1 #include <linux/kernel.h>
2 #include <linux/skbuff.h>
3 #include <linux/export.h>
5 #include <linux/ipv6.h>
6 #include <linux/if_vlan.h>
9 #include <linux/igmp.h>
10 #include <linux/icmp.h>
11 #include <linux/sctp.h>
12 #include <linux/dccp.h>
13 #include <linux/if_tunnel.h>
14 #include <linux/if_pppox.h>
15 #include <linux/ppp_defs.h>
16 #include <linux/stddef.h>
17 #include <linux/if_ether.h>
18 #include <net/flow_dissector.h>
19 #include <scsi/fc/fc_fcoe.h>
21 static bool skb_flow_dissector_uses_key(struct flow_dissector
*flow_dissector
,
22 enum flow_dissector_key_id key_id
)
24 return flow_dissector
->used_keys
& (1 << key_id
);
27 static void skb_flow_dissector_set_key(struct flow_dissector
*flow_dissector
,
28 enum flow_dissector_key_id key_id
)
30 flow_dissector
->used_keys
|= (1 << key_id
);
33 static void *skb_flow_dissector_target(struct flow_dissector
*flow_dissector
,
34 enum flow_dissector_key_id key_id
,
35 void *target_container
)
37 return ((char *) target_container
) + flow_dissector
->offset
[key_id
];
40 void skb_flow_dissector_init(struct flow_dissector
*flow_dissector
,
41 const struct flow_dissector_key
*key
,
42 unsigned int key_count
)
46 memset(flow_dissector
, 0, sizeof(*flow_dissector
));
48 for (i
= 0; i
< key_count
; i
++, key
++) {
49 /* User should make sure that every key target offset is withing
50 * boundaries of unsigned short.
52 BUG_ON(key
->offset
> USHRT_MAX
);
53 BUG_ON(skb_flow_dissector_uses_key(flow_dissector
,
56 skb_flow_dissector_set_key(flow_dissector
, key
->key_id
);
57 flow_dissector
->offset
[key
->key_id
] = key
->offset
;
60 /* Ensure that the dissector always includes basic key. That way
61 * we are able to avoid handling lack of it in fast path.
63 BUG_ON(!skb_flow_dissector_uses_key(flow_dissector
,
64 FLOW_DISSECTOR_KEY_BASIC
));
66 EXPORT_SYMBOL(skb_flow_dissector_init
);
69 * __skb_flow_get_ports - extract the upper layer ports and return them
70 * @skb: sk_buff to extract the ports from
71 * @thoff: transport header offset
72 * @ip_proto: protocol for which to get port offset
73 * @data: raw buffer pointer to the packet, if NULL use skb->data
74 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
76 * The function will try to retrieve the ports at offset thoff + poff where poff
77 * is the protocol port offset returned from proto_ports_offset
79 __be32
__skb_flow_get_ports(const struct sk_buff
*skb
, int thoff
, u8 ip_proto
,
82 int poff
= proto_ports_offset(ip_proto
);
86 hlen
= skb_headlen(skb
);
90 __be32
*ports
, _ports
;
92 ports
= __skb_header_pointer(skb
, thoff
+ poff
,
93 sizeof(_ports
), data
, hlen
, &_ports
);
100 EXPORT_SYMBOL(__skb_flow_get_ports
);
103 * __skb_flow_dissect - extract the flow_keys struct and return it
104 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
105 * @flow_dissector: list of keys to dissect
106 * @target_container: target structure to put dissected values into
107 * @data: raw buffer pointer to the packet, if NULL use skb->data
108 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
109 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
110 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
112 * The function will try to retrieve individual keys into target specified
113 * by flow_dissector from either the skbuff or a raw buffer specified by the
116 * Caller must take care of zeroing target container memory.
118 bool __skb_flow_dissect(const struct sk_buff
*skb
,
119 struct flow_dissector
*flow_dissector
,
120 void *target_container
,
121 void *data
, __be16 proto
, int nhoff
, int hlen
)
123 struct flow_dissector_key_basic
*key_basic
;
124 struct flow_dissector_key_addrs
*key_addrs
;
125 struct flow_dissector_key_ports
*key_ports
;
130 proto
= skb
->protocol
;
131 nhoff
= skb_network_offset(skb
);
132 hlen
= skb_headlen(skb
);
135 /* It is ensured by skb_flow_dissector_init() that basic key will
138 key_basic
= skb_flow_dissector_target(flow_dissector
,
139 FLOW_DISSECTOR_KEY_BASIC
,
142 if (skb_flow_dissector_uses_key(flow_dissector
,
143 FLOW_DISSECTOR_KEY_ETH_ADDRS
)) {
144 struct ethhdr
*eth
= eth_hdr(skb
);
145 struct flow_dissector_key_eth_addrs
*key_eth_addrs
;
147 key_eth_addrs
= skb_flow_dissector_target(flow_dissector
,
148 FLOW_DISSECTOR_KEY_ETH_ADDRS
,
150 memcpy(key_eth_addrs
, ð
->h_dest
, sizeof(*key_eth_addrs
));
155 case htons(ETH_P_IP
): {
156 const struct iphdr
*iph
;
159 iph
= __skb_header_pointer(skb
, nhoff
, sizeof(_iph
), data
, hlen
, &_iph
);
160 if (!iph
|| iph
->ihl
< 5)
162 nhoff
+= iph
->ihl
* 4;
164 ip_proto
= iph
->protocol
;
165 if (ip_is_fragment(iph
))
168 if (!skb_flow_dissector_uses_key(flow_dissector
,
169 FLOW_DISSECTOR_KEY_IPV4_ADDRS
))
171 key_addrs
= skb_flow_dissector_target(flow_dissector
,
172 FLOW_DISSECTOR_KEY_IPV4_ADDRS
,
174 memcpy(key_addrs
, &iph
->saddr
, sizeof(*key_addrs
));
177 case htons(ETH_P_IPV6
): {
178 const struct ipv6hdr
*iph
;
183 iph
= __skb_header_pointer(skb
, nhoff
, sizeof(_iph
), data
, hlen
, &_iph
);
187 ip_proto
= iph
->nexthdr
;
188 nhoff
+= sizeof(struct ipv6hdr
);
190 if (skb_flow_dissector_uses_key(flow_dissector
,
191 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
)) {
192 key_addrs
= skb_flow_dissector_target(flow_dissector
,
193 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
,
196 key_addrs
->src
= (__force __be32
)ipv6_addr_hash(&iph
->saddr
);
197 key_addrs
->dst
= (__force __be32
)ipv6_addr_hash(&iph
->daddr
);
200 if (skb_flow_dissector_uses_key(flow_dissector
,
201 FLOW_DISSECTOR_KEY_IPV6_ADDRS
)) {
202 struct flow_dissector_key_ipv6_addrs
*key_ipv6_addrs
;
204 key_ipv6_addrs
= skb_flow_dissector_target(flow_dissector
,
205 FLOW_DISSECTOR_KEY_IPV6_ADDRS
,
208 memcpy(key_ipv6_addrs
, &iph
->saddr
, sizeof(*key_ipv6_addrs
));
213 flow_label
= ip6_flowlabel(iph
);
215 /* Awesome, IPv6 packet has a flow label so we can
216 * use that to represent the ports without any
217 * further dissection.
220 key_basic
->n_proto
= proto
;
221 key_basic
->ip_proto
= ip_proto
;
222 key_basic
->thoff
= (u16
)nhoff
;
224 if (!skb_flow_dissector_uses_key(flow_dissector
,
225 FLOW_DISSECTOR_KEY_PORTS
))
227 key_ports
= skb_flow_dissector_target(flow_dissector
,
228 FLOW_DISSECTOR_KEY_PORTS
,
230 key_ports
->ports
= flow_label
;
237 case htons(ETH_P_8021AD
):
238 case htons(ETH_P_8021Q
): {
239 const struct vlan_hdr
*vlan
;
240 struct vlan_hdr _vlan
;
242 vlan
= __skb_header_pointer(skb
, nhoff
, sizeof(_vlan
), data
, hlen
, &_vlan
);
246 proto
= vlan
->h_vlan_encapsulated_proto
;
247 nhoff
+= sizeof(*vlan
);
250 case htons(ETH_P_PPP_SES
): {
252 struct pppoe_hdr hdr
;
255 hdr
= __skb_header_pointer(skb
, nhoff
, sizeof(_hdr
), data
, hlen
, &_hdr
);
259 nhoff
+= PPPOE_SES_HLEN
;
263 case htons(PPP_IPV6
):
269 case htons(ETH_P_TIPC
): {
274 hdr
= __skb_header_pointer(skb
, nhoff
, sizeof(_hdr
), data
, hlen
, &_hdr
);
277 key_basic
->n_proto
= proto
;
278 key_basic
->thoff
= (u16
)nhoff
;
280 if (skb_flow_dissector_uses_key(flow_dissector
,
281 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
)) {
282 key_addrs
= skb_flow_dissector_target(flow_dissector
,
283 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
,
285 key_addrs
->src
= hdr
->srcnode
;
290 case htons(ETH_P_FCOE
):
291 key_basic
->thoff
= (u16
)(nhoff
+ FCOE_HEADER_LEN
);
304 hdr
= __skb_header_pointer(skb
, nhoff
, sizeof(_hdr
), data
, hlen
, &_hdr
);
308 * Only look inside GRE if version zero and no
311 if (!(hdr
->flags
& (GRE_VERSION
|GRE_ROUTING
))) {
314 if (hdr
->flags
& GRE_CSUM
)
316 if (hdr
->flags
& GRE_KEY
)
318 if (hdr
->flags
& GRE_SEQ
)
320 if (proto
== htons(ETH_P_TEB
)) {
321 const struct ethhdr
*eth
;
324 eth
= __skb_header_pointer(skb
, nhoff
,
329 proto
= eth
->h_proto
;
330 nhoff
+= sizeof(*eth
);
337 proto
= htons(ETH_P_IP
);
340 proto
= htons(ETH_P_IPV6
);
346 /* It is ensured by skb_flow_dissector_init() that basic key will
349 key_basic
= skb_flow_dissector_target(flow_dissector
,
350 FLOW_DISSECTOR_KEY_BASIC
,
352 key_basic
->n_proto
= proto
;
353 key_basic
->ip_proto
= ip_proto
;
354 key_basic
->thoff
= (u16
) nhoff
;
356 if (skb_flow_dissector_uses_key(flow_dissector
,
357 FLOW_DISSECTOR_KEY_PORTS
)) {
358 key_ports
= skb_flow_dissector_target(flow_dissector
,
359 FLOW_DISSECTOR_KEY_PORTS
,
361 key_ports
->ports
= __skb_flow_get_ports(skb
, nhoff
, ip_proto
,
367 EXPORT_SYMBOL(__skb_flow_dissect
);
369 static u32 hashrnd __read_mostly
;
370 static __always_inline
void __flow_hash_secret_init(void)
372 net_get_random_once(&hashrnd
, sizeof(hashrnd
));
375 static __always_inline u32
__flow_hash_3words(u32 a
, u32 b
, u32 c
, u32 keyval
)
377 return jhash_3words(a
, b
, c
, keyval
);
380 static inline u32
__flow_hash_from_keys(struct flow_keys
*keys
, u32 keyval
)
384 /* get a consistent hash (same value on both flow directions) */
385 if (((__force u32
)keys
->addrs
.dst
< (__force u32
)keys
->addrs
.src
) ||
386 (((__force u32
)keys
->addrs
.dst
== (__force u32
)keys
->addrs
.src
) &&
387 ((__force u16
)keys
->ports
.dst
< (__force u16
)keys
->ports
.src
))) {
388 swap(keys
->addrs
.dst
, keys
->addrs
.src
);
389 swap(keys
->ports
.src
, keys
->ports
.dst
);
392 hash
= __flow_hash_3words((__force u32
)keys
->addrs
.dst
,
393 (__force u32
)keys
->addrs
.src
,
394 (__force u32
)keys
->ports
.ports
,
402 u32
flow_hash_from_keys(struct flow_keys
*keys
)
404 __flow_hash_secret_init();
405 return __flow_hash_from_keys(keys
, hashrnd
);
407 EXPORT_SYMBOL(flow_hash_from_keys
);
409 static inline u32
___skb_get_hash(const struct sk_buff
*skb
,
410 struct flow_keys
*keys
, u32 keyval
)
412 if (!skb_flow_dissect_flow_keys(skb
, keys
))
415 return __flow_hash_from_keys(keys
, keyval
);
418 struct _flow_keys_digest_data
{
427 void make_flow_keys_digest(struct flow_keys_digest
*digest
,
428 const struct flow_keys
*flow
)
430 struct _flow_keys_digest_data
*data
=
431 (struct _flow_keys_digest_data
*)digest
;
433 BUILD_BUG_ON(sizeof(*data
) > sizeof(*digest
));
435 memset(digest
, 0, sizeof(*digest
));
437 data
->n_proto
= flow
->basic
.n_proto
;
438 data
->ip_proto
= flow
->basic
.ip_proto
;
439 data
->ports
= flow
->ports
.ports
;
440 data
->src
= flow
->addrs
.src
;
441 data
->dst
= flow
->addrs
.dst
;
443 EXPORT_SYMBOL(make_flow_keys_digest
);
446 * __skb_get_hash: calculate a flow hash
447 * @skb: sk_buff to calculate flow hash from
449 * This function calculates a flow hash based on src/dst addresses
450 * and src/dst port numbers. Sets hash in skb to non-zero hash value
451 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
452 * if hash is a canonical 4-tuple hash over transport ports.
