Loading...
1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _NET_FLOW_DISSECTOR_H
3#define _NET_FLOW_DISSECTOR_H
4
5#include <linux/types.h>
6#include <linux/in6.h>
7#include <linux/siphash.h>
8#include <linux/string.h>
9#include <uapi/linux/if_ether.h>
10#include <uapi/linux/pkt_cls.h>
11
12struct bpf_prog;
13struct net;
14struct sk_buff;
15
16/**
17 * struct flow_dissector_key_control:
18 * @thoff: Transport header offset
19 * @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_*
20 * @flags: Key flags.
21 * Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAG|ENCAPSULATION|F_*)
22 */
23struct flow_dissector_key_control {
24 u16 thoff;
25 u16 addr_type;
26 u32 flags;
27};
28
29/* The control flags are kept in sync with TCA_FLOWER_KEY_FLAGS_*, as those
30 * flags are exposed to userspace in some error paths, ie. unsupported flags.
31 */
32enum flow_dissector_ctrl_flags {
33 FLOW_DIS_IS_FRAGMENT = TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT,
34 FLOW_DIS_FIRST_FRAG = TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
35 FLOW_DIS_F_TUNNEL_CSUM = TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM,
36 FLOW_DIS_F_TUNNEL_DONT_FRAGMENT = TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT,
37 FLOW_DIS_F_TUNNEL_OAM = TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM,
38 FLOW_DIS_F_TUNNEL_CRIT_OPT = TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT,
39
40 /* These flags are internal to the kernel */
41 FLOW_DIS_ENCAPSULATION = (TCA_FLOWER_KEY_FLAGS_MAX << 1),
42};
43
44enum flow_dissect_ret {
45 FLOW_DISSECT_RET_OUT_GOOD,
46 FLOW_DISSECT_RET_OUT_BAD,
47 FLOW_DISSECT_RET_PROTO_AGAIN,
48 FLOW_DISSECT_RET_IPPROTO_AGAIN,
49 FLOW_DISSECT_RET_CONTINUE,
50};
51
52/**
53 * struct flow_dissector_key_basic:
54 * @n_proto: Network header protocol (eg. IPv4/IPv6)
55 * @ip_proto: Transport header protocol (eg. TCP/UDP)
56 * @padding: Unused
57 */
58struct flow_dissector_key_basic {
59 __be16 n_proto;
60 u8 ip_proto;
61 u8 padding;
62};
63
64struct flow_dissector_key_tags {
65 u32 flow_label;
66};
67
68struct flow_dissector_key_vlan {
69 union {
70 struct {
71 u16 vlan_id:12,
72 vlan_dei:1,
73 vlan_priority:3;
74 };
75 __be16 vlan_tci;
76 };
77 __be16 vlan_tpid;
78 __be16 vlan_eth_type;
79 u16 padding;
80};
81
82struct flow_dissector_mpls_lse {
83 u32 mpls_ttl:8,
84 mpls_bos:1,
85 mpls_tc:3,
86 mpls_label:20;
87};
88
89#define FLOW_DIS_MPLS_MAX 7
90struct flow_dissector_key_mpls {
91 struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; /* Label Stack */
92 u8 used_lses; /* One bit set for each Label Stack Entry in use */
93};
94
95static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls,
96 int lse_index)
97{
98 mpls->used_lses |= 1 << lse_index;
99}
100
101#define FLOW_DIS_TUN_OPTS_MAX 255
102/**
103 * struct flow_dissector_key_enc_opts:
104 * @data: tunnel option data
105 * @len: length of tunnel option data
106 * @dst_opt_type: tunnel option type
107 */
108struct flow_dissector_key_enc_opts {
109 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired
110 * here but seems difficult to #include
111 */
112 u8 len;
113 u32 dst_opt_type;
114};
115
116struct flow_dissector_key_keyid {
117 __be32 keyid;
118};
119
120/**
121 * struct flow_dissector_key_ipv4_addrs:
122 * @src: source ip address
123 * @dst: destination ip address
124 */
125struct flow_dissector_key_ipv4_addrs {
126 /* (src,dst) must be grouped, in the same way than in IP header */
127 __be32 src;
128 __be32 dst;
129};
130
131/**
132 * struct flow_dissector_key_ipv6_addrs:
133 * @src: source ip address
134 * @dst: destination ip address
135 */
136struct flow_dissector_key_ipv6_addrs {
137 /* (src,dst) must be grouped, in the same way than in IP header */
138 struct in6_addr src;
139 struct in6_addr dst;
140};
141
142/**
143 * struct flow_dissector_key_tipc:
144 * @key: source node address combined with selector
145 */
146struct flow_dissector_key_tipc {
147 __be32 key;
148};
149
150/**
151 * struct flow_dissector_key_addrs:
152 * @v4addrs: IPv4 addresses
153 * @v6addrs: IPv6 addresses
154 * @tipckey: TIPC key
155 */
