1 #include <linux/kernel.h> 2 #include <linux/skbuff.h> 3 #include <linux/export.h> 4 #include <linux/ip.h> 5 #include <linux/ipv6.h> 6 #include <linux/if_vlan.h> 7 #include <net/ip.h> 8 #include <net/ipv6.h> 9 #include <net/gre.h> 10 #include <net/pptp.h> 11 #include <linux/igmp.h> 12 #include <linux/icmp.h> 13 #include <linux/sctp.h> 14 #include <linux/dccp.h> 15 #include <linux/if_tunnel.h> 16 #include <linux/if_pppox.h> 17 #include <linux/ppp_defs.h> 18 #include <linux/stddef.h> 19 #include <linux/if_ether.h> 20 #include <linux/mpls.h> 21 #include <net/flow_dissector.h> 22 #include <scsi/fc/fc_fcoe.h> 23 24 static void dissector_set_key(struct flow_dissector *flow_dissector, 25 enum flow_dissector_key_id key_id) 26 { 27 flow_dissector->used_keys |= (1 << key_id); 28 } 29 30 void skb_flow_dissector_init(struct flow_dissector *flow_dissector, 31 const struct flow_dissector_key *key, 32 unsigned int key_count) 33 { 34 unsigned int i; 35 36 memset(flow_dissector, 0, sizeof(*flow_dissector)); 37 38 for (i = 0; i < key_count; i++, key++) { 39 /* User should make sure that every key target offset is withing 40 * boundaries of unsigned short. 41 */ 42 BUG_ON(key->offset > USHRT_MAX); 43 BUG_ON(dissector_uses_key(flow_dissector, 44 key->key_id)); 45 46 dissector_set_key(flow_dissector, key->key_id); 47 flow_dissector->offset[key->key_id] = key->offset; 48 } 49 50 /* Ensure that the dissector always includes control and basic key. 51 * That way we are able to avoid handling lack of these in fast path. 52 */ 53 BUG_ON(!dissector_uses_key(flow_dissector, 54 FLOW_DISSECTOR_KEY_CONTROL)); 55 BUG_ON(!dissector_uses_key(flow_dissector, 56 FLOW_DISSECTOR_KEY_BASIC)); 57 } 58 EXPORT_SYMBOL(skb_flow_dissector_init); 59 60 /** 61 * __skb_flow_get_ports - extract the upper layer ports and return them 62 * @skb: sk_buff to extract the ports from 63 * @thoff: transport header offset 64 * @ip_proto: protocol for which to get port offset 65 * @data: raw buffer pointer to the packet, if NULL use skb->data 66 * @hlen: packet header length, if @data is NULL use skb_headlen(skb) 67 * 68 * The function will try to retrieve the ports at offset thoff + poff where poff 69 * is the protocol port offset returned from proto_ports_offset 70 */ 71 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto, 72 void *data, int hlen) 73 { 74 int poff = proto_ports_offset(ip_proto); 75 76 if (!data) { 77 data = skb->data; 78 hlen = skb_headlen(skb); 79 } 80 81 if (poff >= 0) { 82 __be32 *ports, _ports; 83 84 ports = __skb_header_pointer(skb, thoff + poff, 85 sizeof(_ports), data, hlen, &_ports); 86 if (ports) 87 return *ports; 88 } 89 90 return 0; 91 } 92 EXPORT_SYMBOL(__skb_flow_get_ports); 93 94 /** 95 * __skb_flow_dissect - extract the flow_keys struct and return it 96 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified 97 * @flow_dissector: list of keys to dissect 98 * @target_container: target structure to put dissected values into 99 * @data: raw buffer pointer to the packet, if NULL use skb->data 100 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol 101 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb) 102 * @hlen: packet header length, if @data is NULL use skb_headlen(skb) 103 * 104 * The function will try to retrieve individual keys into target specified 105 * by flow_dissector from either the skbuff or a raw buffer specified by the 106 * rest parameters. 107 * 108 * Caller must take care of zeroing target container memory. 