1/* SPDX-License-Identifier: GPL-2.0 */
2#ifndef _NET_FLOW_DISSECTOR_H
3#define _NET_FLOW_DISSECTOR_H
4
5#include <linux/types.h>
6#include <linux/in6.h>
7#include <linux/siphash.h>
8#include <linux/string.h>
9#include <uapi/linux/if_ether.h>
10
11struct bpf_prog;
12struct net;
13struct sk_buff;
14
15/**
16 * struct flow_dissector_key_control:
17 * @thoff: Transport header offset
18 * @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_*
19 * @flags: Key flags. Any of FLOW_DIS_(IS_FRAGMENT|FIRST_FRAGENCAPSULATION)
20 */
21struct flow_dissector_key_control {
22 u16 thoff;
23 u16 addr_type;
24 u32 flags;
25};
26
27#define FLOW_DIS_IS_FRAGMENT BIT(0)
28#define FLOW_DIS_FIRST_FRAG BIT(1)
29#define FLOW_DIS_ENCAPSULATION BIT(2)
30
31enum flow_dissect_ret {
32 FLOW_DISSECT_RET_OUT_GOOD,
33 FLOW_DISSECT_RET_OUT_BAD,
34 FLOW_DISSECT_RET_PROTO_AGAIN,
35 FLOW_DISSECT_RET_IPPROTO_AGAIN,
36 FLOW_DISSECT_RET_CONTINUE,
37};
38
39/**
40 * struct flow_dissector_key_basic:
41 * @n_proto: Network header protocol (eg. IPv4/IPv6)
42 * @ip_proto: Transport header protocol (eg. TCP/UDP)
43 * @padding: Unused
44 */
45struct flow_dissector_key_basic {
46 __be16 n_proto;
47 u8 ip_proto;
48 u8 padding;
49};
50
51struct flow_dissector_key_tags {
52 u32 flow_label;
53};
54
55struct flow_dissector_key_vlan {
56 union {
57 struct {
58 u16 vlan_id:12,
59 vlan_dei:1,
60 vlan_priority:3;
61 };
62 __be16 vlan_tci;
63 };
64 __be16 vlan_tpid;
65 __be16 vlan_eth_type;
66 u16 padding;
67};
68
69struct flow_dissector_mpls_lse {
70 u32 mpls_ttl:8,
71 mpls_bos:1,
72 mpls_tc:3,
73 mpls_label:20;
74};
75
76#define FLOW_DIS_MPLS_MAX 7
77struct flow_dissector_key_mpls {
78 struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; /* Label Stack */
79 u8 used_lses; /* One bit set for each Label Stack Entry in use */
80};
81
82static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls,
83 int lse_index)
84{
85 mpls->used_lses |= 1 << lse_index;
86}
87
88#define FLOW_DIS_TUN_OPTS_MAX 255
89/**
90 * struct flow_dissector_key_enc_opts:
91 * @data: tunnel option data
92 * @len: length of tunnel option data
93 * @dst_opt_type: tunnel option type
94 */
95struct flow_dissector_key_enc_opts {
96 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired
97 * here but seems difficult to #include
98 */
99 u8 len;
100 __be16 dst_opt_type;
101};
102
103struct flow_dissector_key_keyid {
104 __be32 keyid;
105};
106
107/**
108 * struct flow_dissector_key_ipv4_addrs:
109 * @src: source ip address
110 * @dst: destination ip address
111 */
112struct flow_dissector_key_ipv4_addrs {
113 /* (src,dst) must be grouped, in the same way than in IP header */
114 __be32 src;
115 __be32 dst;
116};
117
118/**
119 * struct flow_dissector_key_ipv6_addrs:
120 * @src: source ip address
121 * @dst: destination ip address
122 */
123struct flow_dissector_key_ipv6_addrs {
124 /* (src,dst) must be grouped, in the same way than in IP header */
125 struct in6_addr src;
126 struct in6_addr dst;
127};
128
129/**
130 * struct flow_dissector_key_tipc:
131 * @key: source node address combined with selector
132 */
133struct flow_dissector_key_tipc {
134 __be32 key;
135};
136
137/**
138 * struct flow_dissector_key_addrs:
139 * @v4addrs: IPv4 addresses
140 * @v6addrs: IPv6 addresses
141 * @tipckey: TIPC key
142 */
143struct flow_dissector_key_addrs {
144 union {
145 struct flow_dissector_key_ipv4_addrs v4addrs;
146 struct flow_dissector_key_ipv6_addrs v6addrs;
147 struct flow_dissector_key_tipc tipckey;
148 };
149};
150
151/**
152 * struct flow_dissector_key_arp:
153 * @sip: Sender IP address
154 * @tip: Target IP address
155 * @op: Operation
156 * @sha: Sender hardware address
157 * @tha: Target hardware address
158 */
159struct flow_dissector_key_arp {
160 __u32 sip;
161 __u32 tip;
162 __u8 op;
163 unsigned char sha[ETH_ALEN];
164 unsigned char tha[ETH_ALEN];
165};
166
167/**
168 * struct flow_dissector_key_ports:
169 * @ports: port numbers of Transport header
170 * @src: source port number
171 * @dst: destination port number
172 */
173struct flow_dissector_key_ports {
174 union {
175 __be32 ports;
176 struct {
177 __be16 src;
178 __be16 dst;
179 };
180 };
181};
182
183/**
184 * struct flow_dissector_key_ports_range
185 * @tp: port number from packet
186 * @tp_min: min port number in range
187 * @tp_max: max port number in range
188 */
189struct flow_dissector_key_ports_range {
