_keys));
932         skb_flow_dissector_init(&flow_keys_dissector_symmetric,
933                                 flow_keys_dissector_symmetric_keys,
934                                 ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
935         skb_flow_dissector_init(&flow_keys_buf_dissector,
936                                 flow_keys_buf_dissector_keys,
937                                 ARRAY_SIZE(flow_keys_buf_dissector_keys));
938         return 0;
939 }
940 
941 late_initcall_sync(init_default_flow_dissectors);
942 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp