1 #include <linux/kernel.h>
2 #include <linux/skbuff.h>
3 #include <linux/export.h>
5 #include <linux/ipv6.h>
6 #include <linux/if_vlan.h>
9 #include <linux/igmp.h>
10 #include <linux/icmp.h>
11 #include <linux/sctp.h>
12 #include <linux/dccp.h>
13 #include <linux/if_tunnel.h>
14 #include <linux/if_pppox.h>
15 #include <linux/ppp_defs.h>
16 #include <linux/stddef.h>
17 #include <net/flow_dissector.h>
18 #include <scsi/fc/fc_fcoe.h>
20 static bool skb_flow_dissector_uses_key(struct flow_dissector
*flow_dissector
,
21 enum flow_dissector_key_id key_id
)
23 return flow_dissector
->used_keys
& (1 << key_id
);
26 static void skb_flow_dissector_set_key(struct flow_dissector
*flow_dissector
,
27 enum flow_dissector_key_id key_id
)
29 flow_dissector
->used_keys
|= (1 << key_id
);
32 static void *skb_flow_dissector_target(struct flow_dissector
*flow_dissector
,
33 enum flow_dissector_key_id key_id
,
34 void *target_container
)
36 return ((char *) target_container
) + flow_dissector
->offset
[key_id
];
39 void skb_flow_dissector_init(struct flow_dissector
*flow_dissector
,
40 const struct flow_dissector_key
*key
,
41 unsigned int key_count
)
45 memset(flow_dissector
, 0, sizeof(*flow_dissector
));
47 for (i
= 0; i
< key_count
; i
++, key
++) {
48 /* User should make sure that every key target offset is withing
49 * boundaries of unsigned short.
51 BUG_ON(key
->offset
> USHRT_MAX
);
52 BUG_ON(skb_flow_dissector_uses_key(flow_dissector
,
55 skb_flow_dissector_set_key(flow_dissector
, key
->key_id
);
56 flow_dissector
->offset
[key
->key_id
] = key
->offset
;
59 /* Ensure that the dissector always includes basic key. That way
60 * we are able to avoid handling lack of it in fast path.
62 BUG_ON(!skb_flow_dissector_uses_key(flow_dissector
,
63 FLOW_DISSECTOR_KEY_BASIC
));
65 EXPORT_SYMBOL(skb_flow_dissector_init
);
68 * __skb_flow_get_ports - extract the upper layer ports and return them
69 * @skb: sk_buff to extract the ports from
70 * @thoff: transport header offset
71 * @ip_proto: protocol for which to get port offset
72 * @data: raw buffer pointer to the packet, if NULL use skb->data
73 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
75 * The function will try to retrieve the ports at offset thoff + poff where poff
76 * is the protocol port offset returned from proto_ports_offset
78 __be32
__skb_flow_get_ports(const struct sk_buff
*skb
, int thoff
, u8 ip_proto
,
81 int poff
= proto_ports_offset(ip_proto
);
85 hlen
= skb_headlen(skb
);
89 __be32
*ports
, _ports
;
91 ports
= __skb_header_pointer(skb
, thoff
+ poff
,
92 sizeof(_ports
), data
, hlen
, &_ports
);
99 EXPORT_SYMBOL(__skb_flow_get_ports
);
102 * __skb_flow_dissect - extract the flow_keys struct and return it
103 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
104 * @flow_dissector: list of keys to dissect
105 * @target_container: target structure to put dissected values into
106 * @data: raw buffer pointer to the packet, if NULL use skb->data
107 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
108 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
109 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
111 * The function will try to retrieve individual keys into target specified
112 * by flow_dissector from either the skbuff or a raw buffer specified by the
115 * Caller must take care of zeroing target container memory.
