1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NET_FLOW_DISSECTOR_H 3 #define _NET_FLOW_DISSECTOR_H 4 5 #include <linux/types.h> 6 #include <linux/in6.h> 7 #include <linux/siphash.h> 8 #include <linux/string.h> 9 #include <uapi/linux/if_ether.h> 10 11 struct bpf_prog; 12 struct net; 13 struct sk_buff; 14 15 /** 16 * struct flow_dissector_key_control: 17 * @thoff: Transport header offset 18 * @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_* 19 * @flags: Key flags. Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAGENCAPSULATION) 20 */ 21 struct flow_dissector_key_control { 22 u16 thoff; 23 u16 addr_type; 24 u32 flags; 25 }; 26 27 #define FLOW_DIS_IS_FRAGMENT BIT(0) 28 #define FLOW_DIS_FIRST_FRAG BIT(1) 29 #define FLOW_DIS_ENCAPSULATION BIT(2) 30 31 enum flow_dissect_ret { 32 FLOW_DISSECT_RET_OUT_GOOD, 33 FLOW_DISSECT_RET_OUT_BAD, 34 FLOW_DISSECT_RET_PROTO_AGAIN, 35 FLOW_DISSECT_RET_IPPROTO_AGAIN, 36 FLOW_DISSECT_RET_CONTINUE, 37 }; 38 39 /** 40 * struct flow_dissector_key_basic: 41 * @n_proto: Network header protocol (eg. IPv4/IPv6) 42 * @ip_proto: Transport header protocol (eg. TCP/UDP) 43 * @padding: Unused 44 */ 45 struct flow_dissector_key_basic { 46 __be16 n_proto; 47 u8 ip_proto; 48 u8 padding; 49 }; 50 51 struct flow_dissector_key_tags { 52 u32 flow_label; 53 }; 54 55 struct flow_dissector_key_vlan { 56 union { 57 struct { 58 u16 vlan_id:12, 59 vlan_dei:1, 60 vlan_priority:3; 61 }; 62 __be16 vlan_tci; 63 }; 64 __be16 vlan_tpid; 65 __be16 vlan_eth_type; 66 u16 padding; 67 }; 68 69 struct flow_dissector_mpls_lse { 70 u32 mpls_ttl:8, 71 mpls_bos:1, 72 mpls_tc:3, 73 mpls_label:20; 74 }; 75 76 #define FLOW_DIS_MPLS_MAX 7 77 struct flow_dissector_key_mpls { 78 struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; /* Label Stack */ 79 u8 used_lses; /* One bit set for each Label Stack Entry in use */ 80 }; 81 82 static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls, 83 int lse_index) 84 { 85 mpls->used_lses |= 1 << lse_index; 86 } 87 88 #define FLOW_DIS_TUN_OPTS_MAX 255 89 /** 90 * struct flow_dissector_key_enc_opts: 91 * @data: tunnel option data 92 * @len: length of tunnel option data 93 * @dst_opt_type: tunnel option type 94 */ 95 struct flow_dissector_key_enc_opts { 96 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired 97 * here but seems difficult to #include 98 */ 99 u8 len; 100 __be16 dst_opt_type; 101 }; 102 103 struct flow_dissector_key_keyid { 104 __be32 keyid; 105 }; 106 107 /** 108 * struct flow_dissector_key_ipv4_addrs: 109 * @src: source ip address 110 * @dst: destination ip address 111 */ 112 struct flow_dissector_key_ipv4_addrs { 113 /* (src,dst) must be grouped, in the same way than in IP header */ 114 __be32 src; 115 __be32 dst; 116 }; 117 118 /** 119 * struct flow_dissector_key_ipv6_addrs: 120 * @src: source ip address 121 * @dst: destination ip address 122 */ 123 struct flow_dissector_key_ipv6_addrs { 124 /* (src,dst) must be grouped, in the same way than in IP header */ 125 struct in6_addr src; 126 struct in6_addr dst; 127 }; 128 129 /** 130 * struct flow_dissector_key_tipc: 131 * @key: source node address combined with selector 132 */ 133 struct flow_dissector_key_tipc { 134 __be32 key; 135 }; 136 137 /** 138 * struct flow_dissector_key_addrs: 139 * @v4addrs: IPv4 addresses 140 * @v6addrs: IPv6 addresses 141 * @tipckey: TIPC key 142 */ 143 struct flow_dissector_key_addrs { 144 union { 145 struct flow_dissector_key_ipv4_addrs v4addrs; 146 struct flow_dissector_key_ipv6_addrs v6addrs; 147 struct flow_dissector_key_tipc tipckey; 148 }; 149 }; 150 151 /** 152 * struct flow_dissector_key_arp: 153 * @sip: Sender IP address 154 * @tip: Target IP address 155 * @op: Operation 156 * @sha: Sender hardware address 157 * @tha: Target hardware address 158 */ 159 struct flow_dissector_key_arp { 160 __u32 sip; 161 __u32 tip; 162 __u8 op; 163 unsigned char sha[ETH_ALEN]; 164 unsigned char tha[ETH_ALEN]; 165 }; 166 167 /** 168 * struct flow_dissector_key_ports: 169 * @ports: port numbers of Transport header 170 * @src: source port number 171 * @dst: destination port number 172 */ 173 struct flow_dissector_key_ports { 174 union { 175 __be32 ports; 176 struct { 177 __be16 src; 178 __be16 dst; 179 }; 180 }; 181 }; 182 183 /** 184 * struct flow_dissector_key_ports_range 185 * @tp: port number from packet 186 * @tp_min: min port number in range 187 * @tp_max: max port number in range 188 */ 189 