109 */ 110 bool __skb_flow_dissect(const struct sk_buff *skb, 111 struct flow_dissector *flow_dissector, 112 void *target_container, 113 void *data, __be16 proto, int nhoff, int hlen, 114 unsigned int flags) 115 { 116 struct flow_dissector_key_control *key_control; 117 struct flow_dissector_key_basic *key_basic; 118 struct flow_dissector_key_addrs *key_addrs; 119 struct flow_dissector_key_ports *key_ports; 120 struct flow_dissector_key_tags *key_tags; 121 struct flow_dissector_key_vlan *key_vlan; 122 struct flow_dissector_key_keyid *key_keyid; 123 bool skip_vlan = false; 124 u8 ip_proto = 0; 125 bool ret = false; 126 127 if (!data) { 128 data = skb->data; 129 proto = skb_vlan_tag_present(skb) ? 130 skb->vlan_proto : skb->protocol; 131 nhoff = skb_network_offset(skb); 132 hlen = skb_headlen(skb); 133 } 134 135 /* It is ensured by skb_flow_dissector_init() that control key will 136 * be always present. 137 */ 138 key_control = skb_flow_dissector_target(flow_dissector, 139 FLOW_DISSECTOR_KEY_CONTROL, 140 target_container); 141 142 /* It is ensured by skb_flow_dissector_init() that basic key will 143 * be always present. 144 */ 145 key_basic = skb_flow_dissector_target(flow_dissector, 146 FLOW_DISSECTOR_KEY_BASIC, 147 target_container); 148 149 if (dissector_uses_key(flow_dissector, 150 FLOW_DISSECTOR_KEY_ETH_ADDRS)) { 151 struct ethhdr *eth = eth_hdr(skb); 152 struct flow_dissector_key_eth_addrs *key_eth_addrs; 153 154 key_eth_addrs = skb_flow_dissector_target(flow_dissector, 155 FLOW_DISSECTOR_KEY_ETH_ADDRS, 156 target_container); 157 memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs)); 158 } 159 160 again: 161 switch (proto) { 162 case htons(ETH_P_IP): { 163 const struct iphdr *iph; 164 struct iphdr _iph; 165 ip: 166 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph); 167 if (!iph || iph->ihl < 5) 168 goto out_bad; 169 nhoff += iph->ihl * 4; 170 171 ip_proto = iph->protocol; 172 173 if (dissector_uses_key(flow_dissector, 174 FLOW_DISSECTOR_KEY_IPV4_ADDRS)) { 175 key_addrs = skb_flow_dissector_target(flow_dissector, 176 FLOW_DISSECTOR_KEY_IPV4_ADDRS, 177 target_container); 178 179 memcpy(&key_addrs->v4addrs, &iph->saddr, 180 sizeof(key_addrs->v4addrs)); 181 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 182 } 183 184 if (ip_is_fragment(iph)) { 185 key_control->flags |= FLOW_DIS_IS_FRAGMENT; 186 187 if (iph->frag_off & htons(IP_OFFSET)) { 188 goto out_good; 189 } else { 190 key_control->flags |= FLOW_DIS_FIRST_FRAG; 191 if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)) 192 goto out_good; 193 } 194 } 195 196 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) 197 goto out_good; 198 199 break; 200 } 201 case htons(ETH_P_IPV6): { 202 const struct ipv6hdr *iph; 203 struct ipv6hdr _iph; 204 205 ipv6: 206 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph); 207 if (!iph) 208 goto out_bad; 209 210 ip_proto = iph->nexthdr; 211 nhoff += sizeof(struct ipv6hdr); 212 213 if (dissector_uses_key(flow_dissector, 214 FLOW_DISSECTOR_KEY_IPV6_ADDRS)) { 215 key_addrs = skb_flow_dissector_target(flow_dissector, 216 FLOW_DISSECTOR_KEY_IPV6_ADDRS, 217 target_container); 218 219 memcpy(&key_addrs->v6addrs, &iph->saddr, 220 sizeof(key_addrs->v6addrs)); 221 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 222 } 223 224 if ((dissector_uses_key(flow_dissector, 225 FLOW_DISSECTOR_KEY_FLOW_LABEL) || 226 (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) && 227 ip6_flowlabel(iph)) { 228 __be32 flow_label = ip6_flowlabel(iph); 229 230 if (dissector_uses_key(flow_dissector, 231 FLOW_DISSECTOR_KEY_FLOW_LABEL)) { 232 key_tags = skb_flow_dissector_target(flow_dissector, 233 