117 bool __skb_flow_dissect(const struct sk_buff
*skb
,
118 struct flow_dissector
*flow_dissector
,
119 void *target_container
,
120 void *data
, __be16 proto
, int nhoff
, int hlen
)
122 struct flow_dissector_key_basic
*key_basic
;
123 struct flow_dissector_key_addrs
*key_addrs
;
124 struct flow_dissector_key_ports
*key_ports
;
129 proto
= skb
->protocol
;
130 nhoff
= skb_network_offset(skb
);
131 hlen
= skb_headlen(skb
);
134 /* It is ensured by skb_flow_dissector_init() that basic key will
137 key_basic
= skb_flow_dissector_target(flow_dissector
,
138 FLOW_DISSECTOR_KEY_BASIC
,
143 case htons(ETH_P_IP
): {
144 const struct iphdr
*iph
;
147 iph
= __skb_header_pointer(skb
, nhoff
, sizeof(_iph
), data
, hlen
, &_iph
);
148 if (!iph
|| iph
->ihl
< 5)
150 nhoff
+= iph
->ihl
* 4;
152 ip_proto
= iph
->protocol
;
153 if (ip_is_fragment(iph
))
156 if (!skb_flow_dissector_uses_key(flow_dissector
,
157 FLOW_DISSECTOR_KEY_IPV4_ADDRS
))
159 key_addrs
= skb_flow_dissector_target(flow_dissector
,
160 FLOW_DISSECTOR_KEY_IPV4_ADDRS
,
162 memcpy(key_addrs
, &iph
->saddr
, sizeof(*key_addrs
));
165 case htons(ETH_P_IPV6
): {
166 const struct ipv6hdr
*iph
;
171 iph
= __skb_header_pointer(skb
, nhoff
, sizeof(_iph
), data
, hlen
, &_iph
);
175 ip_proto
= iph
->nexthdr
;
176 nhoff
+= sizeof(struct ipv6hdr
);
178 if (skb_flow_dissector_uses_key(flow_dissector
,
179 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
)) {
180 key_addrs
= skb_flow_dissector_target(flow_dissector
,
181 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
,
184 key_addrs
->src
= (__force __be32
)ipv6_addr_hash(&iph
->saddr
);
185 key_addrs
->dst
= (__force __be32
)ipv6_addr_hash(&iph
->daddr
);
188 if (skb_flow_dissector_uses_key(flow_dissector
,
189 FLOW_DISSECTOR_KEY_IPV6_ADDRS
)) {
190 struct flow_dissector_key_ipv6_addrs
*key_ipv6_addrs
;
192 key_ipv6_addrs
= skb_flow_dissector_target(flow_dissector
,
193 FLOW_DISSECTOR_KEY_IPV6_ADDRS
,
196 memcpy(key_ipv6_addrs
, &iph
->saddr
, sizeof(*key_ipv6_addrs
));
201 flow_label
= ip6_flowlabel(iph
);
203 /* Awesome, IPv6 packet has a flow label so we can
204 * use that to represent the ports without any
205 * further dissection.
208 key_basic
->n_proto
= proto
;
209 key_basic
->ip_proto
= ip_proto
;
210 key_basic
->thoff
= (u16
)nhoff
;
212 if (!skb_flow_dissector_uses_key(flow_dissector
,
213 FLOW_DISSECTOR_KEY_PORTS
))
215 key_ports
= skb_flow_dissector_target(flow_dissector
,
216 FLOW_DISSECTOR_KEY_PORTS
,
218 key_ports
->ports
= flow_label
;
225 case htons(ETH_P_8021AD
):
226 case htons(ETH_P_8021Q
): {
227 const struct vlan_hdr
*vlan
;
228 struct vlan_hdr _vlan
;
230 vlan
= __skb_header_pointer(skb
, nhoff
, sizeof(_vlan
), data
, hlen
, &_vlan
);
234 proto
= vlan
->h_vlan_encapsulated_proto
;
235 nhoff
+= sizeof(*vlan
);
238 case htons(ETH_P_PPP_SES
): {
240 struct pppoe_hdr hdr
;
243 hdr
= __skb_header_pointer(skb
, nhoff
, sizeof(_hdr
), data
, hlen
, &_hdr
);
247 nhoff
+= PPPOE_SES_HLEN
;
251 case htons(PPP_IPV6
):
257 case htons(ETH_P_TIPC
): {
262 hdr
= __skb_header_pointer(skb
, nhoff
, sizeof(_hdr
), data
, hlen
, &_hdr
);
265 key_basic
->n_proto
= proto
;
266 key_basic
->thoff
= (u16
)nhoff
;
268 if (skb_flow_dissector_uses_key(flow_dissector
,
269 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
)) {
271 key_addrs
= skb_flow_dissector_target(flow_dissector
,
272 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
,
274 key_addrs
->src
