flow_dissector.h 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. #ifndef _NET_FLOW_DISSECTOR_H
  3. #define _NET_FLOW_DISSECTOR_H
  4. #include <linux/types.h>
  5. #include <linux/in6.h>
  6. #include <linux/siphash.h>
  7. #include <linux/string.h>
  8. #include <uapi/linux/if_ether.h>
  9. #include <uapi/linux/pkt_cls.h>
  10. struct bpf_prog;
  11. struct net;
  12. struct sk_buff;
  13. /**
  14. * struct flow_dissector_key_control:
  15. * @thoff: Transport header offset
  16. * @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_*
  17. * @flags: Key flags.
  18. * Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAG|ENCAPSULATION|F_*)
  19. */
  20. struct flow_dissector_key_control {
  21. u16 thoff;
  22. u16 addr_type;
  23. u32 flags;
  24. };
  25. /* The control flags are kept in sync with TCA_FLOWER_KEY_FLAGS_*, as those
  26. * flags are exposed to userspace in some error paths, ie. unsupported flags.
  27. */
  28. enum flow_dissector_ctrl_flags {
  29. FLOW_DIS_IS_FRAGMENT = TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT,
  30. FLOW_DIS_FIRST_FRAG = TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
  31. FLOW_DIS_F_TUNNEL_CSUM = TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM,
  32. FLOW_DIS_F_TUNNEL_DONT_FRAGMENT = TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT,
  33. FLOW_DIS_F_TUNNEL_OAM = TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM,
  34. FLOW_DIS_F_TUNNEL_CRIT_OPT = TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT,
  35. /* These flags are internal to the kernel */
  36. FLOW_DIS_ENCAPSULATION = (TCA_FLOWER_KEY_FLAGS_MAX << 1),
  37. };
  38. enum flow_dissect_ret {
  39. FLOW_DISSECT_RET_OUT_GOOD,
  40. FLOW_DISSECT_RET_OUT_BAD,
  41. FLOW_DISSECT_RET_PROTO_AGAIN,
  42. FLOW_DISSECT_RET_IPPROTO_AGAIN,
  43. FLOW_DISSECT_RET_CONTINUE,
  44. };
  45. /**
  46. * struct flow_dissector_key_basic:
  47. * @n_proto: Network header protocol (eg. IPv4/IPv6)
  48. * @ip_proto: Transport header protocol (eg. TCP/UDP)
  49. * @padding: Unused
  50. */
  51. struct flow_dissector_key_basic {
  52. __be16 n_proto;
  53. u8 ip_proto;
  54. u8 padding;
  55. };
  56. struct flow_dissector_key_tags {
  57. u32 flow_label;
  58. };
  59. struct flow_dissector_key_vlan {
  60. union {
  61. struct {
  62. u16 vlan_id:12,
  63. vlan_dei:1,
  64. vlan_priority:3;
  65. };
  66. __be16 vlan_tci;
  67. };
  68. __be16 vlan_tpid;
  69. __be16 vlan_eth_type;
  70. u16 padding;
  71. };
  72. struct flow_dissector_mpls_lse {
  73. u32 mpls_ttl:8,
  74. mpls_bos:1,
  75. mpls_tc:3,
  76. mpls_label:20;
  77. };
  78. #define FLOW_DIS_MPLS_MAX 7
  79. struct flow_dissector_key_mpls {
  80. struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; /* Label Stack */
  81. u8 used_lses; /* One bit set for each Label Stack Entry in use */
  82. };
  83. static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls,
  84. int lse_index)
  85. {
  86. mpls->used_lses |= 1 << lse_index;
  87. }
  88. #define FLOW_DIS_TUN_OPTS_MAX 255
  89. /**
  90. * struct flow_dissector_key_enc_opts:
  91. * @data: tunnel option data
  92. * @len: length of tunnel option data
  93. * @dst_opt_type: tunnel option type
  94. */
  95. struct flow_dissector_key_enc_opts {
  96. u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired
  97. * here but seems difficult to #include
  98. */
  99. u8 len;
  100. u32 dst_opt_type;
  101. };
  102. struct flow_dissector_key_keyid {
  103. __be32 keyid;
  104. };
  105. /**
  106. * struct flow_dissector_key_ipv4_addrs:
  107. * @src: source ip address
  108. * @dst: destination ip address
  109. */
  110. struct flow_dissector_key_ipv4_addrs {
  111. /* (src,dst) must be grouped, in the same way than in IP header */
  112. __be32 src;
  113. __be32 dst;
  114. };
  115. /**
  116. * struct flow_dissector_key_ipv6_addrs:
  117. * @src: source ip address
  118. * @dst: destination ip address
  119. */
  120. struct flow_dissector_key_ipv6_addrs {
  121. /* (src,dst) must be grouped, in the same way than in IP header */
  122. struct in6_addr src;
  123. struct in6_addr dst;
  124. };
  125. /**
  126. * struct flow_dissector_key_tipc:
  127. * @key: source node address combined with selector
  128. */
  129. struct flow_dissector_key_tipc {
  130. __be32 key;
  131. };
  132. /**
  133. * struct flow_dissector_key_addrs:
  134. * @v4addrs: IPv4 addresses
  135. * @v6addrs: IPv6 addresses
  136. * @tipckey: TIPC key
  137. */
  138. struct flow_dissector_key_addrs {
  139. union {
  140. struct flow_dissector_key_ipv4_addrs v4addrs;
  141. struct flow_dissector_key_ipv6_addrs v6addrs;
  142. struct flow_dissector_key_tipc tipckey;
  143. };
  144. };
  145. /**
  146. * struct flow_dissector_key_arp:
  147. * @sip: Sender IP address
  148. * @tip: Target IP address
  149. * @op: Operation
  150. * @sha: Sender hardware address
  151. * @tha: Target hardware address
  152. */
  153. struct flow_dissector_key_arp {
  154. __u32 sip;
  155. __u32 tip;
  156. __u8 op;
  157. unsigned char sha[ETH_ALEN];