struct flow_dissector_key_ports_range { 190 union { 191 struct flow_dissector_key_ports tp; 192 struct { 193 struct flow_dissector_key_ports tp_min; 194 struct flow_dissector_key_ports tp_max; 195 }; 196 }; 197 }; 198 199 /** 200 * struct flow_dissector_key_icmp: 201 * @type: ICMP type 202 * @code: ICMP code 203 * @id: Session identifier 204 */ 205 struct flow_dissector_key_icmp { 206 struct { 207 u8 type; 208 u8 code; 209 }; 210 u16 id; 211 }; 212 213 /** 214 * struct flow_dissector_key_eth_addrs: 215 * @src: source Ethernet address 216 * @dst: destination Ethernet address 217 */ 218 struct flow_dissector_key_eth_addrs { 219 /* (dst,src) must be grouped, in the same way than in ETH header */ 220 unsigned char dst[ETH_ALEN]; 221 unsigned char src[ETH_ALEN]; 222 }; 223 224 /** 225 * struct flow_dissector_key_tcp: 226 * @flags: flags 227 */ 228 struct flow_dissector_key_tcp { 229 __be16 flags; 230 }; 231 232 /** 233 * struct flow_dissector_key_ip: 234 * @tos: tos 235 * @ttl: ttl 236 */ 237 struct flow_dissector_key_ip { 238 __u8 tos; 239 __u8 ttl; 240 }; 241 242 /** 243 * struct flow_dissector_key_meta: 244 * @ingress_ifindex: ingress ifindex 245 * @ingress_iftype: ingress interface type 246 * @l2_miss: packet did not match an L2 entry during forwarding 247 */ 248 struct flow_dissector_key_meta { 249 int ingress_ifindex; 250 u16 ingress_iftype; 251 u8 l2_miss; 252 }; 253 254 /** 255 * struct flow_dissector_key_ct: 256 * @ct_state: conntrack state after converting with map 257 * @ct_mark: conttrack mark 258 * @ct_zone: conntrack zone 259 * @ct_labels: conntrack labels 260 */ 261 struct flow_dissector_key_ct { 262 u16 ct_state; 263 u16 ct_zone; 264 u32 ct_mark; 265 u32 ct_labels[4]; 266 }; 267 268 /** 269 * struct flow_dissector_key_hash: 270 * @hash: hash value 271 */ 272 struct flow_dissector_key_hash { 273 u32 hash; 274 }; 275 276 /** 277 * struct flow_dissector_key_num_of_vlans: 278 * @num_of_vlans: num_of_vlans value 279 */ 280 struct flow_dissector_key_num_of_vlans { 281 u8 num_of_vlans; 282 }; 283 284 /** 285 * struct flow_dissector_key_pppoe: 286 * @session_id: pppoe session id 287 * @ppp_proto: ppp protocol 288 * @type: pppoe eth type 289 */ 290 struct flow_dissector_key_pppoe { 291 __be16 session_id; 292 __be16 ppp_proto; 293 __be16 type; 294 }; 295 296 /** 297 * struct flow_dissector_key_l2tpv3: 298 * @session_id: identifier for a l2tp session 299 */ 300 struct flow_dissector_key_l2tpv3 { 301 __be32 session_id; 302 }; 303 304 /** 305 * struct flow_dissector_key_ipsec: 306 * @spi: identifier for a ipsec connection 307 */ 308 struct flow_dissector_key_ipsec { 309 __be32 spi; 310 }; 311 312 /** 313 * struct flow_dissector_key_cfm 314 * @mdl_ver: maintenance domain level (mdl) and cfm protocol version 315 * @opcode: code specifying a type of cfm protocol packet 316 * 317 * See 802.1ag, ITU-T G.8013/Y.1731 318 * 1 2 319 * |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0| 320 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 321 * | mdl | version | opcode | 322 * +-----+---------+-+-+-+-+-+-+-+-+ 323 */ 324 struct flow_dissector_key_cfm { 325 u8 mdl_ver; 326 u8 opcode; 327 }; 328 329 #define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5) 330 #define FLOW_DIS_CFM_MDL_MAX 7 331 332 enum flow_dissector_key_id { 333 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ 334 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ 335 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 336 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 337 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */ 338 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */ 339 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */ 340 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */ 341 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */ 342 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */ 343 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */ 344 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */ 345 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */ 346 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */ 347 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */ 348 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 349 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 350 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */ 351 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ 352 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ 353 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ 354 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ 355 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */ 356 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */ 357 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */ 358 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */ 359 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */ 360 FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */ 361 FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */ 362 FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */ 363 FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */ 364 FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */ 365 FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */ 366 367 FLOW_DISSECTOR_KEY_MAX, 368 }; 369 370 #define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0) 371 #define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1) 372 #define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2) 373 #define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3) 374 375 struct flow_dissector_key { 376 enum flow_dissector_key_id key_id; 377 size_t offset; /* offset of struct flow_dissector_key_* 378 in target the struct */ 379 }; 380 381 struct flow_dissector { 382 unsigned long long used_keys; 383 /* each bit represents presence of one key id */ 384 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX]; 385 }; 386 387 struct flow_keys_basic { 388 struct flow_dissector_key_control control; 389 struct flow_dissector_key_basic basic; 390 }; 391 392 struct flow_keys { 393 struct flow_dissector_key_control control; 394 #define FLOW_KEYS_HASH_START_FIELD basic 395 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT); 396 struct flow_dissector_key_tags tags; 397 struct flow_dissector_key_vlan vlan; 398 struct flow_dissector_key_vlan cvlan; 399 struct flow_dissector_key_keyid keyid; 400 struct flow_dissector_key_ports ports; 401 struct flow_dissector_key_icmp icmp; 402 /* 'addrs' must be the last member */ 403 struct flow_dissector_key_addrs addrs; 404 }; 405 406 #define FLOW_KEYS_HASH_OFFSET \ 407 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD) 408 409 __be32 flow_get_u32_src(const struct flow_keys *flow); 410 __be32 flow_get_u32_dst(const struct flow_keys *flow); 411 412 extern struct flow_dissector flow_keys_dissector; 413 extern struct flow_dissector flow_keys_basic_dissector; 414 415 /* struct flow_keys_digest: 416 * 417 * This structure is used to hold a digest of the full flow keys. This is a 418 * larger "hash" of a flow to allow definitively matching specific flows where 419 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so 420 * that it can be used in CB of skb (see sch_choke for an example). 421 */ 422 #define FLOW_KEYS_DIGEST_LEN 16 423 struct flow_keys_digest { 424 u8 data[FLOW_KEYS_DIGEST_LEN]; 425 }; 426 427 void make_flow_keys_digest(struct flow_keys_digest *digest, 428 const struct flow_keys *flow); 429 430 static inline bool flow_keys_have_l4(const struct flow_keys *keys) 431 { 432 return (keys->ports.ports || keys->tags.flow_label); 433 } 434 435 u32 flow_hash_from_keys(struct flow_keys *keys); 436 void skb_flow_get_icmp_tci(const struct sk_buff *skb, 437 struct flow_dissector_key_icmp *key_icmp, 438 const void *data, int thoff, int hlen); 439 440 static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector, 441 enum flow_dissector_key_id key_id) 442 { 443 return flow_dissector->used_keys & (1ULL << key_id); 444 } 445 446 static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector, 447 enum flow_dissector_key_id key_id, 448 void *target_container) 449 { 450 return ((char *)target_container) + flow_dissector->offset[key_id]; 451 } 452 453 struct bpf_flow_dissector { 454 struct bpf_flow_keys *flow_keys; 455 const struct sk_buff *skb; 456 const void *data; 457 const void *data_end; 458 }; 459 460 static inline void 461 flow_dissector_init_keys(struct flow_dissector_key_control *key_control, 462 struct flow_dissector_key_basic *key_basic) 463 { 464 memset(key_control, 0, sizeof(*key_control)); 465 memset(key_basic, 0, sizeof(*key_basic)); 466 } 467 468 #ifdef CONFIG_BPF_SYSCALL 469 int flow_dissector_bpf_prog_attach_check(struct net *net, 470 struct bpf_prog *prog); 471 #endif /* CONFIG_BPF_SYSCALL */ 472 473 #endif 474