= hdr
->srcnode
;
279 case htons(ETH_P_FCOE
):
280 key_basic
->thoff
= (u16
)(nhoff
+ FCOE_HEADER_LEN
);
293 hdr
= __skb_header_pointer(skb
, nhoff
, sizeof(_hdr
), data
, hlen
, &_hdr
);
297 * Only look inside GRE if version zero and no
300 if (!(hdr
->flags
& (GRE_VERSION
|GRE_ROUTING
))) {
303 if (hdr
->flags
& GRE_CSUM
)
305 if (hdr
->flags
& GRE_KEY
)
307 if (hdr
->flags
& GRE_SEQ
)
309 if (proto
== htons(ETH_P_TEB
)) {
310 const struct ethhdr
*eth
;
313 eth
= __skb_header_pointer(skb
, nhoff
,
318 proto
= eth
->h_proto
;
319 nhoff
+= sizeof(*eth
);
326 proto
= htons(ETH_P_IP
);
329 proto
= htons(ETH_P_IPV6
);
335 /* It is ensured by skb_flow_dissector_init() that basic key will
338 key_basic
= skb_flow_dissector_target(flow_dissector
,
339 FLOW_DISSECTOR_KEY_BASIC
,
341 key_basic
->n_proto
= proto
;
342 key_basic
->ip_proto
= ip_proto
;
343 key_basic
->thoff
= (u16
) nhoff
;
345 if (skb_flow_dissector_uses_key(flow_dissector
,
346 FLOW_DISSECTOR_KEY_PORTS
)) {
347 key_ports
= skb_flow_dissector_target(flow_dissector
,
348 FLOW_DISSECTOR_KEY_PORTS
,
350 key_ports
->ports
= __skb_flow_get_ports(skb
, nhoff
, ip_proto
,
356 EXPORT_SYMBOL(__skb_flow_dissect
);
358 static u32 hashrnd __read_mostly
;
359 static __always_inline
void __flow_hash_secret_init(void)
361 net_get_random_once(&hashrnd
, sizeof(hashrnd
));
364 static __always_inline u32
__flow_hash_3words(u32 a
, u32 b
, u32 c
, u32 keyval
)
366 return jhash_3words(a
, b
, c
, keyval
);
369 static inline u32
__flow_hash_from_keys(struct flow_keys
*keys
, u32 keyval
)
373 /* get a consistent hash (same value on both flow directions) */
374 if (((__force u32
)keys
->addrs
.dst
< (__force u32
)keys
->addrs
.src
) ||
375 (((__force u32
)keys
->addrs
.dst
== (__force u32
)keys
->addrs
.src
) &&
376 ((__force u16
)keys
->ports
.port16
[1] < (__force u16
)keys
->ports
.port16
[0]))) {
377 swap(keys
->addrs
.dst
, keys
->addrs
.src
);
378 swap(keys
->ports
.port16
[0], keys
->ports
.port16
[1]);
381 hash
= __flow_hash_3words((__force u32
)keys
->addrs
.dst
,
382 (__force u32
)keys
->addrs
.src
,
383 (__force u32
)keys
->ports
.ports
,
391 u32
flow_hash_from_keys(struct flow_keys
*keys
)
393 __flow_hash_secret_init();
394 return __flow_hash_from_keys(keys
, hashrnd
);
396 EXPORT_SYMBOL(flow_hash_from_keys
);
398 static inline u32
___skb_get_hash(const struct sk_buff
*skb
,
399 struct flow_keys
*keys
, u32 keyval
)
401 if (!skb_flow_dissect_flow_keys(skb
, keys
))
404 return __flow_hash_from_keys(keys
, keyval
);
407 struct _flow_keys_digest_data
{
416 void make_flow_keys_digest(struct flow_keys_digest
*digest
,
417 const struct flow_keys
*flow
)
419 struct _flow_keys_digest_data
*data
=
420 (struct _flow_keys_digest_data
*)digest
;
422 BUILD_BUG_ON(sizeof(*data
) > sizeof(*digest
));
424 memset(digest
, 0, sizeof(*digest
));
426 data
->n_proto
= flow
->basic
.n_proto
;
427 data
->ip_proto
= flow
->basic
.ip_proto
;
428 data
->ports
= flow
->ports
.ports
;
429 data
->src
= flow
->addrs
.src
;
430 data
->dst
= flow
->addrs
.dst
;
432 EXPORT_SYMBOL(make_flow_keys_digest
);
435 * __skb_get_hash: calculate a flow hash
436 * @skb: sk_buff to calculate flow hash from
438 * This function calculates a flow hash based on src/dst addresses
439 * and src/dst port numbers. Sets hash in skb to non-zero hash value
440 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
441 * if hash is a canonical 4-tuple hash over transport ports.
