flow_dissector.h source code [linux/include/net/flow_dissector.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	#ifndef _NET_FLOW_DISSECTOR_H
3	#define _NET_FLOW_DISSECTOR_H
4
5	#include <linux/types.h>
6	#include <linux/in6.h>
7	#include <linux/siphash.h>
8	#include <linux/string.h>
9	#include <uapi/linux/if_ether.h>
10
11	struct bpf_prog;
12	struct net;
13	struct sk_buff;
14
15	/**
16	* struct flow_dissector_key_control:
17	* @thoff: Transport header offset
18	* @addr_type: Type of key. One of FLOW_DISSECTOR_KEY_*
19	* @flags: Key flags. Any of FLOW_DIS_(IS_FRAGMENT\|FIRST_FRAGENCAPSULATION)
20	*/
21	struct flow_dissector_key_control {
22	u16 thoff;
23	u16 addr_type;
24	u32 flags;
25	};
26
27	#define FLOW_DIS_IS_FRAGMENT BIT(0)
28	#define FLOW_DIS_FIRST_FRAG BIT(1)
29	#define FLOW_DIS_ENCAPSULATION BIT(2)
30
31	enum flow_dissect_ret {
32	FLOW_DISSECT_RET_OUT_GOOD,
33	FLOW_DISSECT_RET_OUT_BAD,
34	FLOW_DISSECT_RET_PROTO_AGAIN,
35	FLOW_DISSECT_RET_IPPROTO_AGAIN,
36	FLOW_DISSECT_RET_CONTINUE,
37	};
38
39	/**
40	* struct flow_dissector_key_basic:
41	* @n_proto: Network header protocol (eg. IPv4/IPv6)
42	* @ip_proto: Transport header protocol (eg. TCP/UDP)
43	* @padding: Unused
44	*/
45	struct flow_dissector_key_basic {
46	__be16 n_proto;
47	u8 ip_proto;
48	u8 padding;
49	};
50
51	struct flow_dissector_key_tags {
52	u32 flow_label;
53	};
54
55	struct flow_dissector_key_vlan {
56	union {
57	struct {
58	u16 vlan_id:`12`,
59	vlan_dei:`1`,
60	vlan_priority:`3`;
61	};
62	__be16 vlan_tci;
63	};
64	__be16 vlan_tpid;
65	__be16 vlan_eth_type;
66	u16 padding;
67	};
68
69	struct flow_dissector_mpls_lse {
70	u32 mpls_ttl:`8`,
71	mpls_bos:`1`,
72	mpls_tc:`3`,
73	mpls_label:`20`;
74	};
75
76	#define FLOW_DIS_MPLS_MAX 7
77	struct flow_dissector_key_mpls {
78	struct flow_dissector_mpls_lse ls[FLOW_DIS_MPLS_MAX]; / Label Stack /
79	u8 used_lses; / One bit set for each Label Stack Entry in use /
80	};
81
82	static inline void dissector_set_mpls_lse(struct flow_dissector_key_mpls *mpls,
83	int lse_index)
84	{
85	mpls->used_lses \|= `1` << lse_index;
86	}
87
88	#define FLOW_DIS_TUN_OPTS_MAX 255
89	/**
90	* struct flow_dissector_key_enc_opts:
91	* @data: tunnel option data
92	* @len: length of tunnel option data
93	* @dst_opt_type: tunnel option type
94	*/
95	struct flow_dissector_key_enc_opts {
96	u8 data[FLOW_DIS_TUN_OPTS_MAX]; / Using IP_TUNNEL_OPTS_MAX is desired*
97	* here but seems difficult to #include
98	*/
99	u8 len;
100	__be16 dst_opt_type;
101	};
102
103	struct flow_dissector_key_keyid {
104	__be32 keyid;
105	};
106
107	/**
108	* struct flow_dissector_key_ipv4_addrs:
109	* @src: source ip address
110	* @dst: destination ip address
111	*/
112	struct flow_dissector_key_ipv4_addrs {
113	/ (src,dst) must be grouped, in the same way than in IP header /
114	__be32 src;
115	__be32 dst;
116	};
117
118	/**
119	* struct flow_dissector_key_ipv6_addrs:
120	* @src: source ip address
121	* @dst: destination ip address
122	*/
123	struct flow_dissector_key_ipv6_addrs {
124	/ (src,dst) must be grouped, in the same way than in IP header /
125	struct in6_addr src;
126	struct in6_addr dst;
127	};
128
129	/**
130	* struct flow_dissector_key_tipc:
131	* @key: source node address combined with selector
132	*/
133	struct flow_dissector_key_tipc {
134	__be32 key;
135	};
136
137	/**
138	* struct flow_dissector_key_addrs:
139	* @v4addrs: IPv4 addresses
140	* @v6addrs: IPv6 addresses
141	* @tipckey: TIPC key