156struct flow_dissector_key_addrs {
157 union {
158 struct flow_dissector_key_ipv4_addrs v4addrs;
159 struct flow_dissector_key_ipv6_addrs v6addrs;
160 struct flow_dissector_key_tipc tipckey;
161 };
162};
163
164/**
165 * struct flow_dissector_key_arp:
166 * @sip: Sender IP address
167 * @tip: Target IP address
168 * @op: Operation
169 * @sha: Sender hardware address
170 * @tha: Target hardware address
171 */
172struct flow_dissector_key_arp {
173 __u32 sip;
174 __u32 tip;
175 __u8 op;
176 unsigned char sha[ETH_ALEN];
177 unsigned char tha[ETH_ALEN];
178};
179
180/**
181 * struct flow_dissector_key_ports:
182 * @ports: port numbers of Transport header
183 * @src: source port number
184 * @dst: destination port number
185 */
186struct flow_dissector_key_ports {
187 union {
188 __be32 ports;
189 struct {
190 __be16 src;
191 __be16 dst;
192 };
193 };
194};
195
196/**
197 * struct flow_dissector_key_ports_range
198 * @tp: port number from packet
199 * @tp_min: min port number in range
200 * @tp_max: max port number in range
201 */
202struct flow_dissector_key_ports_range {
203 union {
204 struct flow_dissector_key_ports tp;
205 struct {
206 struct flow_dissector_key_ports tp_min;
207 struct flow_dissector_key_ports tp_max;
208 };
209 };
210};
211
212/**
213 * struct flow_dissector_key_icmp:
214 * @type: ICMP type
215 * @code: ICMP code
216 * @id: Session identifier
217 */
218struct flow_dissector_key_icmp {
219 struct {
220 u8 type;
221 u8 code;
222 };
223 u16 id;
224};
225
226/**
227 * struct flow_dissector_key_eth_addrs:
228 * @src: source Ethernet address
229 * @dst: destination Ethernet address
230 */
231struct flow_dissector_key_eth_addrs {
232 /* (dst,src) must be grouped, in the same way than in ETH header */
233 unsigned char dst[ETH_ALEN];
234 unsigned char src[ETH_ALEN];
235};
236
237/**
238 * struct flow_dissector_key_tcp:
239 * @flags: flags
240 */
241struct flow_dissector_key_tcp {
242 __be16 flags;
243};
244
245/**
246 * struct flow_dissector_key_ip:
247 * @tos: tos
248 * @ttl: ttl
249 */
250struct flow_dissector_key_ip {
251 __u8 tos;
252 __u8 ttl;
253};
254
255/**
256 * struct flow_dissector_key_meta:
257 * @ingress_ifindex: ingress ifindex
258 * @ingress_iftype: ingress interface type
259 * @l2_miss: packet did not match an L2 entry during forwarding
260 */
261struct flow_dissector_key_meta {
262 int ingress_ifindex;
263 u16 ingress_iftype;
264 u8 l2_miss;
265};
266
267/**
268 * struct flow_dissector_key_ct:
269 * @ct_state: conntrack state after converting with map
270 * @ct_mark: conttrack mark
271 * @ct_zone: conntrack zone
272 * @ct_labels: conntrack labels
273 */
274struct flow_dissector_key_ct {
275 u16 ct_state;
276 u16 ct_zone;
277 u32 ct_mark;
278 u32 ct_labels[4];
279};
280
281/**
282 * struct flow_dissector_key_hash:
283 * @hash: hash value
284 */
285struct flow_dissector_key_hash {
286 u32 hash;
287};
288
289/**
290 * struct flow_dissector_key_num_of_vlans:
291 * @num_of_vlans: num_of_vlans value
292 */
293struct flow_dissector_key_num_of_vlans {
294 u8 num_of_vlans;
295};
296
297/**
298 * struct flow_dissector_key_pppoe:
299 * @session_id: pppoe session id
300 * @ppp_proto: ppp protocol
301 * @type: pppoe eth type
302 */
303struct flow_dissector_key_pppoe {
304 __be16 session_id;
305 __be16 ppp_proto;
306 __be16 type;
307};
308
309/**
310 * struct flow_dissector_key_l2tpv3:
311 * @session_id: identifier for a l2tp session
312 */
313struct flow_dissector_key_l2tpv3 {
314 __be32 session_id;
315};
316
317/**
318 * struct flow_dissector_key_ipsec:
319 * @spi: identifier for a ipsec connection
320 */
321struct flow_dissector_key_ipsec {
322 __be32 spi;
323};
324
325/**
326 * struct flow_dissector_key_cfm
327 * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
328 * @opcode: code specifying a type of cfm protocol packet
329 *
330 * See 802.1ag, ITU-T G.8013/Y.1731
331 * 1 2
332 * |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|
333 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
334 * | mdl | version | opcode |
335 * +-----+---------+-+-+-+-+-+-+-+-+
336 */
337struct flow_dissector_key_cfm {
