1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _NET_FLOW_DISSECTOR_H
3 #define _NET_FLOW_DISSECTOR_H
5 #include <linux/types.h>
7 #include <linux/siphash.h>
8 #include <linux/string.h>
9 #include <uapi/linux/if_ether.h>
10 #include <uapi/linux/pkt_cls.h>
17 * struct flow_dissector_key_control:
18 * @thoff: Transport header offset
19 * @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_*
21 * Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAG|ENCAPSULATION|F_*)
23 struct flow_dissector_key_control {
29 /* The control flags are kept in sync with TCA_FLOWER_KEY_FLAGS_*, as those
30 * flags are exposed to userspace in some error paths, ie. unsupported flags.
32 enum flow_dissector_ctrl_flags {
33 FLOW_DIS_IS_FRAGMENT = TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT,
34 FLOW_DIS_FIRST_FRAG = TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST,
35 FLOW_DIS_F_TUNNEL_CSUM = TCA_FLOWER_KEY_FLAGS_TUNNEL_CSUM,
36 FLOW_DIS_F_TUNNEL_DONT_FRAGMENT = TCA_FLOWER_KEY_FLAGS_TUNNEL_DONT_FRAGMENT,
37 FLOW_DIS_F_TUNNEL_OAM = TCA_FLOWER_KEY_FLAGS_TUNNEL_OAM,
38 FLOW_DIS_F_TUNNEL_CRIT_OPT = TCA_FLOWER_KEY_FLAGS_TUNNEL_CRIT_OPT,
40 /* These flags are internal to the kernel */
41 FLOW_DIS_ENCAPSULATION = (TCA_FLOWER_KEY_FLAGS_MAX << 1),
44 enum flow_dissect_ret {
45 FLOW_DISSECT_RET_OUT_GOOD,
46 FLOW_DISSECT_RET_OUT_BAD,
47 FLOW_DISSECT_RET_PROTO_AGAIN,
48 FLOW_DISSECT_RET_IPPROTO_AGAIN,
49 FLOW_DISSECT_RET_CONTINUE,
53 * struct flow_dissector_key_basic:
54 * @n_proto: Network header protocol (eg. IPv4/IPv6)
55 * @ip_proto: Transport header protocol (eg. TCP/UDP)
58 struct flow_dissector_key_basic {
64 struct flow_dissector_key_tags {
68 struct flow_dissector_key_vlan {
82 struct flow_dissector_mpls_lse {
89 #define FLOW_DIS_MPLS_MAX 7
90 struct flow_dissector_key_mpls {
91 struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; /* Label Stack */
92 u8 used_lses; /* One bit set for each Label Stack Entry in use */
95 static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls,
98 mpls->used_lses |= 1 << lse_index;
101 #define FLOW_DIS_TUN_OPTS_MAX 255
103 * struct flow_dissector_key_enc_opts:
104 * @data: tunnel option data
105 * @len: length of tunnel option data
106 * @dst_opt_type: tunnel option type
108 struct flow_dissector_key_enc_opts {
109 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired
110 * here but seems difficult to #include
116 struct flow_dissector_key_keyid {
121 * struct flow_dissector_key_ipv4_addrs:
122 * @src: source ip address
123 * @dst: destination ip address
125 struct flow_dissector_key_ipv4_addrs {
126 /* (src,dst) must be grouped, in the same way than in IP header */
132 * struct flow_dissector_key_ipv6_addrs:
133 * @src: source ip address
134 * @dst: destination ip address
136 struct flow_dissector_key_ipv6_addrs {
137 /* (src,dst) must be grouped, in the same way than in IP header */
143 * struct flow_dissector_key_tipc:
144 * @key: source node address combined with selector
146 struct flow_dissector_key_tipc {
151 * struct flow_dissector_key_addrs:
152 * @v4addrs: IPv4 addresses
153 * @v6addrs: IPv6 addresses
156 struct flow_dissector_key_addrs {
158 struct flow_dissector_key_ipv4_addrs v4addrs;
159 struct flow_dissector_key_ipv6_addrs v6addrs;
160 struct flow_dissector_key_tipc tipckey;
165 * struct flow_dissector_key_arp:
166 * @sip: Sender IP address
167 * @tip: Target IP address
169 * @sha: Sender hardware address
170 * @tha: Target hardware address
172 struct flow_dissector_key_arp {
176 unsigned char sha[ETH_ALEN];
177 unsigned char tha[ETH_ALEN];
181 * struct flow_dissector_key_ports:
182 * @ports: port numbers of Transport header
183 * @src: source port number
184 * @dst: destination port number
186 struct flow_dissector_key_ports {
197 * struct flow_dissector_key_ports_range
198 * @tp: port number from packet
199 * @tp_min: min port number in range
200 * @tp_max: max port number in range
202 struct flow_dissector_key_ports_range {
204 struct flow_dissector_key_ports tp;
206 struct flow_dissector_key_ports tp_min;
207 struct flow_dissector_key_ports tp_max;
213 * struct flow_dissector_key_icmp:
216 * @id: Session identifier
218 struct flow_dissector_key_icmp {
227 * struct flow_dissector_key_eth_addrs:
228 * @src: source Ethernet address
229 * @dst: destination Ethernet address
231 struct flow_dissector_key_eth_addrs {
232 /* (dst,src) must be grouped, in the same way than in ETH header */
233 unsigned char dst[ETH_ALEN];
234 unsigned char src[ETH_ALEN];
238 * struct flow_dissector_key_tcp:
241 struct flow_dissector_key_tcp {
246 * struct flow_dissector_key_ip:
250 struct flow_dissector_key_ip {
256 * struct flow_dissector_key_meta:
257 * @ingress_ifindex: ingress ifindex
258 * @ingress_iftype: ingress interface type
259 * @l2_miss: packet did not match an L2 entry during forwarding
261 struct flow_dissector_key_meta {
268 * struct flow_dissector_key_ct:
269 * @ct_state: conntrack state after converting with map
270 * @ct_mark: conttrack mark
271 * @ct_zone: conntrack zone
272 * @ct_labels: conntrack labels
274 struct flow_dissector_key_ct {
282 * struct flow_dissector_key_hash:
285 struct flow_dissector_key_hash {
290 * struct flow_dissector_key_num_of_vlans:
291 * @num_of_vlans: num_of_vlans value
293 struct flow_dissector_key_num_of_vlans {
298 * struct flow_dissector_key_pppoe:
299 * @session_id: pppoe session id
300 * @ppp_proto: ppp protocol
301 * @type: pppoe eth type
303 struct flow_dissector_key_pppoe {
310 * struct flow_dissector_key_l2tpv3:
311 * @session_id: identifier for a l2tp session
313 struct flow_dissector_key_l2tpv3 {
318 * struct flow_dissector_key_ipsec:
319 * @spi: identifier for a ipsec connection
321 struct flow_dissector_key_ipsec {
326 * struct flow_dissector_key_cfm
327 * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