142	*/
143	struct flow_dissector_key_addrs {
144	union {
145	struct flow_dissector_key_ipv4_addrs v4addrs;
146	struct flow_dissector_key_ipv6_addrs v6addrs;
147	struct flow_dissector_key_tipc tipckey;
148	};
149	};
150
151	/**
152	* struct flow_dissector_key_arp:
153	* @sip: Sender IP address
154	* @tip: Target IP address
155	* @op: Operation
156	* @sha: Sender hardware address
157	* @tha: Target hardware address
158	*/
159	struct flow_dissector_key_arp {
160	__u32 sip;
161	__u32 tip;
162	__u8 op;
163	unsigned char sha[ETH_ALEN];
164	unsigned char tha[ETH_ALEN];
165	};
166
167	/**
168	* struct flow_dissector_key_ports:
169	* @ports: port numbers of Transport header
170	* @src: source port number
171	* @dst: destination port number
172	*/
173	struct flow_dissector_key_ports {
174	union {
175	__be32 ports;
176	struct {
177	__be16 src;
178	__be16 dst;
179	};
180	};
181	};
182
183	/**
184	* struct flow_dissector_key_ports_range
185	* @tp: port number from packet
186	* @tp_min: min port number in range
187	* @tp_max: max port number in range
188	*/
189	struct flow_dissector_key_ports_range {
190	union {
191	struct flow_dissector_key_ports tp;
192	struct {
193	struct flow_dissector_key_ports tp_min;
194	struct flow_dissector_key_ports tp_max;
195	};
196	};
197	};
198
199	/**
200	* struct flow_dissector_key_icmp:
201	* @type: ICMP type
202	* @code: ICMP code
203	* @id: Session identifier
204	*/
205	struct flow_dissector_key_icmp {
206	struct {
207	u8 type;
208	u8 code;
209	};
210	u16 id;
211	};
212
213	/**
214	* struct flow_dissector_key_eth_addrs:
215	* @src: source Ethernet address
216	* @dst: destination Ethernet address
217	*/
218	struct flow_dissector_key_eth_addrs {
219	/ (dst,src) must be grouped, in the same way than in ETH header /
220	unsigned char dst[ETH_ALEN];
221	unsigned char src[ETH_ALEN];
222	};
223
224	/**
225	* struct flow_dissector_key_tcp:
226	* @flags: flags
227	*/
228	struct flow_dissector_key_tcp {
229	__be16 flags;
230	};
231
232	/**
233	* struct flow_dissector_key_ip:
234	* @tos: tos
235	* @ttl: ttl
236	*/
237	struct flow_dissector_key_ip {
238	__u8 tos;
239	__u8 ttl;
240	};
241
242	/**
243	* struct flow_dissector_key_meta:
244	* @ingress_ifindex: ingress ifindex
245	* @ingress_iftype: ingress interface type
246	* @l2_miss: packet did not match an L2 entry during forwarding
247	*/
248	struct flow_dissector_key_meta {
249	int ingress_ifindex;
250	u16 ingress_iftype;
251	u8 l2_miss;
252	};
253
254	/**
255	* struct flow_dissector_key_ct:
256	* @ct_state: conntrack state after converting with map
257	* @ct_mark: conttrack mark
258	* @ct_zone: conntrack zone
259	* @ct_labels: conntrack labels
260	*/
261	struct flow_dissector_key_ct {
262	u16 ct_state;
263	u16 ct_zone;
264	u32 ct_mark;
265	u32 ct_labels[`4`];
266	};
267
268	/**
269	* struct flow_dissector_key_hash:
270	* @hash: hash value
271	*/
272	struct flow_dissector_key_hash {
273	u32 hash;
274	};
275
276	/**
277	* struct flow_dissector_key_num_of_vlans:
278	* @num_of_vlans: num_of_vlans value
279	*/
280	struct flow_dissector_key_num_of_vlans {
281	u8 num_of_vlans;
282	};
283
284	/**
285	* struct flow_dissector_key_pppoe:
286	* @session_id: pppoe session id
287	* @ppp_proto: ppp protocol
288	* @type: pppoe eth type
289	*/
290	struct flow_dissector_key_pppoe {
291	__be16 session_id;
292	__be16 ppp_proto;
293	__be16 type;
294	};
295
296	/**
297	* struct flow_dissector_key_l2tpv3:
298	* @session_id: identifier for a l2tp session
299	*/
300	struct flow_dissector_key_l2tpv3 {
301	__be32 session_id;
302	};
303
304	/**
305	* struct flow_dissector_key_ipsec:
306	* @spi: identifier for a ipsec connection
307	*/
308	struct flow_dissector_key_ipsec {
309	__be32 spi;
310	};
311
312	/**
313	* struct flow_dissector_key_cfm
314	* @mdl_ver: maintenance domain level (mdl) and cfm protocol version
315	* @opcode: code specifying a type of cfm protocol packet
316	*
317	* See 802.1ag, ITU-T G.8013/Y.1731
318	* 1 2
319	* \|7 6 5 4 3 2 1 0\|7 6 5 4 3 2 1 0\|
320	* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
321	* \| mdl \| version \| opcode \|
322	* +-----+---------+-+-+-+-+-+-+-+-+
323	*/
324	struct flow_dissector_key_cfm {
325	u8 mdl_ver;
326	u8 opcode;
327	};
328
329	#define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
330	#define FLOW_DIS_CFM_MDL_MAX 7
331
332	enum flow_dissector_key_id {
333	FLOW_DISSECTOR_KEY_CONTROL, / struct flow_dissector_key_control /
334	FLOW_DISSECTOR_KEY_BASIC, / struct flow_dissector_key_basic /
335	FLOW_DISSECTOR_KEY_IPV4_ADDRS, / struct flow_dissector_key_ipv4_addrs /
336	FLOW_DISSECTOR_KEY_IPV6_ADDRS, / struct flow_dissector_key_ipv6_addrs /
337	FLOW_DISSECTOR_KEY_PORTS, / struct flow_dissector_key_ports /
338	FLOW_DISSECTOR_KEY_PORTS_RANGE, / struct flow_dissector_key_ports /
339	FLOW_DISSECTOR_KEY_ICMP, / struct flow_dissector_key_icmp /
340	FLOW_DISSECTOR_KEY_ETH_ADDRS, / struct flow_dissector_key_eth_addrs /
341	FLOW_DISSECTOR_KEY_TIPC, / struct flow_dissector_key_tipc /
342	FLOW_DISSECTOR_KEY_ARP, / struct flow_dissector_key_arp /
343	FLOW_DISSECTOR_KEY_VLAN, / struct flow_dissector_key_vlan /
344	FLOW_DISSECTOR_KEY_FLOW_LABEL, / struct flow_dissector_key_tags /
345	FLOW_DISSECTOR_KEY_GRE_KEYID, / struct flow_dissector_key_keyid /
346	FLOW_DISSECTOR_KEY_MPLS_ENTROPY, / struct flow_dissector_key_keyid /
347	FLOW_DISSECTOR_KEY_ENC_KEYID, / struct flow_dissector_key_keyid /
348	FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, / struct flow_dissector_key_ipv4_addrs /
349	FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, / struct flow_dissector_key_ipv6_addrs /
350	FLOW_DISSECTOR_KEY_ENC_CONTROL, / struct flow_dissector_key_control /
351	FLOW_DISSECTOR_KEY_ENC_PORTS, / struct flow_dissector_key_ports /
352	FLOW_DISSECTOR_KEY_MPLS, / struct flow_dissector_key_mpls /
353	FLOW_DISSECTOR_KEY_TCP, / struct flow_dissector_key_tcp /
354	FLOW_DISSECTOR_KEY_IP, / struct flow_dissector_key_ip /
355	FLOW_DISSECTOR_KEY_CVLAN, / struct flow_dissector_key_vlan /
356	FLOW_DISSECTOR_KEY_ENC_IP, / struct flow_dissector_key_ip /
357	FLOW_DISSECTOR_KEY_ENC_OPTS, / struct flow_dissector_key_enc_opts /
358	FLOW_DISSECTOR_KEY_META, / struct flow_dissector_key_meta /
359	FLOW_DISSECTOR_KEY_CT, / struct flow_dissector_key_ct /
360	FLOW_DISSECTOR_KEY_HASH, / struct flow_dissector_key_hash /
361	FLOW_DISSECTOR_KEY_NUM_OF_VLANS, / struct flow_dissector_key_num_of_vlans /
362	FLOW_DISSECTOR_KEY_PPPOE, / struct flow_dissector_key_pppoe /
363	FLOW_DISSECTOR_KEY_L2TPV3, / struct flow_dissector_key_l2tpv3 /
364	FLOW_DISSECTOR_KEY_CFM, / struct flow_dissector_key_cfm /
365	FLOW_DISSECTOR_KEY_IPSEC, / struct flow_dissector_key_ipsec /
366
367	FLOW_DISSECTOR_KEY_MAX,
368	};
369
370	#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0)
371	#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1)