454 void __skb_get_hash(struct sk_buff
*skb
)
456 struct flow_keys keys
;
459 __flow_hash_secret_init();
461 hash
= ___skb_get_hash(skb
, &keys
, hashrnd
);
464 if (keys
.ports
.ports
)
469 EXPORT_SYMBOL(__skb_get_hash
);
471 __u32
skb_get_hash_perturb(const struct sk_buff
*skb
, u32 perturb
)
473 struct flow_keys keys
;
475 return ___skb_get_hash(skb
, &keys
, perturb
);
477 EXPORT_SYMBOL(skb_get_hash_perturb
);
479 u32
__skb_get_poff(const struct sk_buff
*skb
, void *data
,
480 const struct flow_keys
*keys
, int hlen
)
482 u32 poff
= keys
->basic
.thoff
;
484 switch (keys
->basic
.ip_proto
) {
486 /* access doff as u8 to avoid unaligned access */
490 doff
= __skb_header_pointer(skb
, poff
+ 12, sizeof(_doff
),
495 poff
+= max_t(u32
, sizeof(struct tcphdr
), (*doff
& 0xF0) >> 2);
499 case IPPROTO_UDPLITE
:
500 poff
+= sizeof(struct udphdr
);
502 /* For the rest, we do not really care about header
503 * extensions at this point for now.
506 poff
+= sizeof(struct icmphdr
);
509 poff
+= sizeof(struct icmp6hdr
);
512 poff
+= sizeof(struct igmphdr
);
515 poff
+= sizeof(struct dccp_hdr
);
518 poff
+= sizeof(struct sctphdr
);
526 * skb_get_poff - get the offset to the payload
527 * @skb: sk_buff to get the payload offset from
529 * The function will get the offset to the payload as far as it could
530 * be dissected. The main user is currently BPF, so that we can dynamically
531 * truncate packets without needing to push actual payload to the user
532 * space and can analyze headers only, instead.
534 u32
skb_get_poff(const struct sk_buff
*skb
)
536 struct flow_keys keys
;
538 if (!skb_flow_dissect_flow_keys(skb
, &keys
))
541 return __skb_get_poff(skb
, skb
->data
, &keys
, skb_headlen(skb
));
544 static const struct flow_dissector_key flow_keys_dissector_keys
[] = {
546 .key_id
= FLOW_DISSECTOR_KEY_BASIC
,
547 .offset
= offsetof(struct flow_keys
, basic
),
550 .key_id
= FLOW_DISSECTOR_KEY_IPV4_ADDRS
,
551 .offset
= offsetof(struct flow_keys
, addrs
),
554 .key_id
= FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
,
555 .offset
= offsetof(struct flow_keys
, addrs
),
558 .key_id
= FLOW_DISSECTOR_KEY_PORTS
,
559 .offset
= offsetof(struct flow_keys
, ports
),
563 static const struct flow_dissector_key flow_keys_buf_dissector_keys
[] = {
565 .key_id
= FLOW_DISSECTOR_KEY_BASIC
,
566 .offset
= offsetof(struct flow_keys
, basic
),
570 struct flow_dissector flow_keys_dissector __read_mostly
;
571 EXPORT_SYMBOL(flow_keys_dissector
);
573 struct flow_dissector flow_keys_buf_dissector __read_mostly
;
575 static int __init
init_default_flow_dissectors(void)
577 skb_flow_dissector_init(&flow_keys_dissector
,
578 flow_keys_dissector_keys
,
579 ARRAY_SIZE(flow_keys_dissector_keys
));
580 skb_flow_dissector_init(&flow_keys_buf_dissector
,
581 flow_keys_buf_dissector_keys
,
582 ARRAY_SIZE(flow_keys_buf_dissector_keys
));
586 late_initcall_sync(init_default_flow_dissectors
);