1 #include <linux/kernel.h>
2 #include <linux/skbuff.h>
3 #include <linux/export.h>
5 #include <linux/ipv6.h>
6 #include <linux/if_vlan.h>
11 #include <linux/igmp.h>
12 #include <linux/icmp.h>
13 #include <linux/sctp.h>
14 #include <linux/dccp.h>
15 #include <linux/if_tunnel.h>
16 #include <linux/if_pppox.h>
17 #include <linux/ppp_defs.h>
18 #include <linux/stddef.h>
19 #include <linux/if_ether.h>
20 #include <linux/mpls.h>
21 #include <net/flow_dissector.h>
22 #include <scsi/fc/fc_fcoe.h>
24 static void dissector_set_key(struct flow_dissector *flow_dissector,
25 enum flow_dissector_key_id key_id)
27 flow_dissector->used_keys |= (1 << key_id);
30 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
31 const struct flow_dissector_key *key,
32 unsigned int key_count)
36 memset(flow_dissector, 0, sizeof(*flow_dissector));
38 for (i = 0; i < key_count; i++, key++) {
39 /* User should make sure that every key target offset is withing
40 * boundaries of unsigned short.
42 BUG_ON(key->offset > USHRT_MAX);
43 BUG_ON(dissector_uses_key(flow_dissector,
46 dissector_set_key(flow_dissector, key->key_id);
47 flow_dissector->offset[key->key_id] = key->offset;
50 /* Ensure that the dissector always includes control and basic key.
51 * That way we are able to avoid handling lack of these in fast path.
53 BUG_ON(!dissector_uses_key(flow_dissector,
54 FLOW_DISSECTOR_KEY_CONTROL));
55 BUG_ON(!dissector_uses_key(flow_dissector,
56 FLOW_DISSECTOR_KEY_BASIC));
58 EXPORT_SYMBOL(skb_flow_dissector_init);
61 * skb_flow_get_be16 - extract be16 entity
62 * @skb: sk_buff to extract from
63 * @poff: offset to extract at
64 * @data: raw buffer pointer to the packet
65 * @hlen: packet header length
67 * The function will try to retrieve a be32 entity at
70 static __be16 skb_flow_get_be16(const struct sk_buff *skb, int poff,
75 u = __skb_header_pointer(skb, poff, sizeof(_u), data, hlen, &_u);
83 * __skb_flow_get_ports - extract the upper layer ports and return them
84 * @skb: sk_buff to extract the ports from
85 * @thoff: transport header offset
86 * @ip_proto: protocol for which to get port offset
87 * @data: raw buffer pointer to the packet, if NULL use skb->data
88 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
90 * The function will try to retrieve the ports at offset thoff + poff where poff
91 * is the protocol port offset returned from proto_ports_offset
93 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
96 int poff = proto_ports_offset(ip_proto);
100 hlen = skb_headlen(skb);
104 __be32 *ports, _ports;
106 ports = __skb_header_pointer(skb, thoff + poff,
107 sizeof(_ports), data, hlen, &_ports);
114 EXPORT_SYMBOL(__skb_flow_get_ports);
116 enum flow_dissect_ret {
117 FLOW_DISSECT_RET_OUT_GOOD,
118 FLOW_DISSECT_RET_OUT_BAD,
119 FLOW_DISSECT_RET_OUT_PROTO_AGAIN,
122 static enum flow_dissect_ret
123 __skb_flow_dissect_mpls(const struct sk_buff *skb,
124 struct flow_dissector *flow_dissector,
125 void *target_container, void *data, int nhoff, int hlen)
127 struct flow_dissector_key_keyid *key_keyid;
128 struct mpls_label *hdr, _hdr[2];
130 if (!dissector_uses_key(flow_dissector,
131 FLOW_DISSECTOR_KEY_MPLS_ENTROPY))
132 return FLOW_DISSECT_RET_OUT_GOOD;
134 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
137 return FLOW_DISSECT_RET_OUT_BAD;
139 if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >>
140 MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) {
141 key_keyid = skb_flow_dissector_target(flow_dissector,
142 FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
144 key_keyid->keyid = hdr[1].entry & htonl(MPLS_LS_LABEL_MASK);
146 return FLOW_DISSECT_RET_OUT_GOOD;
149 static enum flow_dissect_ret
150 __skb_flow_dissect_arp(const struct sk_buff *skb,
151 struct flow_dissector *flow_dissector,
152 void *target_container, void *data, int nhoff, int hlen)
154 struct flow_dissector_key_arp *key_arp;
156 unsigned char ar_sha[ETH_ALEN];
157 unsigned char ar_sip[4];
158 unsigned char ar_tha[ETH_ALEN];
159 unsigned char ar_tip[4];
160 } *arp_eth, _arp_eth;
161 const struct arphdr *arp;
164 if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ARP))
165 return FLOW_DISSECT_RET_OUT_GOOD;
167 arp = __skb_header_pointer(skb, nhoff, sizeof(_arp), data,
170 return FLOW_DISSECT_RET_OUT_BAD;
172 if (arp->ar_hrd != htons(ARPHRD_ETHER) ||
173 arp->ar_pro != htons(ETH_P_IP) ||
174 arp->ar_hln != ETH_ALEN ||
176 (arp->ar_op != htons(ARPOP_REPLY) &&
177 arp->ar_op != htons(ARPOP_REQUEST)))
178 return FLOW_DISSECT_RET_OUT_BAD;
180 arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
181 sizeof(_arp_eth), data,
184 return FLOW_DISSECT_RET_OUT_BAD;
186 key_arp = skb_flow_dissector_target(flow_dissector,
187 FLOW_DISSECTOR_KEY_ARP,
190 memcpy(&key_arp->sip, arp_eth->ar_sip, sizeof(key_arp->sip));
191 memcpy(&key_arp->tip, arp_eth->ar_tip, sizeof(key_arp->tip));
193 /* Only store the lower byte of the opcode;
194 * this covers ARPOP_REPLY and ARPOP_REQUEST.