338 u8 mdl_ver;
339 u8 opcode;
340};
341
342#define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
343#define FLOW_DIS_CFM_MDL_MAX 7
344
345enum flow_dissector_key_id {
346 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
347 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
348 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
349 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
350 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */
351 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */
352 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */
353 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */
354 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */
355 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */
356 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */
357 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */
358 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */
359 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */
360 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */
361 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
362 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
363 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */
364 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
365 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
366 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
367 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
368 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */
369 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */
370 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */
371 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */
372 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
373 FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
374 FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
375 FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
376 FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
377 FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
378 FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
379
380 FLOW_DISSECTOR_KEY_MAX,
381};
382
383#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0)
384#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1)
385#define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2)
386#define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3)
387
388struct flow_dissector_key {
389 enum flow_dissector_key_id key_id;
390 size_t offset; /* offset of struct flow_dissector_key_*
391 in target the struct */
392};
393
394struct flow_dissector {
395 unsigned long long used_keys;
396 /* each bit represents presence of one key id */
397 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX];
398};
399
400struct flow_keys_basic {
401 struct flow_dissector_key_control control;
402 struct flow_dissector_key_basic basic;
403};
404
405struct flow_keys {
406 struct flow_dissector_key_control control;
407#define FLOW_KEYS_HASH_START_FIELD basic
408 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT);
409 struct flow_dissector_key_tags tags;
410 struct flow_dissector_key_vlan vlan;
411 struct flow_dissector_key_vlan cvlan;
412 struct flow_dissector_key_keyid keyid;
413 struct flow_dissector_key_ports ports;
414 struct flow_dissector_key_icmp icmp;
415 /* 'addrs' must be the last member */
416 struct flow_dissector_key_addrs addrs;
417};
418
419#define FLOW_KEYS_HASH_OFFSET \
420 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD)
421
422__be32 flow_get_u32_src(const struct flow_keys *flow);
423__be32 flow_get_u32_dst(const struct flow_keys *flow);
424
425extern struct flow_dissector flow_keys_dissector;
426extern struct flow_dissector flow_keys_basic_dissector;
427
428/* struct flow_keys_digest:
429 *
430 * This structure is used to hold a digest of the full flow keys. This is a
431 * larger "hash" of a flow to allow definitively matching specific flows where
432 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so
433 * that it can be used in CB of skb (see sch_choke for an example).