328 * @opcode: code specifying a type of cfm protocol packet
330 * See 802.1ag, ITU-T G.8013/Y.1731
332 * |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|
333 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
334 * | mdl | version | opcode |
335 * +-----+---------+-+-+-+-+-+-+-+-+
337 struct flow_dissector_key_cfm {
342 #define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
343 #define FLOW_DIS_CFM_MDL_MAX 7
345 enum flow_dissector_key_id {
346 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
347 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
348 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
349 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
350 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */
351 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */
352 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */
353 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */
354 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */
355 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */
356 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */
357 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */
358 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */
359 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */
360 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */
361 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
362 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
363 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */
364 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
365 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
366 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
367 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
368 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */
369 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */
370 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */
371 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */
372 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
373 FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
374 FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
375 FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
376 FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
377 FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
378 FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
380 FLOW_DISSECTOR_KEY_MAX,
383 #define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0)
384 #define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1)
385 #define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2)
386 #define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3)
388 struct flow_dissector_key {
389 enum flow_dissector_key_id key_id;
390 size_t offset; /* offset of struct flow_dissector_key_*
391 in target the struct */
394 struct flow_dissector {
395 unsigned long long used_keys;
396 /* each bit represents presence of one key id */
397 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX];
400 struct flow_keys_basic {
401 struct flow_dissector_key_control control;
402 struct flow_dissector_key_basic basic;
406 struct flow_dissector_key_control control;
407 #define FLOW_KEYS_HASH_START_FIELD basic
408 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT);
409 struct flow_dissector_key_tags tags;
410 struct flow_dissector_key_vlan vlan;
411 struct flow_dissector_key_vlan cvlan;
412 struct flow_dissector_key_keyid keyid;
413 struct flow_dissector_key_ports ports;
414 struct flow_dissector_key_icmp icmp;
415 /* 'addrs' must be the last member */
416 struct flow_dissector_key_addrs addrs;
419 #define FLOW_KEYS_HASH_OFFSET \
420 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD)
422 __be32 flow_get_u32_src(const struct flow_keys *flow);
423 __be32 flow_get_u32_dst(const struct flow_keys *flow);
425 extern struct flow_dissector flow_keys_dissector;
426 extern struct flow_dissector flow_keys_basic_dissector;
428 /* struct flow_keys_digest:
430 * This structure is used to hold a digest of the full flow keys. This is a
431 * larger "hash" of a flow to allow definitively matching specific flows where
432 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so
433 * that it can be used in CB of skb (see sch_choke for an example).
435 #define FLOW_KEYS_DIGEST_LEN 16
436 struct flow_keys_digest {
437 u8 data[FLOW_KEYS_DIGEST_LEN];
440 void make_flow_keys_digest(struct flow_keys_digest *digest,
441 const struct flow_keys *flow);
443 static inline bool flow_keys_have_l4(const struct flow_keys *keys)
445 return (keys->ports.ports || keys->tags.flow_label);
448 u32 flow_hash_from_keys(struct flow_keys *keys);
449 u32 flow_hash_from_keys_seed(struct flow_keys *keys,
450 const siphash_key_t *keyval);
451 void skb_flow_get_icmp_tci(const struct sk_buff *skb,
452 struct flow_dissector_key_icmp *key_icmp,
453 const void *data, int thoff, int hlen);
455 static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector,
456 enum flow_dissector_key_id key_id)
458 return flow_dissector->used_keys & (1ULL << key_id);
461 static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector,
462 enum flow_dissector_key_id key_id,
463 void *target_container)
465 return ((char *)target_container) + flow_dissector->offset[key_id];
468 struct bpf_flow_dissector {
469 struct bpf_flow_keys *flow_keys;
470 const struct sk_buff *skb;
472 const void *data_end;
476 flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
477 struct flow_dissector_key_basic *key_basic)
479 memset(key_control, 0, sizeof(*key_control));
480 memset(key_basic, 0, sizeof(*key_basic));
483 #ifdef CONFIG_BPF_SYSCALL
484 int flow_dissector_bpf_prog_attach_check(struct net *net,
485 struct bpf_prog *prog);
486 #endif /* CONFIG_BPF_SYSCALL */
projects / J-linux.git / blob