1 #include <linux/kernel.h>
2 #include <linux/skbuff.h>
3 #include <linux/export.h>
5 #include <linux/ipv6.h>
6 #include <linux/if_vlan.h>
9 #include <linux/igmp.h>
10 #include <linux/icmp.h>
11 #include <linux/sctp.h>
12 #include <linux/dccp.h>
13 #include <linux/if_tunnel.h>
14 #include <linux/if_pppox.h>
15 #include <linux/ppp_defs.h>
16 #include <linux/stddef.h>
17 #include <net/flow_dissector.h>
18 #include <scsi/fc/fc_fcoe.h>
20 static bool skb_flow_dissector_uses_key(struct flow_dissector *flow_dissector,
21 enum flow_dissector_key_id key_id)
23 return flow_dissector->used_keys & (1 << key_id);
26 static void skb_flow_dissector_set_key(struct flow_dissector *flow_dissector,
27 enum flow_dissector_key_id key_id)
29 flow_dissector->used_keys |= (1 << key_id);
32 static void *skb_flow_dissector_target(struct flow_dissector *flow_dissector,
33 enum flow_dissector_key_id key_id,
34 void *target_container)
36 return ((char *) target_container) + flow_dissector->offset[key_id];
39 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
40 const struct flow_dissector_key *key,
41 unsigned int key_count)
45 memset(flow_dissector, 0, sizeof(*flow_dissector));
47 for (i = 0; i < key_count; i++, key++) {
48 /* User should make sure that every key target offset is withing
49 * boundaries of unsigned short.
51 BUG_ON(key->offset > USHRT_MAX);
52 BUG_ON(skb_flow_dissector_uses_key(flow_dissector,
55 skb_flow_dissector_set_key(flow_dissector, key->key_id);
56 flow_dissector->offset[key->key_id] = key->offset;
59 /* Ensure that the dissector always includes basic key. That way
60 * we are able to avoid handling lack of it in fast path.
62 BUG_ON(!skb_flow_dissector_uses_key(flow_dissector,
63 FLOW_DISSECTOR_KEY_BASIC));
65 EXPORT_SYMBOL(skb_flow_dissector_init);
68 * __skb_flow_get_ports - extract the upper layer ports and return them
69 * @skb: sk_buff to extract the ports from
70 * @thoff: transport header offset
71 * @ip_proto: protocol for which to get port offset
72 * @data: raw buffer pointer to the packet, if NULL use skb->data
73 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
75 * The function will try to retrieve the ports at offset thoff + poff where poff
76 * is the protocol port offset returned from proto_ports_offset
78 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
81 int poff = proto_ports_offset(ip_proto);
85 hlen = skb_headlen(skb);
89 __be32 *ports, _ports;
91 ports = __skb_header_pointer(skb, thoff + poff,
92 sizeof(_ports), data, hlen, &_ports);
99 EXPORT_SYMBOL(__skb_flow_get_ports);
102 * __skb_flow_dissect - extract the flow_keys struct and return it
103 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
104 * @flow_dissector: list of keys to dissect
105 * @target_container: target structure to put dissected values into
106 * @data: raw buffer pointer to the packet, if NULL use skb->data
107 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
108 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
109 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
111 * The function will try to retrieve individual keys into target specified
112 * by flow_dissector from either the skbuff or a raw buffer specified by the
115 * Caller must take care of zeroing target container memory.
117 bool __skb_flow_dissect(const struct sk_buff *skb,
118 struct flow_dissector *flow_dissector,
119 void *target_container,
120 void *data, __be16 proto, int nhoff, int hlen)
122 struct flow_dissector_key_basic *key_basic;
123 struct flow_dissector_key_addrs *key_addrs;
124 struct flow_dissector_key_ports *key_ports;
129 proto = skb->protocol;
130 nhoff = skb_network_offset(skb);
131 hlen = skb_headlen(skb);
134 /* It is ensured by skb_flow_dissector_init() that basic key will
137 key_basic = skb_flow_dissector_target(flow_dissector,
138 FLOW_DISSECTOR_KEY_BASIC,
143 case htons(ETH_P_IP): {
144 const struct iphdr *iph;
147 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
148 if (!iph || iph->ihl < 5)
150 nhoff += iph->ihl * 4;
152 ip_proto = iph->protocol;
153 if (ip_is_fragment(iph))
156 if (!skb_flow_dissector_uses_key(flow_dissector,
157 FLOW_DISSECTOR_KEY_IPV4_ADDRS))
159 key_addrs = skb_flow_dissector_target(flow_dissector,
160 FLOW_DISSECTOR_KEY_IPV4_ADDRS,
162 memcpy(key_addrs, &iph->saddr, sizeof(*key_addrs));
165 case htons(ETH_P_IPV6): {
166 const struct ipv6hdr *iph;
171 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
175 ip_proto = iph->nexthdr;
176 nhoff += sizeof(struct ipv6hdr);
178 if (skb_flow_dissector_uses_key(flow_dissector,
179 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS)) {
180 key_addrs = skb_flow_dissector_target(flow_dissector,
181 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS,
184 key_addrs->src = (__force __be32)ipv6_addr_hash(&iph->saddr);
185 key_addrs->dst = (__force __be32)ipv6_addr_hash(&iph->daddr);
188 if (skb_flow_dissector_uses_key(flow_dissector,
189 FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
190 struct flow_dissector_key_ipv6_addrs *key_ipv6_addrs;
192 key_ipv6_addrs = skb_flow_dissector_target(flow_dissector,
193 FLOW_DISSECTOR_KEY_IPV6_ADDRS,
196 memcpy(key_ipv6_addrs, &iph->saddr, sizeof(*key_ipv6_addrs));
201 flow_label = ip6_flowlabel(iph);
203 /* Awesome, IPv6 packet has a flow label so we can
204 * use that to represent the ports without any
205 * further dissection.
208 key_basic->n_proto = proto;
209 key_basic->ip_proto = ip_proto;
210 key_basic->thoff = (u16)nhoff;
212 if (!skb_flow_dissector_uses_key(flow_dissector,
213 FLOW_DISSECTOR_KEY_PORTS))
215 key_ports = skb_flow_dissector_target(flow_dissector,
216 FLOW_DISSECTOR_KEY_PORTS,
218 key_ports->ports = flow_label;
225 case htons(ETH_P_8021AD):
226 case htons(ETH_P_8021Q): {
227 const struct vlan_hdr *vlan;
228 struct vlan_hdr _vlan;
230 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan), data, hlen, &_vlan);
234 proto = vlan->h_vlan_encapsulated_proto;
235 nhoff += sizeof(*vlan);
238 case htons(ETH_P_PPP_SES): {
240 struct pppoe_hdr hdr;
243 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
247 nhoff += PPPOE_SES_HLEN;
251 case htons(PPP_IPV6):
257 case htons(ETH_P_TIPC): {
262 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
265 key_basic->n_proto = proto;
266 key_basic->thoff = (u16)nhoff;
268 if (skb_flow_dissector_uses_key(flow_dissector,
269 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS)) {
271 key_addrs = skb_flow_dissector_target(flow_dissector,
272 FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS,
274 key_addrs->src = hdr->srcnode;
279 case htons(ETH_P_FCOE):
280 key_basic->thoff = (u16)(nhoff + FCOE_HEADER_LEN);
293 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
297 * Only look inside GRE if version zero and no
300 if (!(hdr->flags & (GRE_VERSION|GRE_ROUTING))) {
303 if (hdr->flags & GRE_CSUM)
305 if (hdr->flags & GRE_KEY)
307 if (hdr->flags & GRE_SEQ)
309 if (proto == htons(ETH_P_TEB)) {
310 const struct ethhdr *eth;
313 eth = __skb_header_pointer(skb, nhoff,
318 proto = eth->h_proto;
319 nhoff += sizeof(*eth);
326 proto = htons(ETH_P_IP);
329 proto = htons(ETH_P_IPV6);
335 /* It is ensured by skb_flow_dissector_init() that basic key will
338 key_basic = skb_flow_dissector_target(flow_dissector,
339 FLOW_DISSECTOR_KEY_BASIC,
341 key_basic->n_proto = proto;
342 key_basic->ip_proto = ip_proto;
343 key_basic->thoff = (u16) nhoff;
345 if (skb_flow_dissector_uses_key(flow_dissector,
346 FLOW_DISSECTOR_KEY_PORTS)) {
347 key_ports = skb_flow_dissector_target(flow_dissector,
348 FLOW_DISSECTOR_KEY_PORTS,
350 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
356 EXPORT_SYMBOL(__skb_flow_dissect);
358 static u32 hashrnd __read_mostly;
359 static __always_inline void __flow_hash_secret_init(void)
361 net_get_random_once(&hashrnd, sizeof(hashrnd));
364 static __always_inline u32 __flow_hash_3words(u32 a, u32 b, u32 c, u32 keyval)
366 return jhash_3words(a, b, c, keyval);
369 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
373 /* get a consistent hash (same value on both flow directions) */
374 if (((__force u32)keys->addrs.dst < (__force u32)keys->addrs.src) ||
375 (((__force u32)keys->addrs.dst == (__force u32)keys->addrs.src) &&
376 ((__force u16)keys->ports.port16[1] < (__force u16)keys->ports.port16[0]))) {
377 swap(keys->addrs.dst, keys->addrs.src);
378 swap(keys->ports.port16[0], keys->ports.port16[1]);
381 hash = __flow_hash_3words((__force u32)keys->addrs.dst,
382 (__force u32)keys->addrs.src,
383 (__force u32)keys->ports.ports,
391 u32 flow_hash_from_keys(struct flow_keys *keys)
393 __flow_hash_secret_init();
394 return __flow_hash_from_keys(keys, hashrnd);
396 EXPORT_SYMBOL(flow_hash_from_keys);
398 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
399 struct flow_keys *keys, u32 keyval)
401 if (!skb_flow_dissect_flow_keys(skb, keys))
404 return __flow_hash_from_keys(keys, keyval);
407 struct _flow_keys_digest_data {
416 void make_flow_keys_digest(struct flow_keys_digest *digest,