434 */
435#define FLOW_KEYS_DIGEST_LEN 16
436struct flow_keys_digest {
437 u8 data[FLOW_KEYS_DIGEST_LEN];
438};
439
440void make_flow_keys_digest(struct flow_keys_digest *digest,
441 const struct flow_keys *flow);
442
443static inline bool flow_keys_have_l4(const struct flow_keys *keys)
444{
445 return (keys->ports.ports || keys->tags.flow_label);
446}
447
448u32 flow_hash_from_keys(struct flow_keys *keys);
449u32 flow_hash_from_keys_seed(struct flow_keys *keys,
450 const siphash_key_t *keyval);
451void skb_flow_get_icmp_tci(const struct sk_buff *skb,
452 struct flow_dissector_key_icmp *key_icmp,
453 const void *data, int thoff, int hlen);
454
455static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector,
456 enum flow_dissector_key_id key_id)
457{
458 return flow_dissector->used_keys & (1ULL << key_id);
459}
460
461static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector,
462 enum flow_dissector_key_id key_id,
463 void *target_container)
464{
465 return ((char *)target_container) + flow_dissector->offset[key_id];
466}
467
468struct bpf_flow_dissector {
469 struct bpf_flow_keys *flow_keys;
470 const struct sk_buff *skb;
471 const void *data;
472 const void *data_end;
473};
474
475static inline void
476flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
477 struct flow_dissector_key_basic *key_basic)
478{
479 memset(key_control, 0, sizeof(*key_control));
480 memset(key_basic, 0, sizeof(*key_basic));
481}
482
483#ifdef CONFIG_BPF_SYSCALL
484int flow_dissector_bpf_prog_attach_check(struct net *net,
485 struct bpf_prog *prog);
486#endif /* CONFIG_BPF_SYSCALL */
487
488#endif
1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _NET_FLOW_DISSECTOR_H
3#define _NET_FLOW_DISSECTOR_H
4
5#include <linux/types.h>
6#include <linux/in6.h>
7#include <linux/siphash.h>
8#include <linux/string.h>
9#include <uapi/linux/if_ether.h>
10
11struct bpf_prog;
12struct net;
13struct sk_buff;
14
15/**
16 * struct flow_dissector_key_control:
17 * @thoff: Transport header offset
18 */
19struct flow_dissector_key_control {
20 u16 thoff;
21 u16 addr_type;
22 u32 flags;
23};
24
25#define FLOW_DIS_IS_FRAGMENT BIT(0)
26#define FLOW_DIS_FIRST_FRAG BIT(1)
27#define FLOW_DIS_ENCAPSULATION BIT(2)
28
29enum flow_dissect_ret {
30 FLOW_DISSECT_RET_OUT_GOOD,
31 FLOW_DISSECT_RET_OUT_BAD,
32 FLOW_DISSECT_RET_PROTO_AGAIN,
33 FLOW_DISSECT_RET_IPPROTO_AGAIN,
34 FLOW_DISSECT_RET_CONTINUE,
35};
36
37/**
38 * struct flow_dissector_key_basic:
39 * @n_proto: Network header protocol (eg. IPv4/IPv6)
40 * @ip_proto: Transport header protocol (eg. TCP/UDP)
41 */
42struct flow_dissector_key_basic {
43 __be16 n_proto;
44 u8 ip_proto;
45 u8 padding;
46};
47
48struct flow_dissector_key_tags {
49 u32 flow_label;
50};
51
52struct flow_dissector_key_vlan {
53 union {
54 struct {
55 u16 vlan_id:12,
56 vlan_dei:1,
57 vlan_priority:3;
58 };
59 __be16 vlan_tci;
60 };
61 __be16 vlan_tpid;
62 __be16 vlan_eth_type;
63 u16 padding;
64};
65
66struct flow_dissector_mpls_lse {
67 u32 mpls_ttl:8,
68 mpls_bos:1,
69 mpls_tc:3,
70 mpls_label:20;
71};
72
73#define FLOW_DIS_MPLS_MAX 7
74struct flow_dissector_key_mpls {
75 struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; /* Label Stack */
76 u8 used_lses; /* One bit set for each Label Stack Entry in use */
77};
78
79static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls,
80 int lse_index)
81{
82 mpls->used_lses |= 1 << lse_index;
83}
84
85#define FLOW_DIS_TUN_OPTS_MAX 255
86/**
87 * struct flow_dissector_key_enc_opts:
88 * @data: tunnel option data
89 * @len: length of tunnel option data
90 * @dst_opt_type: tunnel option type
91 */
92struct flow_dissector_key_enc_opts {
93 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired
94 * here but seems difficult to #include
95 */
96 u8 len;
97 __be16 dst_opt_type;
98};
99
100struct flow_dissector_key_keyid {
101 __be32 keyid;
102};
103
104/**
105 * struct flow_dissector_key_ipv4_addrs:
106 * @src: source ip address
107 * @dst: destination ip address
108 */
109struct flow_dissector_key_ipv4_addrs {
110 /* (src,dst) must be grouped, in the same way than in IP header */
111 __be32 src;
112 __be32 dst;
113};
114
115/**
116 * struct flow_dissector_key_ipv6_addrs:
117 * @src: source ip address
118 * @dst: destination ip address
119 */
120struct flow_dissector_key_ipv6_addrs {
121 /* (src,dst) must be grouped, in the same way than in IP header */
122 struct in6_addr src;
123 struct in6_addr dst;
124};
125
126/**
127 * struct flow_dissector_key_tipc:
128 * @key: source node address combined with selector
