Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-only
2 : #include <linux/kernel.h>
3 : #include <linux/skbuff.h>
4 : #include <linux/export.h>
5 : #include <linux/ip.h>
6 : #include <linux/ipv6.h>
7 : #include <linux/if_vlan.h>
8 : #include <net/dsa.h>
9 : #include <net/dst_metadata.h>
10 : #include <net/ip.h>
11 : #include <net/ipv6.h>
12 : #include <net/gre.h>
13 : #include <net/pptp.h>
14 : #include <net/tipc.h>
15 : #include <linux/igmp.h>
16 : #include <linux/icmp.h>
17 : #include <linux/sctp.h>
18 : #include <linux/dccp.h>
19 : #include <linux/if_tunnel.h>
20 : #include <linux/if_pppox.h>
21 : #include <linux/ppp_defs.h>
22 : #include <linux/stddef.h>
23 : #include <linux/if_ether.h>
24 : #include <linux/mpls.h>
25 : #include <linux/tcp.h>
26 : #include <linux/ptp_classify.h>
27 : #include <net/flow_dissector.h>
28 : #include <scsi/fc/fc_fcoe.h>
29 : #include <uapi/linux/batadv_packet.h>
30 : #include <linux/bpf.h>
31 : #if IS_ENABLED(CONFIG_NF_CONNTRACK)
32 : #include <net/netfilter/nf_conntrack_core.h>
33 : #include <net/netfilter/nf_conntrack_labels.h>
34 : #endif
35 : #include <linux/bpf-netns.h>
36 :
37 16 : static void dissector_set_key(struct flow_dissector *flow_dissector,
38 : enum flow_dissector_key_id key_id)
39 : {
40 16 : flow_dissector->used_keys |= (1 << key_id);
41 : }
42 :
43 3 : void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
44 : const struct flow_dissector_key *key,
45 : unsigned int key_count)
46 : {
47 3 : unsigned int i;
48 :
49 3 : memset(flow_dissector, 0, sizeof(*flow_dissector));
50 :
51 19 : for (i = 0; i < key_count; i++, key++) {
52 : /* User should make sure that every key target offset is within
53 : * boundaries of unsigned short.
54 : */
55 16 : BUG_ON(key->offset > USHRT_MAX);
56 16 : BUG_ON(dissector_uses_key(flow_dissector,
57 : key->key_id));
58 :
59 16 : dissector_set_key(flow_dissector, key->key_id);
60 16 : flow_dissector->offset[key->key_id] = key->offset;
61 : }
62 :
63 : /* Ensure that the dissector always includes control and basic key.
64 : * That way we are able to avoid handling lack of these in fast path.
65 : */
66 3 : BUG_ON(!dissector_uses_key(flow_dissector,
67 : FLOW_DISSECTOR_KEY_CONTROL));
68 3 : BUG_ON(!dissector_uses_key(flow_dissector,
69 : FLOW_DISSECTOR_KEY_BASIC));
70 3 : }
71 : EXPORT_SYMBOL(skb_flow_dissector_init);
72 :
73 : #ifdef CONFIG_BPF_SYSCALL
74 : int flow_dissector_bpf_prog_attach_check(struct net *net,
75 : struct bpf_prog *prog)
76 : {
77 : enum netns_bpf_attach_type type = NETNS_BPF_FLOW_DISSECTOR;
78 :
79 : if (net == &init_net) {
80 : /* BPF flow dissector in the root namespace overrides
81 : * any per-net-namespace one. When attaching to root,
82 : * make sure we don't have any BPF program attached
83 : * to the non-root namespaces.
84 : */
85 : struct net *ns;
86 :
87 : for_each_net(ns) {
88 : if (ns == &init_net)
89 : continue;
90 : if (rcu_access_pointer(ns->bpf.run_array[type]))
91 : return -EEXIST;
92 : }
93 : } else {
94 : /* Make sure root flow dissector is not attached
95 : * when attaching to the non-root namespace.
96 : */
97 : if (rcu_access_pointer(init_net.bpf.run_array[type]))
98 : return -EEXIST;
99 : }
100 :
101 : return 0;
102 : }
103 : #endif /* CONFIG_BPF_SYSCALL */
104 :
105 : /**
106 : * __skb_flow_get_ports - extract the upper layer ports and return them
107 : * @skb: sk_buff to extract the ports from
108 : * @thoff: transport header offset
109 : * @ip_proto: protocol for which to get port offset
110 : * @data: raw buffer pointer to the packet, if NULL use skb->data
111 : * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
112 : *
113 : * The function will try to retrieve the ports at offset thoff + poff where poff
114 : * is the protocol port offset returned from proto_ports_offset
115 : */
116 0 : __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
117 : void *data, int hlen)
118 : {
119 0 : int poff = proto_ports_offset(ip_proto);
120 :
121 0 : if (!data) {
122 0 : data = skb->data;
123 0 : hlen = skb_headlen(skb);
124 : }
125 :
126 0 : if (poff >= 0) {
127 0 : __be32 *ports, _ports;
128 :
129 0 : ports = __skb_header_pointer(skb, thoff + poff,
130 : sizeof(_ports), data, hlen, &_ports);
131 0 : if (ports)
132 0 : return *ports;
133 : }
134 :
135 : return 0;
136 : }
137 : EXPORT_SYMBOL(__skb_flow_get_ports);
138 :
139 0 : static bool icmp_has_id(u8 type)
140 : {
141 0 : switch (type) {
142 : case ICMP_ECHO:
143 : case ICMP_ECHOREPLY:
144 : case ICMP_TIMESTAMP:
145 : case ICMP_TIMESTAMPREPLY:
146 : case ICMPV6_ECHO_REQUEST:
147 : case ICMPV6_ECHO_REPLY:
148 : return true;
149 : }
150 :
151 0 : return false;
152 : }
153 :
154 : /**
155 : * skb_flow_get_icmp_tci - extract ICMP(6) Type, Code and Identifier fields
156 : * @skb: sk_buff to extract from
157 : * @key_icmp: struct flow_dissector_key_icmp to fill
158 : * @data: raw buffer pointer to the packet
159 : * @thoff: offset to extract at
160 : * @hlen: packet header length
161 : */
162 0 : void skb_flow_get_icmp_tci(const struct sk_buff *skb,
163 : struct flow_dissector_key_icmp *key_icmp,
164 : void *data, int thoff, int hlen)
165 : {
166 0 : struct icmphdr *ih, _ih;
167 :
168 0 : ih = __skb_header_pointer(skb, thoff, sizeof(_ih), data, hlen, &_ih);
169 0 : if (!ih)
170 0 : return;
171 :
172 0 : key_icmp->type = ih->type;
173 0 : key_icmp->code = ih->code;
174 :
175 : /* As we use 0 to signal that the Id field is not present,
176 : * avoid confusion with packets without such field
177 : */
178 0 : if (icmp_has_id(ih->type))
179 0 : key_icmp->id = ih->un.echo.id ? : 1;
180 : else
181 0 : key_icmp->id = 0;
182 : }
183 : EXPORT_SYMBOL(skb_flow_get_icmp_tci);
184 :
185 : /* If FLOW_DISSECTOR_KEY_ICMP is set, dissect an ICMP packet
186 : * using skb_flow_get_icmp_tci().
187 : */
188 0 : static void __skb_flow_dissect_icmp(const struct sk_buff *skb,
189 : struct flow_dissector *flow_dissector,
190 : void *target_container,
191 : void *data, int thoff, int hlen)
192 : {
193 0 : struct flow_dissector_key_icmp *key_icmp;
194 :
195 0 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ICMP))
196 : return;
197 :
198 0 : key_icmp = skb_flow_dissector_target(flow_dissector,
199 : FLOW_DISSECTOR_KEY_ICMP,
200 : target_container);
201 :
202 0 : skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen);
203 : }
204 :
205 0 : void skb_flow_dissect_meta(const struct sk_buff *skb,
206 : struct flow_dissector *flow_dissector,
207 : void *target_container)
208 : {
209 0 : struct flow_dissector_key_meta *meta;
210 :
211 0 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_META))
212 : return;
213 :
214 0 : meta = skb_flow_dissector_target(flow_dissector,
215 : FLOW_DISSECTOR_KEY_META,
216 : target_container);
217 0 : meta->ingress_ifindex = skb->skb_iif;
218 : }
219 : EXPORT_SYMBOL(skb_flow_dissect_meta);
220 :
221 : static void
222 0 : skb_flow_dissect_set_enc_addr_type(enum flow_dissector_key_id type,
223 : struct flow_dissector *flow_dissector,
224 : void *target_container)
225 : {
226 0 : struct flow_dissector_key_control *ctrl;
227 :
228 0 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_CONTROL))
229 : return;
230 :
231 0 : ctrl = skb_flow_dissector_target(flow_dissector,
232 : FLOW_DISSECTOR_KEY_ENC_CONTROL,
233 : target_container);
234 0 : ctrl->addr_type = type;
235 : }
236 :
237 : void
238 0 : skb_flow_dissect_ct(const struct sk_buff *skb,
239 : struct flow_dissector *flow_dissector,
240 : void *target_container, u16 *ctinfo_map,
241 : size_t mapsize, bool post_ct)
242 : {
243 : #if IS_ENABLED(CONFIG_NF_CONNTRACK)
244 : struct flow_dissector_key_ct *key;
245 : enum ip_conntrack_info ctinfo;
246 : struct nf_conn_labels *cl;
247 : struct nf_conn *ct;
248 :
249 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_CT))
250 : return;
251 :
252 : ct = nf_ct_get(skb, &ctinfo);
253 : if (!ct && !post_ct)
254 : return;
255 :
256 : key = skb_flow_dissector_target(flow_dissector,
257 : FLOW_DISSECTOR_KEY_CT,
258 : target_container);
259 :
260 : if (!ct) {
261 : key->ct_state = TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
262 : TCA_FLOWER_KEY_CT_FLAGS_INVALID;
263 : return;
264 : }
265 :
266 : if (ctinfo < mapsize)
267 : key->ct_state = ctinfo_map[ctinfo];
268 : #if IS_ENABLED(CONFIG_NF_CONNTRACK_ZONES)
269 : key->ct_zone = ct->zone.id;
270 : #endif
271 : #if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
272 : key->ct_mark = ct->mark;
273 : #endif
274 :
275 : cl = nf_ct_labels_find(ct);
276 : if (cl)
277 : memcpy(key->ct_labels, cl->bits, sizeof(key->ct_labels));
278 : #endif /* CONFIG_NF_CONNTRACK */
279 0 : }
280 : EXPORT_SYMBOL(skb_flow_dissect_ct);
281 :
282 : void
283 0 : skb_flow_dissect_tunnel_info(const struct sk_buff *skb,
284 : struct flow_dissector *flow_dissector,
285 : void *target_container)
286 : {
287 0 : struct ip_tunnel_info *info;
288 0 : struct ip_tunnel_key *key;
289 :
290 : /* A quick check to see if there might be something to do. */
291 0 : if (!dissector_uses_key(flow_dissector,
292 0 : FLOW_DISSECTOR_KEY_ENC_KEYID) &&
293 0 : !dissector_uses_key(flow_dissector,
294 0 : FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) &&
295 0 : !dissector_uses_key(flow_dissector,
296 0 : FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) &&
297 0 : !dissector_uses_key(flow_dissector,
298 0 : FLOW_DISSECTOR_KEY_ENC_CONTROL) &&
299 0 : !dissector_uses_key(flow_dissector,
300 0 : FLOW_DISSECTOR_KEY_ENC_PORTS) &&
301 0 : !dissector_uses_key(flow_dissector,
302 0 : FLOW_DISSECTOR_KEY_ENC_IP) &&
303 0 : !dissector_uses_key(flow_dissector,
304 : FLOW_DISSECTOR_KEY_ENC_OPTS))
305 : return;
306 :
307 0 : info = skb_tunnel_info(skb);
308 0 : if (!info)
309 : return;
310 :
311 0 : key = &info->key;
312 :
313 0 : switch (ip_tunnel_info_af(info)) {
314 : case AF_INET:
315 0 : skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV4_ADDRS,
316 : flow_dissector,
317 : target_container);
318 0 : if (dissector_uses_key(flow_dissector,
319 : FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS)) {
320 0 : struct flow_dissector_key_ipv4_addrs *ipv4;
321 :
322 0 : ipv4 = skb_flow_dissector_target(flow_dissector,
323 : FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS,
324 : target_container);
325 0 : ipv4->src = key->u.ipv4.src;
326 0 : ipv4->dst = key->u.ipv4.dst;
327 : }
328 : break;
329 : case AF_INET6:
330 0 : skb_flow_dissect_set_enc_addr_type(FLOW_DISSECTOR_KEY_IPV6_ADDRS,
331 : flow_dissector,
332 : target_container);
333 0 : if (dissector_uses_key(flow_dissector,
334 : FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS)) {
335 0 : struct flow_dissector_key_ipv6_addrs *ipv6;
336 :
337 0 : ipv6 = skb_flow_dissector_target(flow_dissector,
338 : FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS,
339 : target_container);
340 0 : ipv6->src = key->u.ipv6.src;
341 0 : ipv6->dst = key->u.ipv6.dst;
342 : }
343 : break;
344 : }
345 :
346 0 : if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
347 0 : struct flow_dissector_key_keyid *keyid;
348 :
349 0 : keyid = skb_flow_dissector_target(flow_dissector,
350 : FLOW_DISSECTOR_KEY_ENC_KEYID,
351 : target_container);
352 0 : keyid->keyid = tunnel_id_to_key32(key->tun_id);
353 : }
354 :
355 0 : if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_PORTS)) {
356 0 : struct flow_dissector_key_ports *tp;
357 :
358 0 : tp = skb_flow_dissector_target(flow_dissector,
359 : FLOW_DISSECTOR_KEY_ENC_PORTS,
360 : target_container);
361 0 : tp->src = key->tp_src;
362 0 : tp->dst = key->tp_dst;
363 : }
364 :
365 0 : if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_IP)) {
366 0 : struct flow_dissector_key_ip *ip;
367 :
368 0 : ip = skb_flow_dissector_target(flow_dissector,
369 : FLOW_DISSECTOR_KEY_ENC_IP,
370 : target_container);
371 0 : ip->tos = key->tos;
372 0 : ip->ttl = key->ttl;
373 : }
374 :
375 0 : if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ENC_OPTS)) {
376 0 : struct flow_dissector_key_enc_opts *enc_opt;
377 :
378 0 : enc_opt = skb_flow_dissector_target(flow_dissector,
379 : FLOW_DISSECTOR_KEY_ENC_OPTS,
380 : target_container);
381 :
382 0 : if (info->options_len) {
383 0 : enc_opt->len = info->options_len;
384 0 : ip_tunnel_info_opts_get(enc_opt->data, info);
385 0 : enc_opt->dst_opt_type = info->key.tun_flags &
386 : TUNNEL_OPTIONS_PRESENT;
387 : }
388 : }
389 : }
390 : EXPORT_SYMBOL(skb_flow_dissect_tunnel_info);
391 :
392 0 : void skb_flow_dissect_hash(const struct sk_buff *skb,
393 : struct flow_dissector *flow_dissector,
394 : void *target_container)
395 : {
396 0 : struct flow_dissector_key_hash *key;
397 :
398 0 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_HASH))
399 : return;
400 :
401 0 : key = skb_flow_dissector_target(flow_dissector,
402 : FLOW_DISSECTOR_KEY_HASH,
403 : target_container);
404 :
405 0 : key->hash = skb_get_hash_raw(skb);
406 : }
407 : EXPORT_SYMBOL(skb_flow_dissect_hash);
408 :
409 : static enum flow_dissect_ret
410 0 : __skb_flow_dissect_mpls(const struct sk_buff *skb,
411 : struct flow_dissector *flow_dissector,
412 : void *target_container, void *data, int nhoff, int hlen,
413 : int lse_index, bool *entropy_label)
414 : {
415 0 : struct mpls_label *hdr, _hdr;
416 0 : u32 entry, label, bos;
417 :
418 0 : if (!dissector_uses_key(flow_dissector,
419 0 : FLOW_DISSECTOR_KEY_MPLS_ENTROPY) &&
420 0 : !dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_MPLS))
421 : return FLOW_DISSECT_RET_OUT_GOOD;
422 :
423 0 : if (lse_index >= FLOW_DIS_MPLS_MAX)
424 : return FLOW_DISSECT_RET_OUT_GOOD;
425 :
426 0 : hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
427 : hlen, &_hdr);
428 0 : if (!hdr)
429 : return FLOW_DISSECT_RET_OUT_BAD;
430 :
431 0 : entry = ntohl(hdr->entry);
432 0 : label = (entry & MPLS_LS_LABEL_MASK) >> MPLS_LS_LABEL_SHIFT;
433 0 : bos = (entry & MPLS_LS_S_MASK) >> MPLS_LS_S_SHIFT;
434 :
435 0 : if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_MPLS)) {
436 0 : struct flow_dissector_key_mpls *key_mpls;
437 0 : struct flow_dissector_mpls_lse *lse;
438 :
439 0 : key_mpls = skb_flow_dissector_target(flow_dissector,
440 : FLOW_DISSECTOR_KEY_MPLS,
441 : target_container);
442 0 : lse = &key_mpls->ls[lse_index];
443 :
444 0 : lse->mpls_ttl = (entry & MPLS_LS_TTL_MASK) >> MPLS_LS_TTL_SHIFT;
445 0 : lse->mpls_bos = bos;
446 0 : lse->mpls_tc = (entry & MPLS_LS_TC_MASK) >> MPLS_LS_TC_SHIFT;
447 0 : lse->mpls_label = label;
448 0 : dissector_set_mpls_lse(key_mpls, lse_index);
449 : }
450 :
451 0 : if (*entropy_label &&
452 0 : dissector_uses_key(flow_dissector,
453 : FLOW_DISSECTOR_KEY_MPLS_ENTROPY)) {
454 0 : struct flow_dissector_key_keyid *key_keyid;
455 :
456 0 : key_keyid = skb_flow_dissector_target(flow_dissector,
457 : FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
458 : target_container);
459 0 : key_keyid->keyid = cpu_to_be32(label);
460 : }
461 :
462 0 : *entropy_label = label == MPLS_LABEL_ENTROPY;
463 :
464 0 : return bos ? FLOW_DISSECT_RET_OUT_GOOD : FLOW_DISSECT_RET_PROTO_AGAIN;
465 : }
466 :
467 : static enum flow_dissect_ret
468 0 : __skb_flow_dissect_arp(const struct sk_buff *skb,
469 : struct flow_dissector *flow_dissector,
470 : void *target_container, void *data, int nhoff, int hlen)
471 : {
472 0 : struct flow_dissector_key_arp *key_arp;
473 0 : struct {
474 : unsigned char ar_sha[ETH_ALEN];
475 : unsigned char ar_sip[4];
476 : unsigned char ar_tha[ETH_ALEN];
477 : unsigned char ar_tip[4];
478 : } *arp_eth, _arp_eth;
479 0 : const struct arphdr *arp;
480 0 : struct arphdr _arp;
481 :
482 0 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ARP))
483 : return FLOW_DISSECT_RET_OUT_GOOD;
484 :
485 0 : arp = __skb_header_pointer(skb, nhoff, sizeof(_arp), data,
486 : hlen, &_arp);
487 0 : if (!arp)
488 : return FLOW_DISSECT_RET_OUT_BAD;
489 :
490 0 : if (arp->ar_hrd != htons(ARPHRD_ETHER) ||
491 0 : arp->ar_pro != htons(ETH_P_IP) ||
492 0 : arp->ar_hln != ETH_ALEN ||
493 0 : arp->ar_pln != 4 ||
494 0 : (arp->ar_op != htons(ARPOP_REPLY) &&
495 : arp->ar_op != htons(ARPOP_REQUEST)))
496 : return FLOW_DISSECT_RET_OUT_BAD;
497 :
498 0 : arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
499 : sizeof(_arp_eth), data,
500 : hlen, &_arp_eth);
501 0 : if (!arp_eth)
502 : return FLOW_DISSECT_RET_OUT_BAD;
503 :
504 0 : key_arp = skb_flow_dissector_target(flow_dissector,
505 : FLOW_DISSECTOR_KEY_ARP,
506 : target_container);
507 :
508 0 : memcpy(&key_arp->sip, arp_eth->ar_sip, sizeof(key_arp->sip));
509 0 : memcpy(&key_arp->tip, arp_eth->ar_tip, sizeof(key_arp->tip));
510 :
511 : /* Only store the lower byte of the opcode;
512 : * this covers ARPOP_REPLY and ARPOP_REQUEST.
513 : */
514 0 : key_arp->op = ntohs(arp->ar_op) & 0xff;
515 :
516 0 : ether_addr_copy(key_arp->sha, arp_eth->ar_sha);
517 0 : ether_addr_copy(key_arp->tha, arp_eth->ar_tha);
518 :
519 0 : return FLOW_DISSECT_RET_OUT_GOOD;
520 : }
521 :
522 : static enum flow_dissect_ret
523 0 : __skb_flow_dissect_gre(const struct sk_buff *skb,
524 : struct flow_dissector_key_control *key_control,
525 : struct flow_dissector *flow_dissector,
526 : void *target_container, void *data,
527 : __be16 *p_proto, int *p_nhoff, int *p_hlen,
528 : unsigned int flags)
529 : {
530 0 : struct flow_dissector_key_keyid *key_keyid;
531 0 : struct gre_base_hdr *hdr, _hdr;
532 0 : int offset = 0;
533 0 : u16 gre_ver;
534 :
535 0 : hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr),
536 : data, *p_hlen, &_hdr);
537 0 : if (!hdr)
538 : return FLOW_DISSECT_RET_OUT_BAD;
539 :
540 : /* Only look inside GRE without routing */
541 0 : if (hdr->flags & GRE_ROUTING)
542 : return FLOW_DISSECT_RET_OUT_GOOD;
543 :
544 : /* Only look inside GRE for version 0 and 1 */
545 0 : gre_ver = ntohs(hdr->flags & GRE_VERSION);
546 0 : if (gre_ver > 1)
547 : return FLOW_DISSECT_RET_OUT_GOOD;
548 :
549 0 : *p_proto = hdr->protocol;
550 0 : if (gre_ver) {
551 : /* Version1 must be PPTP, and check the flags */
552 0 : if (!(*p_proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
553 : return FLOW_DISSECT_RET_OUT_GOOD;
554 : }
555 :
556 0 : offset += sizeof(struct gre_base_hdr);
557 :
558 0 : if (hdr->flags & GRE_CSUM)
559 0 : offset += sizeof_field(struct gre_full_hdr, csum) +
560 : sizeof_field(struct gre_full_hdr, reserved1);
561 :
562 0 : if (hdr->flags & GRE_KEY) {
563 0 : const __be32 *keyid;
564 0 : __be32 _keyid;
565 :
566 0 : keyid = __skb_header_pointer(skb, *p_nhoff + offset,
567 : sizeof(_keyid),
568 : data, *p_hlen, &_keyid);
569 0 : if (!keyid)
570 0 : return FLOW_DISSECT_RET_OUT_BAD;
571 :
572 0 : if (dissector_uses_key(flow_dissector,
573 : FLOW_DISSECTOR_KEY_GRE_KEYID)) {
574 0 : key_keyid = skb_flow_dissector_target(flow_dissector,
575 : FLOW_DISSECTOR_KEY_GRE_KEYID,
576 : target_container);
577 0 : if (gre_ver == 0)
578 0 : key_keyid->keyid = *keyid;
579 : else
580 0 : key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
581 : }
582 0 : offset += sizeof_field(struct gre_full_hdr, key);
583 : }
584 :
585 0 : if (hdr->flags & GRE_SEQ)
586 0 : offset += sizeof_field(struct pptp_gre_header, seq);
587 :
588 0 : if (gre_ver == 0) {
589 0 : if (*p_proto == htons(ETH_P_TEB)) {
590 0 : const struct ethhdr *eth;
591 0 : struct ethhdr _eth;
592 :
593 0 : eth = __skb_header_pointer(skb, *p_nhoff + offset,
594 : sizeof(_eth),
595 : data, *p_hlen, &_eth);
596 0 : if (!eth)
597 0 : return FLOW_DISSECT_RET_OUT_BAD;
598 0 : *p_proto = eth->h_proto;
599 0 : offset += sizeof(*eth);
600 :
601 : /* Cap headers that we access via pointers at the
602 : * end of the Ethernet header as our maximum alignment
603 : * at that point is only 2 bytes.
604 : */
605 0 : if (NET_IP_ALIGN)
606 : *p_hlen = *p_nhoff + offset;
607 : }
608 : } else { /* version 1, must be PPTP */
609 0 : u8 _ppp_hdr[PPP_HDRLEN];
610 0 : u8 *ppp_hdr;
611 :
612 0 : if (hdr->flags & GRE_ACK)
613 0 : offset += sizeof_field(struct pptp_gre_header, ack);
614 :
615 0 : ppp_hdr = __skb_header_pointer(skb, *p_nhoff + offset,
616 : sizeof(_ppp_hdr),
617 : data, *p_hlen, _ppp_hdr);
618 0 : if (!ppp_hdr)
619 0 : return FLOW_DISSECT_RET_OUT_BAD;
620 :
621 0 : switch (PPP_PROTOCOL(ppp_hdr)) {
622 0 : case PPP_IP:
623 0 : *p_proto = htons(ETH_P_IP);
624 0 : break;
625 0 : case PPP_IPV6:
626 0 : *p_proto = htons(ETH_P_IPV6);
627 0 : break;
628 : default:
629 : /* Could probably catch some more like MPLS */
630 : break;
631 : }
632 :
633 0 : offset += PPP_HDRLEN;
634 : }
635 :
636 0 : *p_nhoff += offset;
637 0 : key_control->flags |= FLOW_DIS_ENCAPSULATION;
638 0 : if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
639 0 : return FLOW_DISSECT_RET_OUT_GOOD;
640 :
641 : return FLOW_DISSECT_RET_PROTO_AGAIN;
642 : }
643 :
644 : /**
645 : * __skb_flow_dissect_batadv() - dissect batman-adv header
646 : * @skb: sk_buff to with the batman-adv header
647 : * @key_control: flow dissectors control key
648 : * @data: raw buffer pointer to the packet, if NULL use skb->data
649 : * @p_proto: pointer used to update the protocol to process next
650 : * @p_nhoff: pointer used to update inner network header offset
651 : * @hlen: packet header length
652 : * @flags: any combination of FLOW_DISSECTOR_F_*
653 : *
654 : * ETH_P_BATMAN packets are tried to be dissected. Only
655 : * &struct batadv_unicast packets are actually processed because they contain an
656 : * inner ethernet header and are usually followed by actual network header. This
657 : * allows the flow dissector to continue processing the packet.
658 : *
659 : * Return: FLOW_DISSECT_RET_PROTO_AGAIN when &struct batadv_unicast was found,
660 : * FLOW_DISSECT_RET_OUT_GOOD when dissector should stop after encapsulation,
661 : * otherwise FLOW_DISSECT_RET_OUT_BAD
662 : */
663 : static enum flow_dissect_ret
664 0 : __skb_flow_dissect_batadv(const struct sk_buff *skb,
665 : struct flow_dissector_key_control *key_control,
666 : void *data, __be16 *p_proto, int *p_nhoff, int hlen,
667 : unsigned int flags)
668 : {
669 0 : struct {
670 : struct batadv_unicast_packet batadv_unicast;
671 : struct ethhdr eth;
672 : } *hdr, _hdr;
673 :
674 0 : hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
675 : &_hdr);
676 0 : if (!hdr)
677 : return FLOW_DISSECT_RET_OUT_BAD;
678 :
679 0 : if (hdr->batadv_unicast.version != BATADV_COMPAT_VERSION)
680 : return FLOW_DISSECT_RET_OUT_BAD;
681 :
682 0 : if (hdr->batadv_unicast.packet_type != BATADV_UNICAST)
683 : return FLOW_DISSECT_RET_OUT_BAD;
684 :
685 0 : *p_proto = hdr->eth.h_proto;
686 0 : *p_nhoff += sizeof(*hdr);
687 :
688 0 : key_control->flags |= FLOW_DIS_ENCAPSULATION;
689 0 : if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
690 0 : return FLOW_DISSECT_RET_OUT_GOOD;
691 :
692 : return FLOW_DISSECT_RET_PROTO_AGAIN;
693 : }
694 :
695 : static void
696 0 : __skb_flow_dissect_tcp(const struct sk_buff *skb,
697 : struct flow_dissector *flow_dissector,
698 : void *target_container, void *data, int thoff, int hlen)
699 : {
700 0 : struct flow_dissector_key_tcp *key_tcp;
701 0 : struct tcphdr *th, _th;
702 :
703 0 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_TCP))
704 0 : return;
705 :
706 0 : th = __skb_header_pointer(skb, thoff, sizeof(_th), data, hlen, &_th);
707 0 : if (!th)
708 : return;
709 :
710 0 : if (unlikely(__tcp_hdrlen(th) < sizeof(_th)))
711 : return;
712 :
713 0 : key_tcp = skb_flow_dissector_target(flow_dissector,
714 : FLOW_DISSECTOR_KEY_TCP,
715 : target_container);
716 0 : key_tcp->flags = (*(__be16 *) &tcp_flag_word(th) & htons(0x0FFF));
717 : }
718 :
719 : static void
720 2 : __skb_flow_dissect_ports(const struct sk_buff *skb,
721 : struct flow_dissector *flow_dissector,
722 : void *target_container, void *data, int nhoff,
723 : u8 ip_proto, int hlen)
724 : {
725 2 : enum flow_dissector_key_id dissector_ports = FLOW_DISSECTOR_KEY_MAX;
726 2 : struct flow_dissector_key_ports *key_ports;
727 :
728 2 : if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS))
729 : dissector_ports = FLOW_DISSECTOR_KEY_PORTS;
730 2 : else if (dissector_uses_key(flow_dissector,
731 : FLOW_DISSECTOR_KEY_PORTS_RANGE))
732 : dissector_ports = FLOW_DISSECTOR_KEY_PORTS_RANGE;
733 :
734 : if (dissector_ports == FLOW_DISSECTOR_KEY_MAX)
735 : return;
736 :
737 0 : key_ports = skb_flow_dissector_target(flow_dissector,
738 : dissector_ports,
739 : target_container);
740 0 : key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
741 : data, hlen);
742 : }
743 :
744 : static void
745 2 : __skb_flow_dissect_ipv4(const struct sk_buff *skb,
746 : struct flow_dissector *flow_dissector,
747 : void *target_container, void *data, const struct iphdr *iph)
748 : {
749 2 : struct flow_dissector_key_ip *key_ip;
750 :
751 2 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
752 : return;
753 :
754 0 : key_ip = skb_flow_dissector_target(flow_dissector,
755 : FLOW_DISSECTOR_KEY_IP,
756 : target_container);
757 0 : key_ip->tos = iph->tos;
758 0 : key_ip->ttl = iph->ttl;
759 : }
760 :
761 : static void
762 0 : __skb_flow_dissect_ipv6(const struct sk_buff *skb,
763 : struct flow_dissector *flow_dissector,
764 : void *target_container, void *data, const struct ipv6hdr *iph)
765 : {
766 0 : struct flow_dissector_key_ip *key_ip;
767 :
768 0 : if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IP))
769 : return;
770 :
771 0 : key_ip = skb_flow_dissector_target(flow_dissector,
772 : FLOW_DISSECTOR_KEY_IP,
773 : target_container);
774 0 : key_ip->tos = ipv6_get_dsfield(iph);
775 0 : key_ip->ttl = iph->hop_limit;
776 : }
777 :
778 : /* Maximum number of protocol headers that can be parsed in
779 : * __skb_flow_dissect
780 : */
781 : #define MAX_FLOW_DISSECT_HDRS 15
782 :
783 0 : static bool skb_flow_dissect_allowed(int *num_hdrs)
784 : {
785 0 : ++*num_hdrs;
786 :
787 0 : return (*num_hdrs <= MAX_FLOW_DISSECT_HDRS);
788 : }
789 :
790 0 : static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys,
791 : struct flow_dissector *flow_dissector,
792 : void *target_container)
793 : {
794 0 : struct flow_dissector_key_ports *key_ports = NULL;
795 0 : struct flow_dissector_key_control *key_control;
796 0 : struct flow_dissector_key_basic *key_basic;
797 0 : struct flow_dissector_key_addrs *key_addrs;
798 0 : struct flow_dissector_key_tags *key_tags;
799 :
800 0 : key_control = skb_flow_dissector_target(flow_dissector,
801 : FLOW_DISSECTOR_KEY_CONTROL,
802 : target_container);
803 0 : key_control->thoff = flow_keys->thoff;
804 0 : if (flow_keys->is_frag)
805 0 : key_control->flags |= FLOW_DIS_IS_FRAGMENT;
806 0 : if (flow_keys->is_first_frag)
807 0 : key_control->flags |= FLOW_DIS_FIRST_FRAG;
808 0 : if (flow_keys->is_encap)
809 0 : key_control->flags |= FLOW_DIS_ENCAPSULATION;
810 :
811 0 : key_basic = skb_flow_dissector_target(flow_dissector,
812 : FLOW_DISSECTOR_KEY_BASIC,
813 : target_container);
814 0 : key_basic->n_proto = flow_keys->n_proto;
815 0 : key_basic->ip_proto = flow_keys->ip_proto;
816 :
817 0 : if (flow_keys->addr_proto == ETH_P_IP &&
818 0 : dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
819 0 : key_addrs = skb_flow_dissector_target(flow_dissector,
820 : FLOW_DISSECTOR_KEY_IPV4_ADDRS,
821 : target_container);
822 0 : key_addrs->v4addrs.src = flow_keys->ipv4_src;
823 0 : key_addrs->v4addrs.dst = flow_keys->ipv4_dst;
824 0 : key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
825 0 : } else if (flow_keys->addr_proto == ETH_P_IPV6 &&
826 0 : dissector_uses_key(flow_dissector,
827 : FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
828 0 : key_addrs = skb_flow_dissector_target(flow_dissector,
829 : FLOW_DISSECTOR_KEY_IPV6_ADDRS,
830 : target_container);
831 0 : memcpy(&key_addrs->v6addrs, &flow_keys->ipv6_src,
832 : sizeof(key_addrs->v6addrs));
833 0 : key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
834 : }
835 :
836 0 : if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS))
837 0 : key_ports = skb_flow_dissector_target(flow_dissector,
838 : FLOW_DISSECTOR_KEY_PORTS,
839 : target_container);
840 0 : else if (dissector_uses_key(flow_dissector,
841 : FLOW_DISSECTOR_KEY_PORTS_RANGE))
842 0 : key_ports = skb_flow_dissector_target(flow_dissector,
843 : FLOW_DISSECTOR_KEY_PORTS_RANGE,
844 : target_container);
845 :
846 0 : if (key_ports) {
847 0 : key_ports->src = flow_keys->sport;
848 0 : key_ports->dst = flow_keys->dport;
849 : }
850 :
851 0 : if (dissector_uses_key(flow_dissector,
852 : FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
853 0 : key_tags = skb_flow_dissector_target(flow_dissector,
854 : FLOW_DISSECTOR_KEY_FLOW_LABEL,
855 : target_container);
856 0 : key_tags->flow_label = ntohl(flow_keys->flow_label);
857 : }
858 0 : }
859 :
860 0 : bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
861 : __be16 proto, int nhoff, int hlen, unsigned int flags)
862 : {
863 0 : struct bpf_flow_keys *flow_keys = ctx->flow_keys;
864 0 : u32 result;
865 :
866 : /* Pass parameters to the BPF program */
867 0 : memset(flow_keys, 0, sizeof(*flow_keys));
868 0 : flow_keys->n_proto = proto;
869 0 : flow_keys->nhoff = nhoff;
870 0 : flow_keys->thoff = flow_keys->nhoff;
871 :
872 0 : BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG !=
873 : (int)FLOW_DISSECTOR_F_PARSE_1ST_FRAG);
874 0 : BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL !=
875 : (int)FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
876 0 : BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP !=
877 : (int)FLOW_DISSECTOR_F_STOP_AT_ENCAP);
878 0 : flow_keys->flags = flags;
879 :
880 0 : result = bpf_prog_run_pin_on_cpu(prog, ctx);
881 :
882 0 : flow_keys->nhoff = clamp_t(u16, flow_keys->nhoff, nhoff, hlen);
883 0 : flow_keys->thoff = clamp_t(u16, flow_keys->thoff,
884 : flow_keys->nhoff, hlen);
885 :
886 0 : return result == BPF_OK;
887 : }
888 :
889 : /**
890 : * __skb_flow_dissect - extract the flow_keys struct and return it
891 : * @net: associated network namespace, derived from @skb if NULL
892 : * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
893 : * @flow_dissector: list of keys to dissect
894 : * @target_container: target structure to put dissected values into
895 : * @data: raw buffer pointer to the packet, if NULL use skb->data
896 : * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
897 : * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
898 : * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
899 : * @flags: flags that control the dissection process, e.g.
900 : * FLOW_DISSECTOR_F_STOP_AT_ENCAP.
901 : *
902 : * The function will try to retrieve individual keys into target specified
903 : * by flow_dissector from either the skbuff or a raw buffer specified by the
904 : * rest parameters.
905 : *
906 : * Caller must take care of zeroing target container memory.
907 : */
908 2 : bool __skb_flow_dissect(const struct net *net,
909 : const struct sk_buff *skb,
910 : struct flow_dissector *flow_dissector,
911 : void *target_container,
912 : void *data, __be16 proto, int nhoff, int hlen,
913 : unsigned int flags)
914 : {
915 2 : struct flow_dissector_key_control *key_control;
916 2 : struct flow_dissector_key_basic *key_basic;
917 2 : struct flow_dissector_key_addrs *key_addrs;
918 2 : struct flow_dissector_key_tags *key_tags;
919 2 : struct flow_dissector_key_vlan *key_vlan;
920 2 : enum flow_dissect_ret fdret;
921 2 : enum flow_dissector_key_id dissector_vlan = FLOW_DISSECTOR_KEY_MAX;
922 2 : bool mpls_el = false;
923 2 : int mpls_lse = 0;
924 2 : int num_hdrs = 0;
925 2 : u8 ip_proto = 0;
926 2 : bool ret;
927 :
928 2 : if (!data) {
929 2 : data = skb->data;
930 2 : proto = skb_vlan_tag_present(skb) ?
931 : skb->vlan_proto : skb->protocol;
932 2 : nhoff = skb_network_offset(skb);
933 2 : hlen = skb_headlen(skb);
934 : #if IS_ENABLED(CONFIG_NET_DSA)
935 : if (unlikely(skb->dev && netdev_uses_dsa(skb->dev) &&
936 : proto == htons(ETH_P_XDSA))) {
937 : const struct dsa_device_ops *ops;
938 : int offset = 0;
939 :
940 : ops = skb->dev->dsa_ptr->tag_ops;
941 : /* Tail taggers don't break flow dissection */
942 : if (!ops->tail_tag) {
943 : if (ops->flow_dissect)
944 : ops->flow_dissect(skb, &proto, &offset);
945 : else
946 : dsa_tag_generic_flow_dissect(skb,
947 : &proto,
948 : &offset);
949 : hlen -= offset;
950 : nhoff += offset;
951 : }
952 : }
953 : #endif
954 : }
955 :
956 : /* It is ensured by skb_flow_dissector_init() that control key will
957 : * be always present.
958 : */
959 2 : key_control = skb_flow_dissector_target(flow_dissector,
960 : FLOW_DISSECTOR_KEY_CONTROL,
961 : target_container);
962 :
963 : /* It is ensured by skb_flow_dissector_init() that basic key will
964 : * be always present.
965 : */
966 2 : key_basic = skb_flow_dissector_target(flow_dissector,
967 : FLOW_DISSECTOR_KEY_BASIC,
968 : target_container);
969 :
970 2 : if (skb) {
971 2 : if (!net) {
972 2 : if (skb->dev)
973 2 : net = dev_net(skb->dev);
974 0 : else if (skb->sk)
975 0 : net = sock_net(skb->sk);
976 : }
977 : }
978 :
979 2 : WARN_ON_ONCE(!net);
980 2 : if (net) {
981 2 : enum netns_bpf_attach_type type = NETNS_BPF_FLOW_DISSECTOR;
982 2 : struct bpf_prog_array *run_array;
983 :
984 2 : rcu_read_lock();
985 2 : run_array = rcu_dereference(init_net.bpf.run_array[type]);
986 2 : if (!run_array)
987 2 : run_array = rcu_dereference(net->bpf.run_array[type]);
988 :
989 2 : if (run_array) {
990 0 : struct bpf_flow_keys flow_keys;
991 0 : struct bpf_flow_dissector ctx = {
992 : .flow_keys = &flow_keys,
993 : .data = data,
994 0 : .data_end = data + hlen,
995 : };
996 0 : __be16 n_proto = proto;
997 0 : struct bpf_prog *prog;
998 :
999 0 : if (skb) {
1000 0 : ctx.skb = skb;
1001 : /* we can't use 'proto' in the skb case
1002 : * because it might be set to skb->vlan_proto
1003 : * which has been pulled from the data
1004 : */
1005 0 : n_proto = skb->protocol;
1006 : }
1007 :
1008 0 : prog = READ_ONCE(run_array->items[0].prog);
1009 0 : ret = bpf_flow_dissect(prog, &ctx, n_proto, nhoff,
1010 : hlen, flags);
1011 0 : __skb_flow_bpf_to_target(&flow_keys, flow_dissector,
1012 : target_container);
1013 0 : rcu_read_unlock();
1014 0 : return ret;
1015 : }
1016 2 : rcu_read_unlock();
1017 : }
1018 :
1019 2 : if (dissector_uses_key(flow_dissector,
1020 : FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
1021 0 : struct ethhdr *eth = eth_hdr(skb);
1022 0 : struct flow_dissector_key_eth_addrs *key_eth_addrs;
1023 :
1024 0 : key_eth_addrs = skb_flow_dissector_target(flow_dissector,
1025 : FLOW_DISSECTOR_KEY_ETH_ADDRS,
1026 : target_container);
1027 0 : memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs));
1028 : }
1029 :
1030 2 : proto_again:
1031 2 : fdret = FLOW_DISSECT_RET_CONTINUE;
1032 :
1033 2 : switch (proto) {
1034 2 : case htons(ETH_P_IP): {
1035 2 : const struct iphdr *iph;
1036 2 : struct iphdr _iph;
1037 :
1038 2 : iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
1039 2 : if (!iph || iph->ihl < 5) {
1040 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1041 : break;
1042 : }
1043 :
1044 2 : nhoff += iph->ihl * 4;
1045 :
1046 2 : ip_proto = iph->protocol;
1047 :
1048 2 : if (dissector_uses_key(flow_dissector,
1049 : FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
1050 0 : key_addrs = skb_flow_dissector_target(flow_dissector,
1051 : FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1052 : target_container);
1053 :
1054 0 : memcpy(&key_addrs->v4addrs, &iph->saddr,
1055 : sizeof(key_addrs->v4addrs));
1056 0 : key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1057 : }
1058 :
1059 2 : __skb_flow_dissect_ipv4(skb, flow_dissector,
1060 : target_container, data, iph);
1061 :
1062 2 : if (ip_is_fragment(iph)) {
1063 0 : key_control->flags |= FLOW_DIS_IS_FRAGMENT;
1064 :
1065 0 : if (iph->frag_off & htons(IP_OFFSET)) {
1066 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1067 : break;
1068 : } else {
1069 0 : key_control->flags |= FLOW_DIS_FIRST_FRAG;
1070 0 : if (!(flags &
1071 : FLOW_DISSECTOR_F_PARSE_1ST_FRAG)) {
1072 0 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1073 0 : break;
1074 : }
1075 : }
1076 : }
1077 :
1078 : break;
1079 : }
1080 0 : case htons(ETH_P_IPV6): {
1081 0 : const struct ipv6hdr *iph;
1082 0 : struct ipv6hdr _iph;
1083 :
1084 0 : iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
1085 0 : if (!iph) {
1086 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1087 : break;
1088 : }
1089 :
1090 0 : ip_proto = iph->nexthdr;
1091 0 : nhoff += sizeof(struct ipv6hdr);
1092 :
1093 0 : if (dissector_uses_key(flow_dissector,
1094 : FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
1095 0 : key_addrs = skb_flow_dissector_target(flow_dissector,
1096 : FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1097 : target_container);
1098 :
1099 0 : memcpy(&key_addrs->v6addrs, &iph->saddr,
1100 : sizeof(key_addrs->v6addrs));
1101 0 : key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1102 : }
1103 :
1104 0 : if ((dissector_uses_key(flow_dissector,
1105 0 : FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
1106 0 : (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
1107 0 : ip6_flowlabel(iph)) {
1108 0 : __be32 flow_label = ip6_flowlabel(iph);
1109 :
1110 0 : if (dissector_uses_key(flow_dissector,
1111 : FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
1112 0 : key_tags = skb_flow_dissector_target(flow_dissector,
1113 : FLOW_DISSECTOR_KEY_FLOW_LABEL,
1114 : target_container);
1115 0 : key_tags->flow_label = ntohl(flow_label);
1116 : }
1117 0 : if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL) {
1118 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1119 : break;
1120 : }
1121 : }
1122 :
1123 0 : __skb_flow_dissect_ipv6(skb, flow_dissector,
1124 : target_container, data, iph);
1125 :
1126 : break;
1127 : }
1128 0 : case htons(ETH_P_8021AD):
1129 : case htons(ETH_P_8021Q): {
1130 0 : const struct vlan_hdr *vlan = NULL;
1131 0 : struct vlan_hdr _vlan;
1132 0 : __be16 saved_vlan_tpid = proto;
1133 :
1134 0 : if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX &&