  158. unsigned char tha[ETH_ALEN];
  159. };
  160. /**
  161. * struct flow_dissector_key_ports:
  162. * @ports: port numbers of Transport header
  163. * @src: source port number
  164. * @dst: destination port number
  165. */
  166. struct flow_dissector_key_ports {
  167. union {
  168. __be32 ports;
  169. struct {
  170. __be16 src;
  171. __be16 dst;
  172. };
  173. };
  174. };
  175. /**
  176. * struct flow_dissector_key_ports_range
  177. * @tp: port number from packet
  178. * @tp_min: min port number in range
  179. * @tp_max: max port number in range
  180. */
  181. struct flow_dissector_key_ports_range {
  182. union {
  183. struct flow_dissector_key_ports tp;
  184. struct {
  185. struct flow_dissector_key_ports tp_min;
  186. struct flow_dissector_key_ports tp_max;
  187. };
  188. };
  189. };
  190. /**
  191. * struct flow_dissector_key_icmp:
  192. * @type: ICMP type
  193. * @code: ICMP code
  194. * @id: Session identifier
  195. */
  196. struct flow_dissector_key_icmp {
  197. struct {
  198. u8 type;
  199. u8 code;
  200. };
  201. u16 id;
  202. };
  203. /**
  204. * struct flow_dissector_key_eth_addrs:
  205. * @src: source Ethernet address
  206. * @dst: destination Ethernet address
  207. */
  208. struct flow_dissector_key_eth_addrs {
  209. /* (dst,src) must be grouped, in the same way than in ETH header */
  210. unsigned char dst[ETH_ALEN];
  211. unsigned char src[ETH_ALEN];
  212. };
  213. /**
  214. * struct flow_dissector_key_tcp:
  215. * @flags: flags
  216. */
  217. struct flow_dissector_key_tcp {
  218. __be16 flags;
  219. };
  220. /**
  221. * struct flow_dissector_key_ip:
  222. * @tos: tos
  223. * @ttl: ttl
  224. */
  225. struct flow_dissector_key_ip {
  226. __u8 tos;
  227. __u8 ttl;
  228. };
  229. /**
  230. * struct flow_dissector_key_meta:
  231. * @ingress_ifindex: ingress ifindex
  232. * @ingress_iftype: ingress interface type
  233. * @l2_miss: packet did not match an L2 entry during forwarding
  234. */
  235. struct flow_dissector_key_meta {
  236. int ingress_ifindex;
  237. u16 ingress_iftype;
  238. u8 l2_miss;
  239. };
  240. /**
  241. * struct flow_dissector_key_ct:
  242. * @ct_state: conntrack state after converting with map
  243. * @ct_mark: conttrack mark
  244. * @ct_zone: conntrack zone
  245. * @ct_labels: conntrack labels
  246. */
  247. struct flow_dissector_key_ct {
  248. u16 ct_state;
  249. u16 ct_zone;
  250. u32 ct_mark;
  251. u32 ct_labels[4];
  252. };
  253. /**
  254. * struct flow_dissector_key_hash:
  255. * @hash: hash value
  256. */
  257. struct flow_dissector_key_hash {
  258. u32 hash;
  259. };
  260. /**
  261. * struct flow_dissector_key_num_of_vlans:
  262. * @num_of_vlans: num_of_vlans value
  263. */
  264. struct flow_dissector_key_num_of_vlans {
  265. u8 num_of_vlans;
  266. };
  267. /**
  268. * struct flow_dissector_key_pppoe:
  269. * @session_id: pppoe session id
  270. * @ppp_proto: ppp protocol
  271. * @type: pppoe eth type
  272. */
  273. struct flow_dissector_key_pppoe {
  274. __be16 session_id;
  275. __be16 ppp_proto;
  276. __be16 type;
  277. };
  278. /**
  279. * struct flow_dissector_key_l2tpv3:
  280. * @session_id: identifier for a l2tp session
  281. */
  282. struct flow_dissector_key_l2tpv3 {
  283. __be32 session_id;
  284. };
  285. /**
  286. * struct flow_dissector_key_ipsec:
  287. * @spi: identifier for a ipsec connection
  288. */
  289. struct flow_dissector_key_ipsec {
  290. __be32 spi;
  291. };
  292. /**
  293. * struct flow_dissector_key_cfm
  294. * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
  295. * @opcode: code specifying a type of cfm protocol packet
  296. *
  297. * See 802.1ag, ITU-T G.8013/Y.1731
  298. * 1 2
  299. * |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|
  300. * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  301. * | mdl | version | opcode |
  302. * +-----+---------+-+-+-+-+-+-+-+-+
  303. */
  304. struct flow_dissector_key_cfm {
  305. u8 mdl_ver;
  306. u8 opcode;
  307. };
  308. #define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
  309. #define FLOW_DIS_CFM_MDL_MAX 7
  310. enum flow_dissector_key_id {
  311. FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
  312. FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
  313. FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
  314. FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
  315. FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */
  316. FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */
  317. FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */
  318. FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */
  319. FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */
  320. FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */
  321. FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */
  322. FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */
  323. FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */
  324. FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */
  325. FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */
  326. FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
  327. FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
  328. FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */
  329. FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
  330. FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
  331. FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
  332. FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
  333. FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */
  334. FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */
  335. FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */
  336. FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */
  337. FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
  338. FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
  339. FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
  340. FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
  341. FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
  342. FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
  343. FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
  344. FLOW_DISSECTOR_KEY_MAX,
  345. };
  346. #define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0)
  347. #define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1)
  348. #define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2)
  349. #define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3)
  350. struct flow_dissector_key {
  351. enum flow_dissector_key_id key_id;
  352. size_t offset; /* offset of struct flow_dissector_key_*
  353. in target the struct */
  354. };
  355. struct flow_dissector {
  356. unsigned long long used_keys;
  357. /* each bit represents presence of one key id */
  358. unsigned short int offset[FLOW_DISSECTOR_KEY_MAX];
  359. };
  360. struct flow_keys_basic {
  361. struct flow_dissector_key_control control;
  362. struct flow_dissector_key_basic basic;
  363. };
  364. struct flow_keys {
  365. struct flow_dissector_key_control control;
  366. #define FLOW_KEYS_HASH_START_FIELD basic
  367. struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT);
  368. struct flow_dissector_key_tags tags;
  369. struct flow_dissector_key_vlan vlan;
  370. struct flow_dissector_key_vlan cvlan;
  371. struct flow_dissector_key_keyid keyid;
  372. struct flow_dissector_key_ports ports;
  373. struct flow_dissector_key_icmp icmp;
  374. /* 'addrs' must be the last member */
  375. struct flow_dissector_key_addrs addrs;
  376. };
  377. #define FLOW_KEYS_HASH_OFFSET \
  378. offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD)
  379. __be32 flow_get_u32_src(const struct flow_keys *flow);
  380. __be32 flow_get_u32_dst(const struct flow_keys *flow);
  381. extern struct flow_dissector flow_keys_dissector;
  382. extern struct flow_dissector flow_keys_basic_dissector;
  383. /* struct flow_keys_digest:
  384. *
  385. * This structure is used to hold a digest of the full flow keys. This is a
  386. * larger "hash" of a flow to allow definitively matching specific flows where
  387. * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so
  388. * that it can be used in CB of skb (see sch_choke for an example).
  389. */
  390. #define FLOW_KEYS_DIGEST_LEN 16
  391. struct flow_keys_digest {
  392. u8 data[FLOW_KEYS_DIGEST_LEN];
  393. };
  394. void make_flow_keys_digest(struct flow_keys_digest *digest,
  395. const struct flow_keys *flow);
  396. static inline bool flow_keys_have_l4(const struct flow_keys *keys)
  397. {
  398. return (keys->ports.ports || keys->tags.flow_label);
  399. }
  400. u32 flow_hash_from_keys(struct flow_keys *keys);
  401. u32 flow_hash_from_keys_seed(struct flow_keys *keys,
  402. const siphash_key_t *keyval);
  403. void skb_flow_get_icmp_tci(const struct sk_buff *skb,
  404. struct flow_dissector_key_icmp *key_icmp,
  405. const void *data, int thoff, int hlen);
  406. static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector,
  407. enum flow_dissector_key_id key_id)
  408. {
  409. return flow_dissector->used_keys & (1ULL << key_id);
  410. }
  411. static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector,
  412. enum flow_dissector_key_id key_id,
  413. void *target_container)
  414. {
  415. return ((char *)target_container) + flow_dissector->offset[key_id];
  416. }
  417. struct bpf_flow_dissector {
  418. struct bpf_flow_keys *flow_keys;
  419. const struct sk_buff *skb;
  420. const void *data;
  421. const void *data_end;
  422. };
  423. static inline void
  424. flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
  425. struct flow_dissector_key_basic *key_basic)
  426. {
  427. memset(key_control, 0, sizeof(*key_control));
  428. memset(key_basic, 0, sizeof(*key_basic));
  429. }
  430. #ifdef CONFIG_BPF_SYSCALL
  431. int flow_dissector_bpf_prog_attach_check(struct net *net,
  432. struct bpf_prog *prog);
  433. #endif /* CONFIG_BPF_SYSCALL */
  434. #endif