372	#define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2)
373	#define FLOW_DISSECTOR_F_STOP_BEFORE_ENCAP BIT(3)
374
375	struct flow_dissector_key {
376	enum flow_dissector_key_id key_id;
377	size_t offset; /* offset of struct flow_dissector_key_*
378	in target the struct /*
379	};
380
381	struct flow_dissector {
382	unsigned long long used_keys;
383	/ each bit represents presence of one key id /
384	unsigned short int offset[FLOW_DISSECTOR_KEY_MAX];
385	};
386
387	struct flow_keys_basic {
388	struct flow_dissector_key_control control;
389	struct flow_dissector_key_basic basic;
390	};
391
392	struct flow_keys {
393	struct flow_dissector_key_control control;
394	#define FLOW_KEYS_HASH_START_FIELD basic
395	struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT);
396	struct flow_dissector_key_tags tags;
397	struct flow_dissector_key_vlan vlan;
398	struct flow_dissector_key_vlan cvlan;
399	struct flow_dissector_key_keyid keyid;
400	struct flow_dissector_key_ports ports;
401	struct flow_dissector_key_icmp icmp;
402	/ 'addrs' must be the last member /
403	struct flow_dissector_key_addrs addrs;
404	};
405
406	#define FLOW_KEYS_HASH_OFFSET \
407	offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD)
408
409	__be32 flow_get_u32_src(const struct flow_keys *flow);
410	__be32 flow_get_u32_dst(const struct flow_keys *flow);
411
412	extern struct flow_dissector flow_keys_dissector;
413	extern struct flow_dissector flow_keys_basic_dissector;
414
415	/ struct flow_keys_digest:*
416	*
417	* This structure is used to hold a digest of the full flow keys. This is a
418	* larger "hash" of a flow to allow definitively matching specific flows where
419	* the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so
420	* that it can be used in CB of skb (see sch_choke for an example).
421	*/
422	#define FLOW_KEYS_DIGEST_LEN 16
423	struct flow_keys_digest {
424	u8 data[FLOW_KEYS_DIGEST_LEN];
425	};
426
427	void make_flow_keys_digest(struct flow_keys_digest *digest,
428	const struct flow_keys *flow);
429
430	static inline bool flow_keys_have_l4(const struct flow_keys *keys)
431	{
432	return (keys->ports.ports \|\| keys->tags.flow_label);
433	}
434
435	u32 flow_hash_from_keys(struct flow_keys *keys);
436	void skb_flow_get_icmp_tci(const struct sk_buff *skb,
437	struct flow_dissector_key_icmp *key_icmp,
438	const void data, int* thoff, int hlen);
439
440	static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector,
441	enum flow_dissector_key_id key_id)
442	{
443	return flow_dissector->used_keys & (`1ULL` << key_id);
444	}
445
446	static inline void skb_flow_dissector_target(struct* flow_dissector *flow_dissector,
447	enum flow_dissector_key_id key_id,
448	void *target_container)
449	{
450	return ((char *)target_container) + flow_dissector->offset[key_id];
451	}
452
453	struct bpf_flow_dissector {
454	struct bpf_flow_keys *flow_keys;
455	const struct sk_buff *skb;
456	const void *data;
457	const void *data_end;
458	};
459
460	static inline void
461	flow_dissector_init_keys(struct flow_dissector_key_control *key_control,
462	struct flow_dissector_key_basic *key_basic)
463	{
464	memset(key_control, `0`, sizeof(*key_control));
465	memset(key_basic, `0`, sizeof(*key_basic));
466	}
467
468	#ifdef CONFIG_BPF_SYSCALL
469	int flow_dissector_bpf_prog_attach_check(struct net *net,
470	struct bpf_prog *prog);
471	#endif /* CONFIG_BPF_SYSCALL */
472
473	#endif
474

source code of linux/include/net/flow_dissector.h