1135 0 : skb && skb_vlan_tag_present(skb)) {
1136 0 : proto = skb->protocol;
1137 : } else {
1138 0 : vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
1139 : data, hlen, &_vlan);
1140 0 : if (!vlan) {
1141 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1142 : break;
1143 : }
1144 :
1145 0 : proto = vlan->h_vlan_encapsulated_proto;
1146 0 : nhoff += sizeof(*vlan);
1147 : }
1148 :
1149 0 : if (dissector_vlan == FLOW_DISSECTOR_KEY_MAX) {
1150 : dissector_vlan = FLOW_DISSECTOR_KEY_VLAN;
1151 0 : } else if (dissector_vlan == FLOW_DISSECTOR_KEY_VLAN) {
1152 : dissector_vlan = FLOW_DISSECTOR_KEY_CVLAN;
1153 : } else {
1154 : fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1155 : break;
1156 : }
1157 :
1158 0 : if (dissector_uses_key(flow_dissector, dissector_vlan)) {
1159 0 : key_vlan = skb_flow_dissector_target(flow_dissector,
1160 : dissector_vlan,
1161 : target_container);
1162 :
1163 0 : if (!vlan) {
1164 0 : key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
1165 0 : key_vlan->vlan_priority = skb_vlan_tag_get_prio(skb);
1166 : } else {
1167 0 : key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
1168 : VLAN_VID_MASK;
1169 0 : key_vlan->vlan_priority =
1170 0 : (ntohs(vlan->h_vlan_TCI) &
1171 0 : VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
1172 : }
1173 0 : key_vlan->vlan_tpid = saved_vlan_tpid;
1174 : }
1175 :
1176 : fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1177 : break;
1178 : }
1179 0 : case htons(ETH_P_PPP_SES): {
1180 0 : struct {
1181 : struct pppoe_hdr hdr;
1182 : __be16 proto;
1183 : } *hdr, _hdr;
1184 0 : hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
1185 0 : if (!hdr) {
1186 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1187 : break;
1188 : }
1189 :
1190 0 : proto = hdr->proto;
1191 0 : nhoff += PPPOE_SES_HLEN;
1192 0 : switch (proto) {
1193 0 : case htons(PPP_IP):
1194 0 : proto = htons(ETH_P_IP);
1195 0 : fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1196 0 : break;
1197 0 : case htons(PPP_IPV6):
1198 0 : proto = htons(ETH_P_IPV6);
1199 0 : fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1200 0 : break;
1201 : default:
1202 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1203 : break;
1204 : }
1205 : break;
1206 : }
1207 0 : case htons(ETH_P_TIPC): {
1208 0 : struct tipc_basic_hdr *hdr, _hdr;
1209 :
1210 0 : hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr),
1211 : data, hlen, &_hdr);
1212 0 : if (!hdr) {
1213 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1214 : break;
1215 : }
1216 :
1217 0 : if (dissector_uses_key(flow_dissector,
1218 : FLOW_DISSECTOR_KEY_TIPC)) {
1219 0 : key_addrs = skb_flow_dissector_target(flow_dissector,
1220 : FLOW_DISSECTOR_KEY_TIPC,
1221 : target_container);
1222 0 : key_addrs->tipckey.key = tipc_hdr_rps_key(hdr);
1223 0 : key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC;
1224 : }
1225 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1226 : break;
1227 : }
1228 :
1229 0 : case htons(ETH_P_MPLS_UC):
1230 : case htons(ETH_P_MPLS_MC):
1231 0 : fdret = __skb_flow_dissect_mpls(skb, flow_dissector,
1232 : target_container, data,
1233 : nhoff, hlen, mpls_lse,
1234 : &mpls_el);
1235 0 : nhoff += sizeof(struct mpls_label);
1236 0 : mpls_lse++;
1237 0 : break;
1238 0 : case htons(ETH_P_FCOE):
1239 0 : if ((hlen - nhoff) < FCOE_HEADER_LEN) {
1240 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1241 : break;
1242 : }
1243 :
1244 0 : nhoff += FCOE_HEADER_LEN;
1245 0 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1246 0 : break;
1247 :
1248 0 : case htons(ETH_P_ARP):
1249 : case htons(ETH_P_RARP):
1250 0 : fdret = __skb_flow_dissect_arp(skb, flow_dissector,
1251 : target_container, data,
1252 : nhoff, hlen);
1253 0 : break;
1254 :
1255 0 : case htons(ETH_P_BATMAN):
1256 0 : fdret = __skb_flow_dissect_batadv(skb, key_control, data,
1257 : &proto, &nhoff, hlen, flags);
1258 0 : break;
1259 :
1260 0 : case htons(ETH_P_1588): {
1261 0 : struct ptp_header *hdr, _hdr;
1262 :
1263 0 : hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
1264 : hlen, &_hdr);
1265 0 : if (!hdr) {
1266 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1267 : break;
1268 : }
1269 :
1270 0 : nhoff += ntohs(hdr->message_length);
1271 0 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1272 0 : break;
1273 : }
1274 :
1275 : default:
1276 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1277 : break;
1278 : }
1279 :
1280 : /* Process result of proto processing */
1281 2 : switch (fdret) {
1282 0 : case FLOW_DISSECT_RET_OUT_GOOD:
1283 0 : goto out_good;
1284 : case FLOW_DISSECT_RET_PROTO_AGAIN:
1285 0 : if (skb_flow_dissect_allowed(&num_hdrs))
1286 0 : goto proto_again;
1287 0 : goto out_good;
1288 : case FLOW_DISSECT_RET_CONTINUE:
1289 : case FLOW_DISSECT_RET_IPPROTO_AGAIN:
1290 : break;
1291 0 : case FLOW_DISSECT_RET_OUT_BAD:
1292 : default:
1293 0 : goto out_bad;
1294 : }
1295 :
1296 2 : ip_proto_again:
1297 2 : fdret = FLOW_DISSECT_RET_CONTINUE;
1298 :
1299 2 : switch (ip_proto) {
1300 0 : case IPPROTO_GRE:
1301 0 : fdret = __skb_flow_dissect_gre(skb, key_control, flow_dissector,
1302 : target_container, data,
1303 : &proto, &nhoff, &hlen, flags);
1304 0 : break;
1305 :
1306 0 : case NEXTHDR_HOP:
1307 : case NEXTHDR_ROUTING:
1308 : case NEXTHDR_DEST: {
1309 0 : u8 _opthdr[2], *opthdr;
1310 :
1311 0 : if (proto != htons(ETH_P_IPV6))
1312 : break;
1313 :
1314 0 : opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
1315 : data, hlen, &_opthdr);
1316 0 : if (!opthdr) {
1317 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1318 : break;
1319 : }
1320 :
1321 0 : ip_proto = opthdr[0];
1322 0 : nhoff += (opthdr[1] + 1) << 3;
1323 :
1324 0 : fdret = FLOW_DISSECT_RET_IPPROTO_AGAIN;
1325 0 : break;
1326 : }
1327 0 : case NEXTHDR_FRAGMENT: {
1328 0 : struct frag_hdr _fh, *fh;
1329 :
1330 0 : if (proto != htons(ETH_P_IPV6))
1331 : break;
1332 :
1333 0 : fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
1334 : data, hlen, &_fh);
1335 :
1336 0 : if (!fh) {
1337 : fdret = FLOW_DISSECT_RET_OUT_BAD;
1338 : break;
1339 : }
1340 :
1341 0 : key_control->flags |= FLOW_DIS_IS_FRAGMENT;
1342 :
1343 0 : nhoff += sizeof(_fh);
1344 0 : ip_proto = fh->nexthdr;
1345 :
1346 0 : if (!(fh->frag_off & htons(IP6_OFFSET))) {
1347 0 : key_control->flags |= FLOW_DIS_FIRST_FRAG;
1348 0 : if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG) {
1349 : fdret = FLOW_DISSECT_RET_IPPROTO_AGAIN;
1350 : break;
1351 : }
1352 : }
1353 :
1354 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1355 : break;
1356 : }
1357 0 : case IPPROTO_IPIP:
1358 0 : proto = htons(ETH_P_IP);
1359 :
1360 0 : key_control->flags |= FLOW_DIS_ENCAPSULATION;
1361 0 : if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) {
1362 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1363 : break;
1364 : }
1365 :
1366 0 : fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1367 0 : break;
1368 :
1369 0 : case IPPROTO_IPV6:
1370 0 : proto = htons(ETH_P_IPV6);
1371 :
1372 0 : key_control->flags |= FLOW_DIS_ENCAPSULATION;
1373 0 : if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) {
1374 : fdret = FLOW_DISSECT_RET_OUT_GOOD;
1375 : break;
1376 : }
1377 :
1378 0 : fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1379 0 : break;
1380 :
1381 :
1382 0 : case IPPROTO_MPLS:
1383 0 : proto = htons(ETH_P_MPLS_UC);
1384 0 : fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
1385 0 : break;
1386 :
1387 0 : case IPPROTO_TCP:
1388 0 : __skb_flow_dissect_tcp(skb, flow_dissector, target_container,