129 */
130struct flow_dissector_key_tipc {
131 __be32 key;
132};
133
134/**
135 * struct flow_dissector_key_addrs:
136 * @v4addrs: IPv4 addresses
137 * @v6addrs: IPv6 addresses
138 */
139struct flow_dissector_key_addrs {
140 union {
141 struct flow_dissector_key_ipv4_addrs v4addrs;
142 struct flow_dissector_key_ipv6_addrs v6addrs;
143 struct flow_dissector_key_tipc tipckey;
144 };
145};
146
147/**
148 * flow_dissector_key_arp:
149 * @ports: Operation, source and target addresses for an ARP header
150 * for Ethernet hardware addresses and IPv4 protocol addresses
151 * sip: Sender IP address
152 * tip: Target IP address
153 * op: Operation
154 * sha: Sender hardware address
155 * tpa: Target hardware address
156 */
157struct flow_dissector_key_arp {
158 __u32 sip;
159 __u32 tip;
160 __u8 op;
161 unsigned char sha[ETH_ALEN];
162 unsigned char tha[ETH_ALEN];
163};
164
165/**
166 * flow_dissector_key_tp_ports:
167 * @ports: port numbers of Transport header
168 * src: source port number
169 * dst: destination port number
170 */
171struct flow_dissector_key_ports {
172 union {
173 __be32 ports;
174 struct {
175 __be16 src;
176 __be16 dst;
177 };
178 };
179};
180
181/**
182 * struct flow_dissector_key_ports_range
183 * @tp: port number from packet
184 * @tp_min: min port number in range
185 * @tp_max: max port number in range
186 */
187struct flow_dissector_key_ports_range {
188 union {
189 struct flow_dissector_key_ports tp;
190 struct {
191 struct flow_dissector_key_ports tp_min;
192 struct flow_dissector_key_ports tp_max;
193 };
194 };
195};
196
197/**
198 * flow_dissector_key_icmp:
199 * type: ICMP type
200 * code: ICMP code
201 * id: session identifier
202 */
203struct flow_dissector_key_icmp {
204 struct {
205 u8 type;
206 u8 code;
207 };
208 u16 id;
209};
210
211/**
212 * struct flow_dissector_key_eth_addrs:
213 * @src: source Ethernet address
214 * @dst: destination Ethernet address
215 */
216struct flow_dissector_key_eth_addrs {
217 /* (dst,src) must be grouped, in the same way than in ETH header */
218 unsigned char dst[ETH_ALEN];
219 unsigned char src[ETH_ALEN];
220};
221
222/**
223 * struct flow_dissector_key_tcp:
224 * @flags: flags
225 */
226struct flow_dissector_key_tcp {
227 __be16 flags;
228};
229
230/**
231 * struct flow_dissector_key_ip:
232 * @tos: tos
233 * @ttl: ttl
234 */
235struct flow_dissector_key_ip {
236 __u8 tos;
237 __u8 ttl;
238};
239
240/**
241 * struct flow_dissector_key_meta:
242 * @ingress_ifindex: ingress ifindex
243 * @ingress_iftype: ingress interface type
244 */
245struct flow_dissector_key_meta {
246 int ingress_ifindex;
247 u16 ingress_iftype;
248};
249
250/**
251 * struct flow_dissector_key_ct:
252 * @ct_state: conntrack state after converting with map
253 * @ct_mark: conttrack mark
254 * @ct_zone: conntrack zone
255 * @ct_labels: conntrack labels
256 */
257struct flow_dissector_key_ct {
258 u16 ct_state;
259 u16 ct_zone;
260 u32 ct_mark;
261 u32 ct_labels[4];
262};
263
264/**
265 * struct flow_dissector_key_hash:
266 * @hash: hash value
267 */
268struct flow_dissector_key_hash {
269 u32 hash;
270};
271
272/**
273 * struct flow_dissector_key_num_of_vlans:
274 * @num_of_vlans: num_of_vlans value
275 */
276struct flow_dissector_key_num_of_vlans {
277 u8 num_of_vlans;
278};
279
280/**
281 * struct flow_dissector_key_pppoe:
282 * @session_id: pppoe session id
283 * @ppp_proto: ppp protocol
284 * @type: pppoe eth type
285 */
286struct flow_dissector_key_pppoe {
287 __be16 session_id;
288 __be16 ppp_proto;
289 __be16 type;
290};
291
292/**
293 * struct flow_dissector_key_l2tpv3:
294 * @session_id: identifier for a l2tp session
295 */
296struct flow_dissector_key_l2tpv3 {
297 __be32 session_id;
298};
299
300enum flow_dissector_key_id {
301 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
302 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
303 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
304 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
305 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */
306 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */
307 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */
308 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */
309 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */
310 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */
311 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */
312 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */
313 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */
314 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */
315 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */
316 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
317 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
318 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */
319 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
320 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
321 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
322 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
323 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */
324 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */
325 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */
326 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */
327 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
328 FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
329 FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
330 FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
331 FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
332
333 FLOW_DISSECTOR_KEY_MAX,
334};
335
336#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0)
337#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1)
338#define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2)
339#define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3)
340
341struct flow_dissector_key {
342 enum flow_dissector_key_id key_id;
343 size_t offset; /* offset of struct flow_dissector_key_*
344 in target the struct */
345};
346
347struct flow_dissector {
348 unsigned int used_keys; /* each bit repesents presence of one key id */
349 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX];
350};
351
352struct flow_keys_basic {
353 struct flow_dissector_key_control control;
354 struct flow_dissector_key_basic basic;
355};
356
357struct flow_keys {
358 struct flow_dissector_key_control control;
359#define FLOW_KEYS_HASH_START_FIELD basic
360 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT);
361 struct flow_dissector_key_tags tags;
362 struct flow_dissector_key_vlan vlan;
363 struct flow_dissector_key_vlan cvlan;
364 struct flow_dissector_key_keyid keyid;
365 struct flow_dissector_key_ports ports;
366 struct flow_dissector_key_icmp icmp;
367 /* 'addrs' must be the last member */
368 struct flow_dissector_key_addrs addrs;
369};
370
371#define FLOW_KEYS_HASH_OFFSET \
372 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD)
373
374__be32 flow_get_u32_src(const struct flow_keys *flow);
375__be32 flow_get_u32_dst(const struct flow_keys *flow);
376
377extern struct flow_dissector flow_keys_dissector;
378extern struct flow_dissector flow_keys_basic_dissector;
379
380/* struct flow_keys_digest:
381 *
382 * This structure is used to hold a digest of the full flow keys. This is a
383 * larger "hash" of a flow to allow definitively matching specific flows where
384 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so
385 * that it can be used in CB of skb (see sch_choke for an example).
386 */
387#define FLOW_KEYS_DIGEST_LEN 16
388struct flow_keys_digest {
389 u8 data[FLOW_KEYS_DIGEST_LEN];
390};
391
392void make_flow_keys_digest(struct flow_keys_digest *digest,
393 const struct flow_keys *flow);
394
395static inline bool flow_keys_have_l4(const struct flow_keys *keys)
396{
397 return (keys->ports.ports || keys->tags.flow_label);
398}
399
400u32 flow_hash_from_keys(struct flow_keys *keys);
401void skb_flow_get_icmp_tci(const struct sk_buff *skb,
402 struct flow_dissector_key_icmp *key_icmp,
403 const void *data, int thoff, int hlen);
404
405static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector,
406 enum flow_dissector_key_id key_id)
407{
408 return flow_dissector->used_keys & (1 << key_id);
409}
410
411static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector,
412 enum flow_dissector_key_id key_id,
413 void *target_container)
414{
415 return ((char *)target_container) + flow_dissector->offset[key_id];
416}
417
418struct bpf_flow_dissector {
419 struct bpf_flow_keys *flow_keys;
420 const struct sk_buff *skb;
421 const void *data;
422 const void *data_end;
423};
424
425static inline void
426flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
427 struct flow_dissector_key_basic *key_basic)
428{
429 memset(key_control, 0, sizeof(*key_control));
430 memset(key_basic, 0, sizeof(*key_basic));
431}
432
433#ifdef CONFIG_BPF_SYSCALL
434int flow_dissector_bpf_prog_attach_check(struct net *net,
435 struct bpf_prog *prog);
436#endif /* CONFIG_BPF_SYSCALL */
437
438#endif