417 const struct flow_keys *flow)
419 struct _flow_keys_digest_data *data =
420 (struct _flow_keys_digest_data *)digest;
422 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
424 memset(digest, 0, sizeof(*digest));
426 data->n_proto = flow->basic.n_proto;
427 data->ip_proto = flow->basic.ip_proto;
428 data->ports = flow->ports.ports;
429 data->src = flow->addrs.src;
430 data->dst = flow->addrs.dst;
432 EXPORT_SYMBOL(make_flow_keys_digest);
435 * __skb_get_hash: calculate a flow hash
436 * @skb: sk_buff to calculate flow hash from
438 * This function calculates a flow hash based on src/dst addresses
439 * and src/dst port numbers. Sets hash in skb to non-zero hash value
440 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
441 * if hash is a canonical 4-tuple hash over transport ports.
443 void __skb_get_hash(struct sk_buff *skb)
445 struct flow_keys keys;
448 __flow_hash_secret_init();
450 hash = ___skb_get_hash(skb, &keys, hashrnd);
453 if (keys.ports.ports)
458 EXPORT_SYMBOL(__skb_get_hash);
460 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
462 struct flow_keys keys;
464 return ___skb_get_hash(skb, &keys, perturb);
466 EXPORT_SYMBOL(skb_get_hash_perturb);
468 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
469 const struct flow_keys *keys, int hlen)
471 u32 poff = keys->basic.thoff;
473 switch (keys->basic.ip_proto) {
475 /* access doff as u8 to avoid unaligned access */
479 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
484 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
488 case IPPROTO_UDPLITE:
489 poff += sizeof(struct udphdr);
491 /* For the rest, we do not really care about header
492 * extensions at this point for now.
495 poff += sizeof(struct icmphdr);
498 poff += sizeof(struct icmp6hdr);
501 poff += sizeof(struct igmphdr);
504 poff += sizeof(struct dccp_hdr);
507 poff += sizeof(struct sctphdr);
515 * skb_get_poff - get the offset to the payload
516 * @skb: sk_buff to get the payload offset from
518 * The function will get the offset to the payload as far as it could
519 * be dissected. The main user is currently BPF, so that we can dynamically
520 * truncate packets without needing to push actual payload to the user
521 * space and can analyze headers only, instead.
523 u32 skb_get_poff(const struct sk_buff *skb)
525 struct flow_keys keys;
527 if (!skb_flow_dissect_flow_keys(skb, &keys))
530 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
533 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
535 .key_id = FLOW_DISSECTOR_KEY_BASIC,
536 .offset = offsetof(struct flow_keys, basic),
539 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
540 .offset = offsetof(struct flow_keys, addrs),
543 .key_id = FLOW_DISSECTOR_KEY_IPV6_HASH_ADDRS,
544 .offset = offsetof(struct flow_keys, addrs),
547 .key_id = FLOW_DISSECTOR_KEY_PORTS,
548 .offset = offsetof(struct flow_keys, ports),
552 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
554 .key_id = FLOW_DISSECTOR_KEY_BASIC,
555 .offset = offsetof(struct flow_keys, basic),
559 struct flow_dissector flow_keys_dissector __read_mostly;
560 EXPORT_SYMBOL(flow_keys_dissector);
562 struct flow_dissector flow_keys_buf_dissector __read_mostly;
564 static int __init init_default_flow_dissectors(void)
566 skb_flow_dissector_init(&flow_keys_dissector,
567 flow_keys_dissector_keys,
568 ARRAY_SIZE(flow_keys_dissector_keys));
569 skb_flow_dissector_init(&flow_keys_buf_dissector,
570 flow_keys_buf_dissector_keys,
571 ARRAY_SIZE(flow_keys_buf_dissector_keys));
575 late_initcall_sync(init_default_flow_dissectors);