1389 : data, nhoff, hlen);
1390 0 : break;
1391 :
1392 0 : case IPPROTO_ICMP:
1393 : case IPPROTO_ICMPV6:
1394 0 : __skb_flow_dissect_icmp(skb, flow_dissector, target_container,
1395 : data, nhoff, hlen);
1396 0 : break;
1397 :
1398 : default:
1399 : break;
1400 : }
1401 :
1402 2 : if (!(key_control->flags & FLOW_DIS_IS_FRAGMENT))
1403 2 : __skb_flow_dissect_ports(skb, flow_dissector, target_container,
1404 : data, nhoff, ip_proto, hlen);
1405 :
1406 : /* Process result of IP proto processing */
1407 2 : switch (fdret) {
1408 : case FLOW_DISSECT_RET_PROTO_AGAIN:
1409 0 : if (skb_flow_dissect_allowed(&num_hdrs))
1410 0 : goto proto_again;
1411 : break;
1412 : case FLOW_DISSECT_RET_IPPROTO_AGAIN:
1413 0 : if (skb_flow_dissect_allowed(&num_hdrs))
1414 0 : goto ip_proto_again;
1415 : break;
1416 : case FLOW_DISSECT_RET_OUT_GOOD:
1417 : case FLOW_DISSECT_RET_CONTINUE:
1418 : break;
1419 0 : case FLOW_DISSECT_RET_OUT_BAD:
1420 : default:
1421 0 : goto out_bad;
1422 : }
1423 :
1424 : out_good:
1425 : ret = true;
1426 :
1427 2 : out:
1428 2 : key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
1429 2 : key_basic->n_proto = proto;
1430 2 : key_basic->ip_proto = ip_proto;
1431 :
1432 2 : return ret;
1433 :
1434 0 : out_bad:
1435 0 : ret = false;
1436 0 : goto out;
1437 : }
1438 : EXPORT_SYMBOL(__skb_flow_dissect);
1439 :
1440 : static siphash_key_t hashrnd __read_mostly;
1441 0 : static __always_inline void __flow_hash_secret_init(void)
1442 : {
1443 0 : net_get_random_once(&hashrnd, sizeof(hashrnd));
1444 : }
1445 :
1446 0 : static const void *flow_keys_hash_start(const struct flow_keys *flow)
1447 : {
1448 0 : BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % SIPHASH_ALIGNMENT);
1449 0 : return &flow->FLOW_KEYS_HASH_START_FIELD;
1450 : }
1451 :
1452 0 : static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
1453 : {
1454 0 : size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
1455 :
1456 0 : BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
1457 :
1458 0 : switch (flow->control.addr_type) {
1459 : case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1460 : diff -= sizeof(flow->addrs.v4addrs);
1461 : break;
1462 : case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1463 : diff -= sizeof(flow->addrs.v6addrs);
1464 : break;
1465 : case FLOW_DISSECTOR_KEY_TIPC:
1466 : diff -= sizeof(flow->addrs.tipckey);
1467 : break;
1468 : }
1469 0 : return sizeof(*flow) - diff;
1470 : }
1471 :
1472 0 : __be32 flow_get_u32_src(const struct flow_keys *flow)
1473 : {
1474 0 : switch (flow->control.addr_type) {
1475 0 : case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1476 0 : return flow->addrs.v4addrs.src;
1477 0 : case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1478 0 : return (__force __be32)ipv6_addr_hash(
1479 : &flow->addrs.v6addrs.src);
1480 0 : case FLOW_DISSECTOR_KEY_TIPC:
1481 0 : return flow->addrs.tipckey.key;
1482 : default:
1483 : return 0;
1484 : }
1485 : }
1486 : EXPORT_SYMBOL(flow_get_u32_src);
1487 :
1488 0 : __be32 flow_get_u32_dst(const struct flow_keys *flow)
1489 : {
1490 0 : switch (flow->control.addr_type) {
1491 0 : case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1492 0 : return flow->addrs.v4addrs.dst;
1493 0 : case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1494 0 : return (__force __be32)ipv6_addr_hash(
1495 : &flow->addrs.v6addrs.dst);
1496 : default:
1497 : return 0;
1498 : }
1499 : }
1500 : EXPORT_SYMBOL(flow_get_u32_dst);
1501 :
1502 : /* Sort the source and destination IP (and the ports if the IP are the same),
1503 : * to have consistent hash within the two directions
1504 : */
1505 0 : static inline void __flow_hash_consistentify(struct flow_keys *keys)
1506 : {
1507 0 : int addr_diff, i;
1508 :
1509 0 : switch (keys->control.addr_type) {
1510 0 : case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
1511 0 : addr_diff = (__force u32)keys->addrs.v4addrs.dst -
1512 0 : (__force u32)keys->addrs.v4addrs.src;
1513 0 : if ((addr_diff < 0) ||
1514 0 : (addr_diff == 0 &&
1515 0 : ((__force u16)keys->ports.dst <
1516 0 : (__force u16)keys->ports.src))) {
1517 0 : swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
1518 0 : swap(keys->ports.src, keys->ports.dst);
1519 : }
1520 : break;
1521 0 : case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
1522 0 : addr_diff = memcmp(&keys->addrs.v6addrs.dst,
1523 0 : &keys->addrs.v6addrs.src,
1524 : sizeof(keys->addrs.v6addrs.dst));
1525 0 : if ((addr_diff < 0) ||
1526 0 : (addr_diff == 0 &&
1527 0 : ((__force u16)keys->ports.dst <
1528 0 : (__force u16)keys->ports.src))) {
1529 0 : for (i = 0; i < 4; i++)
1530 0 : swap(keys->addrs.v6addrs.src.s6_addr32[i],
1531 : keys->addrs.v6addrs.dst.s6_addr32[i]);
1532 0 : swap(keys->ports.src, keys->ports.dst);
1533 : }
1534 : break;
1535 : }
1536 0 : }
1537 :
1538 0 : static inline u32 __flow_hash_from_keys(struct flow_keys *keys,
1539 : const siphash_key_t *keyval)
1540 : {
1541 0 : u32 hash;
1542 :
1543 0 : __flow_hash_consistentify(keys);
1544 :
1545 0 : hash = siphash(flow_keys_hash_start(keys),
1546 : flow_keys_hash_length(keys), keyval);
1547 0 : if (!hash)
1548 : hash = 1;
1549 :
1550 0 : return hash;
1551 : }
1552 :
1553 0 : u32 flow_hash_from_keys(struct flow_keys *keys)
1554 : {
1555 0 : __flow_hash_secret_init();
1556 0 : return __flow_hash_from_keys(keys, &hashrnd);
1557 : }
1558 : EXPORT_SYMBOL(flow_hash_from_keys);
1559 :
1560 0 : static inline u32 ___skb_get_hash(const struct sk_buff *skb,
1561 : struct flow_keys *keys,
1562 : const siphash_key_t *keyval)
1563 : {
1564 0 : skb_flow_dissect_flow_keys(skb, keys,
1565 : FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
1566 :
1567 0 : return __flow_hash_from_keys(keys, keyval);
1568 : }
1569 :
1570 : struct _flow_keys_digest_data {
1571 : __be16 n_proto;
1572 : u8 ip_proto;
1573 : u8 padding;
1574 : __be32 ports;
1575 : __be32 src;
1576 : __be32 dst;
1577 : };
1578 :
1579 0 : void make_flow_keys_digest(struct flow_keys_digest *digest,
1580 : const struct flow_keys *flow)
1581 : {
1582 0 : struct _flow_keys_digest_data *data =
1583 : (struct _flow_keys_digest_data *)digest;
1584 :
1585 0 : BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
1586 :
1587 0 : memset(digest, 0, sizeof(*digest));
1588 :
1589 0 : data->n_proto = flow->basic.n_proto;
1590 0 : data->ip_proto = flow->basic.ip_proto;
1591 0 : data->ports = flow->ports.ports;
1592 0 : data->src = flow->addrs.v4addrs.src;
1593 0 : data->dst = flow->addrs.v4addrs.dst;
1594 0 : }
1595 : EXPORT_SYMBOL(make_flow_keys_digest);
1596 :
1597 : static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
1598 :
1599 0 : u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
1600 : {
1601 0 : struct flow_keys keys;
1602 :
1603 0 : __flow_hash_secret_init();
1604 :
1605 0 : memset(&keys, 0, sizeof(keys));
1606 0 : __skb_flow_dissect(NULL, skb, &flow_keys_dissector_symmetric,
1607 : &keys, NULL, 0, 0, 0,
1608 : FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
1609 :
1610 0 : return __flow_hash_from_keys(&keys, &hashrnd);
1611 : }
1612 : EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
1613 :
1614 : /**
1615 : * __skb_get_hash: calculate a flow hash
1616 : * @skb: sk_buff to calculate flow hash from
1617 : *
1618 : * This function calculates a flow hash based on src/dst addresses
1619 : * and src/dst port numbers. Sets hash in skb to non-zero hash value
1620 : * on success, zero indicates no valid hash. Also, sets l4_hash in skb
1621 : * if hash is a canonical 4-tuple hash over transport ports.