190 union {
191 struct flow_dissector_key_ports tp;
192 struct {
193 struct flow_dissector_key_ports tp_min;
194 struct flow_dissector_key_ports tp_max;
195 };
196 };
197};
198
199/**
200 * struct flow_dissector_key_icmp:
201 * @type: ICMP type
202 * @code: ICMP code
203 * @id: Session identifier
204 */
205struct flow_dissector_key_icmp {
206 struct {
207 u8 type;
208 u8 code;
209 };
210 u16 id;
211};
212
213/**
214 * struct flow_dissector_key_eth_addrs:
215 * @src: source Ethernet address
216 * @dst: destination Ethernet address
217 */
218struct flow_dissector_key_eth_addrs {
219 /* (dst,src) must be grouped, in the same way than in ETH header */
220 unsigned char dst[ETH_ALEN];
221 unsigned char src[ETH_ALEN];
222};
223
224/**
225 * struct flow_dissector_key_tcp:
226 * @flags: flags
227 */
228struct flow_dissector_key_tcp {
229 __be16 flags;
230};
231
232/**
233 * struct flow_dissector_key_ip:
234 * @tos: tos
235 * @ttl: ttl
236 */
237struct flow_dissector_key_ip {
238 __u8 tos;
239 __u8 ttl;
240};
241
242/**
243 * struct flow_dissector_key_meta:
244 * @ingress_ifindex: ingress ifindex
245 * @ingress_iftype: ingress interface type
246 * @l2_miss: packet did not match an L2 entry during forwarding
247 */
248struct flow_dissector_key_meta {
249 int ingress_ifindex;
250 u16 ingress_iftype;
251 u8 l2_miss;
252};
253
254/**
255 * struct flow_dissector_key_ct:
256 * @ct_state: conntrack state after converting with map
257 * @ct_mark: conttrack mark
258 * @ct_zone: conntrack zone
259 * @ct_labels: conntrack labels
260 */
261struct flow_dissector_key_ct {
262 u16 ct_state;
263 u16 ct_zone;
264 u32 ct_mark;
265 u32 ct_labels[4];
266};
267
268/**
269 * struct flow_dissector_key_hash:
270 * @hash: hash value
271 */
272struct flow_dissector_key_hash {
273 u32 hash;
274};
275
276/**
277 * struct flow_dissector_key_num_of_vlans:
278 * @num_of_vlans: num_of_vlans value
279 */
280struct flow_dissector_key_num_of_vlans {
281 u8 num_of_vlans;
282};
283
284/**
285 * struct flow_dissector_key_pppoe:
286 * @session_id: pppoe session id
287 * @ppp_proto: ppp protocol
288 * @type: pppoe eth type
289 */
290struct flow_dissector_key_pppoe {
291 __be16 session_id;
292 __be16 ppp_proto;
293 __be16 type;
294};
295
296/**
297 * struct flow_dissector_key_l2tpv3:
298 * @session_id: identifier for a l2tp session
299 */
300struct flow_dissector_key_l2tpv3 {
301 __be32 session_id;
302};
303
304/**
305 * struct flow_dissector_key_ipsec:
306 * @spi: identifier for a ipsec connection
307 */
308struct flow_dissector_key_ipsec {
309 __be32 spi;
310};
311
312/**
313 * struct flow_dissector_key_cfm
314 * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
315 * @opcode: code specifying a type of cfm protocol packet
316 *
317 * See 802.1ag, ITU-T G.8013/Y.1731
318 * 1 2
319 * |7 6 5 4 3 2 1 0|7 6 5 4 3 2 1 0|
320 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
321 * | mdl | version | opcode |
322 * +-----+---------+-+-+-+-+-+-+-+-+
323 */
324struct flow_dissector_key_cfm {
325 u8 mdl_ver;
326 u8 opcode;
327};
328
329#define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
330#define FLOW_DIS_CFM_MDL_MAX 7
331
332enum flow_dissector_key_id {
333 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
334 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
335 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
336 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
337 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */
338 FLOW_DISSECTOR_KEY_PORTS_RANGE, /* struct flow_dissector_key_ports */
339 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */
340 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */
341 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */
342 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */
343 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */
344 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */
345 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */
346 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */
347 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */
348 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */
349 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */
350 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */
351 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */
352 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */
353 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */
354 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */
355 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */
356 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */
357 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */
358 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */
359 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
360 FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
361 FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
362 FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
363 FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
364 FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
365 FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
366
367 FLOW_DISSECTOR_KEY_MAX,
368};
369
370#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0)
371#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1)
372#define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2)
373#define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3)
374
375struct flow_dissector_key {
376 enum flow_dissector_key_id key_id;
377 size_t offset; /* offset of struct flow_dissector_key_*
378 in target the struct */
379};
380
381struct flow_dissector {
382 unsigned long long used_keys;
383 /* each bit represents presence of one key id */
384 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX];
385};
386
387struct flow_keys_basic {
388 struct flow_dissector_key_control control;
389 struct flow_dissector_key_basic basic;
390};
391
392struct flow_keys {
393 struct flow_dissector_key_control control;
394#define FLOW_KEYS_HASH_START_FIELD basic
395 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT);
396 struct flow_dissector_key_tags tags;
397 struct flow_dissector_key_vlan vlan;
398 struct flow_dissector_key_vlan cvlan;
399 struct flow_dissector_key_keyid keyid;
400 struct flow_dissector_key_ports ports;
401 struct flow_dissector_key_icmp icmp;
402 /* 'addrs' must be the last member */
403 struct flow_dissector_key_addrs addrs;
404};
405
406#define FLOW_KEYS_HASH_OFFSET \
407 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD)
408
409__be32 flow_get_u32_src(const struct flow_keys *flow);
410__be32 flow_get_u32_dst(const struct flow_keys *flow);
411
412extern struct flow_dissector flow_keys_dissector;
413extern struct flow_dissector flow_keys_basic_dissector;
414
415/* struct flow_keys_digest:
416 *
417 * This structure is used to hold a digest of the full flow keys. This is a
418 * larger "hash" of a flow to allow definitively matching specific flows where
419 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so
420 * that it can be used in CB of skb (see sch_choke for an example).
421 */
422#define FLOW_KEYS_DIGEST_LEN 16
423struct flow_keys_digest {
424 u8 data[FLOW_KEYS_DIGEST_LEN];
425};
426
427void make_flow_keys_digest(struct flow_keys_digest *digest,
428 const struct flow_keys *flow);
429
430static inline bool flow_keys_have_l4(const struct flow_keys *keys)
431{
432 return (keys->ports.ports || keys->tags.flow_label);
433}
434
435u32 flow_hash_from_keys(struct flow_keys *keys);
436void skb_flow_get_icmp_tci(const struct sk_buff *skb,
437 struct flow_dissector_key_icmp *key_icmp,
438 const void *data, int thoff, int hlen);
439
440static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector,
441 enum flow_dissector_key_id key_id)
442{
443 return flow_dissector->used_keys & (1ULL << key_id);
444}
445
446static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector,
447 enum flow_dissector_key_id key_id,
448 void *target_container)
449{
450 return ((char *)target_container) + flow_dissector->offset[key_id];
451}
452
453struct bpf_flow_dissector {
454 struct bpf_flow_keys *flow_keys;
455 const struct sk_buff *skb;
456 const void *data;
457 const void *data_end;
458};
459
460static inline void
461flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
462 struct flow_dissector_key_basic *key_basic)
463{
464 memset(key_control, 0, sizeof(*key_control));
465 memset(key_basic, 0, sizeof(*key_basic));
466}
467
468#ifdef CONFIG_BPF_SYSCALL
469int flow_dissector_bpf_prog_attach_check(struct net *net,
470 struct bpf_prog *prog);
471#endif /* CONFIG_BPF_SYSCALL */
472
473#endif
474

source code of linux/include/net/flow_dissector.h