443 void __skb_get_hash(struct sk_buff
*skb
)
445 struct flow_keys keys
;
448 __flow_hash_secret_init();
450 hash
= ___skb_get_hash(skb
, &keys
, hashrnd
);
453 if (keys
.ports
.ports
)
458 EXPORT_SYMBOL(__skb_get_hash
);
460 __u32
skb_get_hash_perturb(const struct sk_buff
*skb
, u32 perturb
)
462 struct flow_keys keys
;
464 return ___skb_get_hash(skb
, &keys
, perturb
);
466 EXPORT_SYMBOL(skb_get_hash_perturb
);
468 u32
__skb_get_poff(const struct sk_buff
*skb
, void *data
,
469 const struct flow_keys
*keys
, int hlen
)
471 u32 poff
= keys
->basic
.thoff
;
473 switch (keys
->basic
.ip_proto
) {
475 /* access doff as u8 to avoid unaligned access */
479 doff
= __skb_header_pointer(skb
, poff
+ 12, sizeof(_doff
),
484 poff
+= max_t(u32
, sizeof(struct tcphdr
), (*doff
& 0xF0) >> 2);
488 case IPPROTO_UDPLITE
:
489 poff
+= sizeof(struct udphdr
);
491 /* For the rest, we do not really care about header
492 * extensions at this point for now.
495 poff
+= sizeof(struct icmphdr
);
498 poff
+= sizeof(struct icmp6hdr
);
501 poff
+= sizeof(struct igmphdr
);
504 poff
+= sizeof(struct dccp_hdr
);
507 poff
+= sizeof(struct sctphdr
);
515 * skb_get_poff - get the offset to the payload
516 * @skb: sk_buff to get the payload offset from
518 * The function will get the offset to the payload as far as it could
519 * be dissected. The main user is currently BPF, so that we can dynamically
520 * truncate packets without needing to push actual payload to the user
521 * space and can analyze headers only, instead.
523 u32
skb_get_poff(const struct sk_buff
*skb
)
525 struct flow_keys keys
;
527 if (!skb_flow_dissect_flow_keys(skb
, &keys
))
530 return __skb_get_poff(skb
, skb
->data
, &keys
, skb_headlen(skb
));
533 static const struct flow_dissector_key flow_keys_dissector_keys
[] = {
535 .key_id
= FLOW_DISSECTOR_KEY_BASIC
,
536 .offset
= offsetof(struct flow_keys
, basic
),
539 .key_id
= FLOW_DISSECTOR_KEY_IPV4_ADDRS
,
540 .offset
= offsetof(struct flow_keys
, addrs
),
543 .key_id
= FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS
,
544 .offset
= offsetof(struct flow_keys
, addrs
),
547 .key_id
= FLOW_DISSECTOR_KEY_PORTS
,
548 .offset
= offsetof(struct flow_keys
, ports
),
552 static const struct flow_dissector_key flow_keys_buf_dissector_keys
[] = {
554 .key_id
= FLOW_DISSECTOR_KEY_BASIC
,
555 .offset
= offsetof(struct flow_keys
, basic
),
559 struct flow_dissector flow_keys_dissector __read_mostly
;
560 EXPORT_SYMBOL(flow_keys_dissector
);
562 struct flow_dissector flow_keys_buf_dissector __read_mostly
;
564 static int __init
init_default_flow_dissectors(void)
566 skb_flow_dissector_init(&flow_keys_dissector
,
567 flow_keys_dissector_keys
,
568 ARRAY_SIZE(flow_keys_dissector_keys
));
569 skb_flow_dissector_init(&flow_keys_buf_dissector
,
570 flow_keys_buf_dissector_keys
,
571 ARRAY_SIZE(flow_keys_buf_dissector_keys
));
575 late_initcall_sync(init_default_flow_dissectors
);