1622 : */
1623 0 : void __skb_get_hash(struct sk_buff *skb)
1624 : {
1625 0 : struct flow_keys keys;
1626 0 : u32 hash;
1627 :
1628 0 : __flow_hash_secret_init();
1629 :
1630 0 : hash = ___skb_get_hash(skb, &keys, &hashrnd);
1631 :
1632 0 : __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
1633 0 : }
1634 : EXPORT_SYMBOL(__skb_get_hash);
1635 :
1636 0 : __u32 skb_get_hash_perturb(const struct sk_buff *skb,
1637 : const siphash_key_t *perturb)
1638 : {
1639 0 : struct flow_keys keys;
1640 :
1641 0 : return ___skb_get_hash(skb, &keys, perturb);
1642 : }
1643 : EXPORT_SYMBOL(skb_get_hash_perturb);
1644 :
1645 0 : u32 __skb_get_poff(const struct sk_buff *skb, void *data,
1646 : const struct flow_keys_basic *keys, int hlen)
1647 : {
1648 0 : u32 poff = keys->control.thoff;
1649 :
1650 : /* skip L4 headers for fragments after the first */
1651 0 : if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
1652 : !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
1653 : return poff;
1654 :
1655 0 : switch (keys->basic.ip_proto) {
1656 0 : case IPPROTO_TCP: {
1657 : /* access doff as u8 to avoid unaligned access */
1658 0 : const u8 *doff;
1659 0 : u8 _doff;
1660 :
1661 0 : doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
1662 : data, hlen, &_doff);
1663 0 : if (!doff)
1664 0 : return poff;
1665 :
1666 0 : poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
1667 0 : break;
1668 : }
1669 0 : case IPPROTO_UDP:
1670 : case IPPROTO_UDPLITE:
1671 0 : poff += sizeof(struct udphdr);
1672 0 : break;
1673 : /* For the rest, we do not really care about header
1674 : * extensions at this point for now.
1675 : */
1676 0 : case IPPROTO_ICMP:
1677 0 : poff += sizeof(struct icmphdr);
1678 0 : break;
1679 0 : case IPPROTO_ICMPV6:
1680 0 : poff += sizeof(struct icmp6hdr);
1681 0 : break;
1682 0 : case IPPROTO_IGMP:
1683 0 : poff += sizeof(struct igmphdr);
1684 0 : break;
1685 0 : case IPPROTO_DCCP:
1686 0 : poff += sizeof(struct dccp_hdr);
1687 0 : break;
1688 0 : case IPPROTO_SCTP:
1689 0 : poff += sizeof(struct sctphdr);
1690 0 : break;
1691 : }
1692 :
1693 : return poff;
1694 : }
1695 :
1696 : /**
1697 : * skb_get_poff - get the offset to the payload
1698 : * @skb: sk_buff to get the payload offset from
1699 : *
1700 : * The function will get the offset to the payload as far as it could
1701 : * be dissected. The main user is currently BPF, so that we can dynamically
1702 : * truncate packets without needing to push actual payload to the user
1703 : * space and can analyze headers only, instead.
1704 : */
1705 0 : u32 skb_get_poff(const struct sk_buff *skb)
1706 : {
1707 0 : struct flow_keys_basic keys;
1708 :
1709 0 : if (!skb_flow_dissect_flow_keys_basic(NULL, skb, &keys,
1710 : NULL, 0, 0, 0, 0))
1711 : return 0;
1712 :
1713 0 : return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
1714 : }
1715 :
1716 0 : __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
1717 : {
1718 0 : memset(keys, 0, sizeof(*keys));
1719 :
1720 0 : memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
1721 : sizeof(keys->addrs.v6addrs.src));
1722 0 : memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
1723 : sizeof(keys->addrs.v6addrs.dst));
1724 0 : keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1725 0 : keys->ports.src = fl6->fl6_sport;
1726 0 : keys->ports.dst = fl6->fl6_dport;
1727 0 : keys->keyid.keyid = fl6->fl6_gre_key;
1728 0 : keys->tags.flow_label = (__force u32)flowi6_get_flowlabel(fl6);
1729 0 : keys->basic.ip_proto = fl6->flowi6_proto;
1730 :
1731 0 : return flow_hash_from_keys(keys);
1732 : }
1733 : EXPORT_SYMBOL(__get_hash_from_flowi6);
1734 :
1735 : static const struct flow_dissector_key flow_keys_dissector_keys[] = {
1736 : {
1737 : .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1738 : .offset = offsetof(struct flow_keys, control),
1739 : },
1740 : {
1741 : .key_id = FLOW_DISSECTOR_KEY_BASIC,
1742 : .offset = offsetof(struct flow_keys, basic),
1743 : },
1744 : {
1745 : .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1746 : .offset = offsetof(struct flow_keys, addrs.v4addrs),
1747 : },
1748 : {
1749 : .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1750 : .offset = offsetof(struct flow_keys, addrs.v6addrs),
1751 : },
1752 : {
1753 : .key_id = FLOW_DISSECTOR_KEY_TIPC,
1754 : .offset = offsetof(struct flow_keys, addrs.tipckey),
1755 : },
1756 : {
1757 : .key_id = FLOW_DISSECTOR_KEY_PORTS,
1758 : .offset = offsetof(struct flow_keys, ports),
1759 : },
1760 : {
1761 : .key_id = FLOW_DISSECTOR_KEY_VLAN,
1762 : .offset = offsetof(struct flow_keys, vlan),
1763 : },
1764 : {
1765 : .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
1766 : .offset = offsetof(struct flow_keys, tags),
1767 : },
1768 : {
1769 : .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
1770 : .offset = offsetof(struct flow_keys, keyid),
1771 : },
1772 : };
1773 :
1774 : static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
1775 : {
1776 : .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1777 : .offset = offsetof(struct flow_keys, control),
1778 : },
1779 : {
1780 : .key_id = FLOW_DISSECTOR_KEY_BASIC,
1781 : .offset = offsetof(struct flow_keys, basic),
1782 : },
1783 : {
1784 : .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1785 : .offset = offsetof(struct flow_keys, addrs.v4addrs),
1786 : },
1787 : {
1788 : .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1789 : .offset = offsetof(struct flow_keys, addrs.v6addrs),
1790 : },
1791 : {
1792 : .key_id = FLOW_DISSECTOR_KEY_PORTS,
1793 : .offset = offsetof(struct flow_keys, ports),
1794 : },
1795 : };
1796 :
1797 : static const struct flow_dissector_key flow_keys_basic_dissector_keys[] = {
1798 : {
1799 : .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1800 : .offset = offsetof(struct flow_keys, control),
1801 : },
1802 : {
1803 : .key_id = FLOW_DISSECTOR_KEY_BASIC,
1804 : .offset = offsetof(struct flow_keys, basic),
1805 : },
1806 : };
1807 :
1808 : struct flow_dissector flow_keys_dissector __read_mostly;
1809 : EXPORT_SYMBOL(flow_keys_dissector);
1810 :
1811 : struct flow_dissector flow_keys_basic_dissector __read_mostly;
1812 : EXPORT_SYMBOL(flow_keys_basic_dissector);
1813 :
1814 1 : static int __init init_default_flow_dissectors(void)
1815 : {
1816 1 : skb_flow_dissector_init(&flow_keys_dissector,
1817 : flow_keys_dissector_keys,
1818 : ARRAY_SIZE(flow_keys_dissector_keys));
1819 1 : skb_flow_dissector_init(&flow_keys_dissector_symmetric,
1820 : flow_keys_dissector_symmetric_keys,
1821 : ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
1822 1 : skb_flow_dissector_init(&flow_keys_basic_dissector,
1823 : flow_keys_basic_dissector_keys,
1824 : ARRAY_SIZE(flow_keys_basic_dissector_keys));
1825 1 : return 0;
1826 : }
1827 : core_initcall(init_default_flow_dissectors);
|