FLOW_DISSECTOR_KEY_FLOW_LABEL, 234 target_container); 235 key_tags->flow_label = ntohl(flow_label); 236 } 237 if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL) 238 goto out_good; 239 } 240 241 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3) 242 goto out_good; 243 244 break; 245 } 246 case htons(ETH_P_8021AD): 247 case htons(ETH_P_8021Q): { 248 const struct vlan_hdr *vlan; 249 struct vlan_hdr _vlan; 250 bool vlan_tag_present = skb && skb_vlan_tag_present(skb); 251 252 if (vlan_tag_present) 253 proto = skb->protocol; 254 255 if (!vlan_tag_present || eth_type_vlan(skb->protocol)) { 256 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan), 257 data, hlen, &_vlan); 258 if (!vlan) 259 goto out_bad; 260 proto = vlan->h_vlan_encapsulated_proto; 261 nhoff += sizeof(*vlan); 262 if (skip_vlan) 263 goto again; 264 } 265 266 skip_vlan = true; 267 if (dissector_uses_key(flow_dissector, 268 FLOW_DISSECTOR_KEY_VLAN)) { 269 key_vlan = skb_flow_dissector_target(flow_dissector, 270 FLOW_DISSECTOR_KEY_VLAN, 271 target_container); 272 273 if (vlan_tag_present) { 274 key_vlan->vlan_id = skb_vlan_tag_get_id(skb); 275 key_vlan->vlan_priority = 276 (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT); 277 } else { 278 key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) & 279 VLAN_VID_MASK; 280 key_vlan->vlan_priority = 281 (ntohs(vlan->h_vlan_TCI) & 282 VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT; 283 } 284 } 285 286 goto again; 287 } 288 case htons(ETH_P_PPP_SES): { 289 struct { 290 struct pppoe_hdr hdr; 291 __be16 proto; 292 } *hdr, _hdr; 293 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); 294 if (!hdr) 295 goto out_bad; 296 proto = hdr->proto; 297 nhoff += PPPOE_SES_HLEN; 298 switch (proto) { 299 case htons(PPP_IP): 300 goto ip; 301 case htons(PPP_IPV6): 302 goto ipv6; 303 default: 304 goto out_bad; 305 } 306 } 307 case htons(ETH_P_TIPC): { 308 struct { 309 __be32 pre[3]; 310 __be32 srcnode; 311 } *hdr, _hdr; 312 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); 313 if (!hdr) 314 goto out_bad; 315 316 if (dissector_uses_key(flow_dissector, 317 FLOW_DISSECTOR_KEY_TIPC_ADDRS)) { 318 key_addrs = skb_flow_dissector_target(flow_dissector, 319 FLOW_DISSECTOR_KEY_TIPC_ADDRS, 320 target_container); 321 key_addrs->tipcaddrs.srcnode = hdr->srcnode; 322 key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS; 323 } 324 goto out_good; 325 } 326 327 case htons(ETH_P_MPLS_UC): 328 case htons(ETH_P_MPLS_MC): { 329 struct mpls_label *hdr, _hdr[2]; 330 mpls: 331 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, 332 hlen, &_hdr); 333 if (!hdr) 334 goto out_bad; 335 336 if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >> 337 MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) { 338 if (dissector_uses_key(flow_dissector, 339 FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) { 340 key_keyid = skb_flow_dissector_target(flow_dissector, 341 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, 342 target_container); 343 key_keyid->keyid = hdr[1].entry & 344 htonl(MPLS_LS_LABEL_MASK); 345 } 346 347 goto out_good; 348 } 349 350 goto out_good; 351 } 352 353 case htons(ETH_P_FCOE): 354 if ((hlen - nhoff) < FCOE_HEADER_LEN) 355 goto out_bad; 356 357 nhoff += FCOE_HEADER_LEN; 358 goto out_good; 359 default: 360 goto out_bad; 361 } 362 363 ip_proto_again: 364 switch (ip_proto) { 365 case IPPROTO_GRE: { 366 struct gre_base_hdr *hdr, _hdr; 367 u16 gre_ver; 368 int offset = 0; 369 370 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr); 371 if (!hdr) 372 goto out_bad; 373 374 /* Only look inside GRE without routing */ 375 if (hdr->flags & GRE_ROUTING) 376 break; 377 378 /* Only look inside GRE for version 0 and 1 */ 379 gre_ver = ntohs(hdr->flags & GRE_VERSION); 380 if (gre_ver > 1) 381 break; 382 383 proto = hdr->protocol; 384 if (gre_ver) { 385 /* Version1 must be PPTP, and check the flags */ 386 if (!(proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY))) 387 break; 388 } 389 390 offset += sizeof(struct gre_base_hdr); 391 392 if (hdr->flags & GRE_CSUM) 393 offset += sizeof(((struct gre_full_hdr *)0)->csum) + 394 sizeof(((struct gre_full_hdr *)0)->reserved1); 395 396 if (hdr->flags & GRE_KEY) { 397 const __be32 *keyid; 398 __be32 _keyid; 399 400 keyid = __skb_header_pointer(skb, nhoff + offset, sizeof(_keyid), 401 data, hlen, &_keyid); 402 if (!keyid) 403 goto out_bad; 404 405 if (dissector_uses_key(flow_dissector, 406 FLOW_DISSECTOR_KEY_GRE_KEYID)) { 407 key_keyid = skb_flow_dissector_target(flow_dissector, 408 FLOW_DISSECTOR_KEY_GRE_KEYID, 409 target_container); 410 if (gre_ver == 0) 411 key_keyid->keyid = *keyid; 412 else 413 key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK; 414 } 415 offset += sizeof(((struct gre_full_hdr *)0)->key); 416 } 417 418 if (hdr->flags & GRE_SEQ) 419 offset += sizeof(((struct pptp_gre_header *)0)->seq); 420 421 if (gre_ver == 0) { 422 if (proto == htons(ETH_P_TEB)) { 423 const struct ethhdr *eth; 424 struct ethhdr _eth; 425 426 eth = __skb_header_pointer(skb, nhoff + offset, 427 sizeof(_eth), 428 data, hlen, &_eth); 429 if (!eth) 430 goto out_bad; 431 proto = eth->h_proto; 432 offset += sizeof(*eth); 433 434 /* Cap headers that we access via pointers at the 435 * end of the Ethernet header as our maximum alignment 436 * at that point is only 2 bytes. 437 */ 438 if (NET_IP_ALIGN) 439 hlen = (nhoff + offset); 440 } 441 } else { /* version 1, must be PPTP */ 442 u8 _ppp_hdr[PPP_HDRLEN]; 443 u8 *ppp_hdr; 444 445 if (hdr->flags & GRE_ACK) 446 offset += sizeof(((struct pptp_gre_header *)0)->ack); 447 448 ppp_hdr = skb_header_pointer(skb, nhoff + offset, 449 sizeof(_ppp_hdr), _ppp_hdr); 450 if (!ppp_hdr) 451 goto out_bad; 452 453 switch (PPP_PROTOCOL(ppp_hdr)) { 454 case PPP_IP: 455 proto = htons(ETH_P_IP); 456 break; 457 case PPP_IPV6: 458 proto = htons(ETH_P_IPV6); 459 break; 460 default: 461 /* Could probably catch some more like MPLS */ 462 break; 463 } 464 465 offset += PPP_HDRLEN; 466 } 467 468 nhoff += offset; 469 key_control->flags |= FLOW_DIS_ENCAPSULATION; 470 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) 471 goto out_good; 472 473 goto again; 474 } 475 case NEXTHDR_HOP: 476 case NEXTHDR_ROUTING: 477 case NEXTHDR_DEST: { 478 u8 _opthdr[2], *opthdr; 479 480 if (proto != htons(ETH_P_IPV6)) 481 break; 482 483 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr), 484 data, hlen, &_opthdr); 485 if (!opthdr) 486 goto out_bad; 487 488 ip_proto = opthdr[0]; 489 nhoff += (opthdr[1] + 1) << 3; 490 491 goto ip_proto_again; 492 } 493 case NEXTHDR_FRAGMENT: { 494 struct frag_hdr _fh, *fh; 495 496 if (proto != htons(ETH_P_IPV6)) 497 break; 498 499 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh), 500 data, hlen, &_fh); 501 502 if (!fh) 503 goto out_bad; 504 505 key_control->flags |= FLOW_DIS_IS_FRAGMENT; 506 507 nhoff += sizeof(_fh); 508 ip_proto = fh->nexthdr; 509 510 if (!(fh->frag_off & htons(IP6_OFFSET))) { 511 key_control->flags |= FLOW_DIS_FIRST_FRAG; 512 if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG) 513 goto ip_proto_again; 514 } 515 goto out_good; 516 } 517 case IPPROTO_IPIP: 518 proto = htons(ETH_P_IP); 519 520 key_control->flags |= FLOW_DIS_ENCAPSULATION; 521 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) 522 goto out_good; 523 524 goto ip; 525 case IPPROTO_IPV6: 526 proto = htons(ETH_P_IPV6); 527 528 key_control->flags |= FLOW_DIS_ENCAPSULATION; 529 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) 530 goto out_good; 531 532 goto ipv6; 533 case IPPROTO_MPLS: 534 proto = htons(ETH_P_MPLS_UC); 535 goto mpls; 536 default: 537 break; 538 } 539 540 if (dissector_uses_key(flow_dissector, 541 FLOW_DISSECTOR_KEY_PORTS)) { 542 key_ports = skb_flow_dissector_target(flow_dissector, 543 FLOW_DISSECTOR_KEY_PORTS, 544 target_container); 545 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto, 546 data, hlen); 547 } 548 549 out_good: 550 ret = true; 551 552 out_bad: 553 key_basic->n_proto = proto; 554 key_basic->ip_proto = ip_proto; 555 key_control->thoff = (u16)nhoff; 556 557 return ret; 558 } 559 EXPORT_SYMBOL(__skb_flow_dissect); 560 561 static u32 hashrnd __read_mostly; 562 static __always_inline void __flow_hash_secret_init(void) 563 { 564 net_get_random_once(&hashrnd, sizeof(hashrnd)); 565 } 566 567 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length, 568 u32 keyval) 569 { 570 return jhash2(words, length, keyval); 571 } 572 573 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow) 574 { 575 const void *p = flow; 576 577 BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32)); 578 return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET); 579 } 580 581 static inline size_t flow_keys_hash_length(const struct flow_keys *flow) 582 { 583 size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs); 584 BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32)); 585 BUILD_BUG_ON(offsetof(typeof(*flow), addrs) != 586 sizeof(*flow) - sizeof(flow->addrs)); 587 588 switch (flow->control.addr_type) { 589 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 590 diff -= sizeof(flow->addrs.v4addrs); 591 break; 592 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 593 diff -= sizeof(flow->addrs.v6addrs); 594 break; 595 case FLOW_DISSECTOR_KEY_TIPC_ADDRS: 596 diff -= sizeof(flow->addrs.tipcaddrs); 597 break; 598 } 599 return (sizeof(*flow) - diff) / sizeof(u32); 600 } 601 602 __be32 flow_get_u32_src(const struct flow_keys *flow) 603 { 604 switch (flow->control.addr_type) { 605 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 606 return flow->addrs.v4addrs.src; 607 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 608 return (__force __be32)ipv6_addr_hash( 609 &flow->addrs.v6addrs.src); 610 case FLOW_DISSECTOR_KEY_TIPC_ADDRS: 611 return flow->addrs.tipcaddrs.srcnode; 612 default: 613 return 0; 614 } 615 } 616 EXPORT_SYMBOL(flow_get_u32_src); 617 618 __be32 flow_get_u32_dst(const struct flow_keys *flow) 619 { 620 switch (flow->control.addr_type) { 621 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 622 return flow->addrs.v4addrs.dst; 623 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 624 return (__force __be32)ipv6_addr_hash( 625 &flow->addrs.v6addrs.dst); 626 default: 627 return 0; 628 } 629 } 630 EXPORT_SYMBOL(flow_get_u32_dst); 631 632 static inline void __flow_hash_consistentify(struct flow_keys *keys) 633 { 634 int addr_diff, i; 635 636 switch (keys->control.addr_type) { 637 case FLOW_DISSECTOR_KEY_IPV4_ADDRS: 638 addr_diff = (__force u32)keys->addrs.v4addrs.dst - 639 (__force u32)keys->addrs.v4addrs.src; 640 if ((addr_diff < 0) || 641 (addr_diff == 0 && 642 ((__force u16)keys->ports.dst < 643 (__force u16)keys->ports.src))) { 644 swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst); 645 swap(keys->ports.src, keys->ports.dst); 646 } 647 break; 648 case FLOW_DISSECTOR_KEY_IPV6_ADDRS: 649 addr_diff = memcmp(&keys->addrs.v6addrs.dst, 650 &keys->addrs.v6addrs.src, 651 sizeof(keys->addrs.v6addrs.dst)); 652 if ((addr_diff < 0) || 653 (addr_diff == 0 && 654 ((__force u16)keys->ports.dst < 655 (__force u16)keys->ports.src))) { 656 for (i = 0; i < 4; i++) 657 swap(keys->addrs.v6addrs.src.s6_addr32[i], 658 keys->addrs.v6addrs.dst.s6_addr32[i]); 659 swap(keys->ports.src, keys->ports.dst); 660 } 661 break; 662 } 663 } 664 665 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval) 666 { 667 u32 hash; 668 669 __flow_hash_consistentify(keys); 670 671 hash = __flow_hash_words(flow_keys_hash_start(keys), 672 flow_keys_hash_length(keys), keyval); 673 if (!hash) 674 hash = 1; 675 676 return hash; 677 } 678 679 u32 flow_hash_from_keys(struct flow_keys *keys) 680 { 681 __flow_hash_secret_init(); 682 return __flow_hash_from_keys(keys, hashrnd); 683 } 684 EXPORT_SYMBOL(flow_hash_from_keys); 685 686 static inline u32 ___skb_get_hash(const struct sk_buff *skb, 687 struct flow_keys *keys, u32 keyval) 688 { 689 skb_flow_dissect_flow_keys(skb, keys, 690 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL); 691 692 return __flow_hash_from_keys(keys, keyval); 693 } 694 695 struct _flow_keys_digest_data { 696 __be16 n_proto; 697 u8 ip_proto; 698 u8 padding; 699 __be32 ports; 700 __be32 src; 701 __be32 dst; 702 }; 703 704 void make_flow_keys_digest(struct flow_keys_digest *digest, 705 const struct flow_keys *flow) 706 { 707 struct _flow_keys_digest_data *data = 708 (struct _flow_keys_digest_data *)digest; 709 710 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest)); 711 712 memset(digest, 0, sizeof(*digest)); 713 714 data->n_proto = flow->basic.n_proto; 715 data->ip_proto = flow->basic.ip_proto; 716 data->ports = flow->ports.ports; 717 data->src = flow->addrs.v4addrs.src; 718 data->dst = flow->addrs.v4addrs.dst; 719 } 720 EXPORT_SYMBOL(make_flow_keys_digest); 721 722 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly; 723 724 u32 __skb_get_hash_symmetric(struct sk_buff *skb) 725 { 726 struct flow_keys keys; 727 728 __flow_hash_secret_init(); 729 730 memset(&keys, 0, sizeof(keys)); 731 __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys, 732 NULL, 0, 0, 0, 733 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL); 734 735 return __flow_hash_from_keys(&keys, hashrnd); 736 } 737 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric); 738 739 /** 740 * __skb_get_hash: calculate a flow hash 741 * @skb: sk_buff to calculate flow hash from 742 * 743 * This function calculates a flow hash based on src/dst addresses 744 * and src/dst port numbers. Sets hash in skb to non-zero hash value 745 * on success, zero indicates no valid hash. Also, sets l4_hash in skb 746 * if hash is a canonical 4-tuple hash over transport ports. 747 */ 748 void __skb_get_hash(struct sk_buff *skb) 749 { 750 struct flow_keys keys; 751 u32 hash; 752 753 __flow_hash_secret_init(); 754 755 hash = ___skb_get_hash(skb, &keys, hashrnd); 756 757 __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys)); 758 } 759 EXPORT_SYMBOL(__skb_get_hash); 760 761 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb) 762 { 763 struct flow_keys keys; 764 765 return ___skb_get_hash(skb, &keys, perturb); 766 } 767 EXPORT_SYMBOL(skb_get_hash_perturb); 768 769 __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6) 770 { 771 struct flow_keys keys; 772 773 memset(&keys, 0, sizeof(keys)); 774 775 memcpy(&keys.addrs.v6addrs.src, &fl6->saddr, 776 sizeof(keys.addrs.v6addrs.src)); 777 memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr, 778 sizeof(keys.addrs.v6addrs.dst)); 779 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 780 keys.ports.src = fl6->fl6_sport; 781 keys.ports.dst = fl6->fl6_dport; 782 keys.keyid.keyid = fl6->fl6_gre_key; 783 keys.tags.flow_label = (__force u32)fl6->flowlabel; 784 keys.basic.ip_proto = fl6->flowi6_proto; 785 786 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys), 787 flow_keys_have_l4(&keys)); 788 789 return skb->hash; 790 } 791 EXPORT_SYMBOL(__skb_get_hash_flowi6); 792 793 __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4) 794 { 795 struct flow_keys keys; 796 797 memset(&keys, 0, sizeof(keys)); 798 799 keys.addrs.v4addrs.src = fl4->saddr; 800 keys.addrs.v4addrs.dst = fl4->daddr; 801 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 802 keys.ports.src = fl4->fl4_sport; 803 keys.ports.dst = fl4->fl4_dport; 804 keys.keyid.keyid = fl4->fl4_gre_key; 805 keys.basic.ip_proto = fl4->flowi4_proto; 806 807 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys), 808 flow_keys_have_l4(&keys)); 809 810 return skb->hash; 811 } 812 EXPORT_SYMBOL(__skb_get_hash_flowi4); 813 814 u32 __skb_get_poff(const struct sk_buff *skb, void *data, 815 const struct flow_keys *keys, int hlen) 816 { 817 u32 poff = keys->control.thoff; 818 819 /* skip L4 headers for fragments after the first */ 820 if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) && 821 !(keys->control.flags & FLOW_DIS_FIRST_FRAG)) 822 return poff; 823 824 switch (keys->basic.ip_proto) { 825 case IPPROTO_TCP: { 826 /* access doff as u8 to avoid unaligned access */ 827 const u8 *doff; 828 u8 _doff; 829 830 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff), 831 data, hlen, &_doff); 832 if (!doff) 833 return poff; 834 835 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2); 836 break; 837 } 838 case IPPROTO_UDP: 839 case IPPROTO_UDPLITE: 840 poff += sizeof(struct udphdr); 841 break; 842 /* For the rest, we do not really care about header 843 * extensions at this point for now. 844 */ 845 case IPPROTO_ICMP: 846 poff += sizeof(struct icmphdr); 847 break; 848 case IPPROTO_ICMPV6: 849 poff += sizeof(struct icmp6hdr); 850 break; 851 case IPPROTO_IGMP: 852 poff += sizeof(struct igmphdr); 853 break; 854 case IPPROTO_DCCP: 855 poff += sizeof(struct dccp_hdr); 856 break; 857 case IPPROTO_SCTP: 858 poff += sizeof(struct sctphdr); 859 break; 860 } 861 862 return poff; 863 } 864 865 /** 866 * skb_get_poff - get the offset to the payload 867 * @skb: sk_buff to get the payload offset from 868 * 869 * The function will get the offset to the payload as far as it could 870 * be dissected. The main user is currently BPF, so that we can dynamically 871 * truncate packets without needing to push actual payload to the user 872 * space and can analyze headers only, instead. 873 */ 874 u32 skb_get_poff(const struct sk_buff *skb) 875 { 876 struct flow_keys keys; 877 878 if (!skb_flow_dissect_flow_keys(skb, &keys, 0)) 879 return 0; 880 881 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb)); 882 } 883 884 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys) 885 { 886 memset(keys, 0, sizeof(*keys)); 887 888 memcpy(&keys->addrs.v6addrs.src, &fl6->saddr, 889 sizeof(keys->addrs.v6addrs.src)); 890 memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr, 891 sizeof(keys->addrs.v6addrs.dst)); 892 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 893 keys->ports.src = fl6->fl6_sport; 894 keys->ports.dst = fl6->fl6_dport; 895 keys->keyid.keyid = fl6->fl6_gre_key; 896 keys->tags.flow_label = (__force u32)fl6->flowlabel; 897 keys->basic.ip_proto = fl6->flowi6_proto; 898 899 return flow_hash_from_keys(keys); 900 } 901 EXPORT_SYMBOL(__get_hash_from_flowi6); 902 903 __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys) 904 { 905 memset(keys, 0, sizeof(*keys)); 906 907 keys->addrs.v4addrs.src = fl4->saddr; 908 keys->addrs.v4addrs.dst = fl4->daddr; 909 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 910 keys->ports.src = fl4->fl4_sport; 911 keys->ports.dst = fl4->fl4_dport; 912 keys->keyid.keyid = fl4->fl4_gre_key; 913 keys->basic.ip_proto = fl4->flowi4_proto; 914 915 return flow_hash_from_keys(keys); 916 } 917 EXPORT_SYMBOL(__get_hash_from_flowi4); 918 919 static const struct flow_dissector_key flow_keys_dissector_keys[] = { 920 { 921 .key_id = FLOW_DISSECTOR_KEY_CONTROL, 922 .offset = offsetof(struct flow_keys, control), 923 }, 924 { 925 .key_id = FLOW_DISSECTOR_KEY_BASIC, 926 .offset = offsetof(struct flow_keys, basic), 927 }, 928 { 929 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS, 930 .offset = offsetof(struct flow_keys, addrs.v4addrs), 931 }, 932 { 933 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS, 934 .offset = offsetof(struct flow_keys, addrs.v6addrs), 935 }, 936 { 937 .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS, 938 .offset = offsetof(struct flow_keys, addrs.tipcaddrs), 939 }, 940 { 941 .key_id = FLOW_DISSECTOR_KEY_PORTS, 942 .offset = offsetof(struct flow_keys, ports), 943 }, 944 { 945 .key_id = FLOW_DISSECTOR_KEY_VLAN, 946 .offset = offsetof(struct flow_keys, vlan), 947 }, 948 { 949 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL, 950 .offset = offsetof(struct flow_keys, tags), 951 }, 952 { 953 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID, 954 .offset = offsetof(struct flow_keys, keyid), 955 }, 956 }; 957 958 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = { 959 { 960 .key_id = FLOW_DISSECTOR_KEY_CONTROL, 961 .offset = offsetof(struct flow_keys, control), 962 }, 963 { 964 .key_id = FLOW_DISSECTOR_KEY_BASIC, 965 .offset = offsetof(struct flow_keys, basic), 966 }, 967 { 968 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS, 969 .offset = offsetof(struct flow_keys, addrs.v4addrs), 970 }, 971 { 972 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS, 973 .offset = offsetof(struct flow_keys, addrs.v6addrs), 974 }, 975 { 976 .key_id = FLOW_DISSECTOR_KEY_PORTS, 977 .offset = offsetof(struct flow_keys, ports), 978 }, 979 }; 980 981 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = { 982 { 983 .key_id = FLOW_DISSECTOR_KEY_CONTROL, 984 .offset = offsetof(struct flow_keys, control), 985 }, 986 { 987 .key_id = FLOW_DISSECTOR_KEY_BASIC, 988 .offset = offsetof(struct flow_keys, basic), 989 }, 990 }; 991 992 struct flow_dissector flow_keys_dissector __read_mostly; 993 EXPORT_SYMBOL(flow_keys_dissector); 994 995 struct flow_dissector flow_keys_buf_dissector __read_mostly; 996 997 static int __init init_default_flow_dissectors(void) 998 { 999 skb_flow_dissector_init(&flow_keys_dissector, 1000 flow_keys_dissector_keys, 1001 ARRAY_SIZE(flow_keys_dissector_keys)); 1002 skb_flow_dissector_init(&flow_keys_dissector_symmetric, 1003 flow_keys_dissector_symmetric_keys, 1004 ARRAY_SIZE(flow_keys_dissector_symmetric_keys)); 1005 skb_flow_dissector_init(&flow_keys_buf_dissector, 1006 flow_keys_buf_dissector_keys, 1007 ARRAY_SIZE(flow_keys_buf_dissector_keys)); 1008 return 0; 1009 } 1010 1011 late_initcall_sync(init_default_flow_dissectors); 1012