196 key_arp->op = ntohs(arp->ar_op) & 0xff;
198 ether_addr_copy(key_arp->sha, arp_eth->ar_sha);
199 ether_addr_copy(key_arp->tha, arp_eth->ar_tha);
201 return FLOW_DISSECT_RET_OUT_GOOD;
204 static enum flow_dissect_ret
205 __skb_flow_dissect_gre(const struct sk_buff *skb,
206 struct flow_dissector_key_control *key_control,
207 struct flow_dissector *flow_dissector,
208 void *target_container, void *data,
209 __be16 *p_proto, int *p_nhoff, int *p_hlen,
212 struct flow_dissector_key_keyid *key_keyid;
213 struct gre_base_hdr *hdr, _hdr;
217 hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr),
218 data, *p_hlen, &_hdr);
220 return FLOW_DISSECT_RET_OUT_BAD;
222 /* Only look inside GRE without routing */
223 if (hdr->flags & GRE_ROUTING)
224 return FLOW_DISSECT_RET_OUT_GOOD;
226 /* Only look inside GRE for version 0 and 1 */
227 gre_ver = ntohs(hdr->flags & GRE_VERSION);
229 return FLOW_DISSECT_RET_OUT_GOOD;
231 *p_proto = hdr->protocol;
233 /* Version1 must be PPTP, and check the flags */
234 if (!(*p_proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
235 return FLOW_DISSECT_RET_OUT_GOOD;
238 offset += sizeof(struct gre_base_hdr);
240 if (hdr->flags & GRE_CSUM)
241 offset += sizeof(((struct gre_full_hdr *) 0)->csum) +
242 sizeof(((struct gre_full_hdr *) 0)->reserved1);
244 if (hdr->flags & GRE_KEY) {
248 keyid = __skb_header_pointer(skb, *p_nhoff + offset,
250 data, *p_hlen, &_keyid);
252 return FLOW_DISSECT_RET_OUT_BAD;
254 if (dissector_uses_key(flow_dissector,
255 FLOW_DISSECTOR_KEY_GRE_KEYID)) {
256 key_keyid = skb_flow_dissector_target(flow_dissector,
257 FLOW_DISSECTOR_KEY_GRE_KEYID,
260 key_keyid->keyid = *keyid;
262 key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
264 offset += sizeof(((struct gre_full_hdr *) 0)->key);
267 if (hdr->flags & GRE_SEQ)
268 offset += sizeof(((struct pptp_gre_header *) 0)->seq);
271 if (*p_proto == htons(ETH_P_TEB)) {
272 const struct ethhdr *eth;
275 eth = __skb_header_pointer(skb, *p_nhoff + offset,
277 data, *p_hlen, &_eth);
279 return FLOW_DISSECT_RET_OUT_BAD;
280 *p_proto = eth->h_proto;
281 offset += sizeof(*eth);
283 /* Cap headers that we access via pointers at the
284 * end of the Ethernet header as our maximum alignment
285 * at that point is only 2 bytes.
288 *p_hlen = *p_nhoff + offset;
290 } else { /* version 1, must be PPTP */
291 u8 _ppp_hdr[PPP_HDRLEN];
294 if (hdr->flags & GRE_ACK)
295 offset += sizeof(((struct pptp_gre_header *) 0)->ack);
297 ppp_hdr = __skb_header_pointer(skb, *p_nhoff + offset,
299 data, *p_hlen, _ppp_hdr);
301 return FLOW_DISSECT_RET_OUT_BAD;
303 switch (PPP_PROTOCOL(ppp_hdr)) {
305 *p_proto = htons(ETH_P_IP);
308 *p_proto = htons(ETH_P_IPV6);
311 /* Could probably catch some more like MPLS */
315 offset += PPP_HDRLEN;
319 key_control->flags |= FLOW_DIS_ENCAPSULATION;
320 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
321 return FLOW_DISSECT_RET_OUT_GOOD;
323 return FLOW_DISSECT_RET_OUT_PROTO_AGAIN;
327 * __skb_flow_dissect - extract the flow_keys struct and return it
328 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
329 * @flow_dissector: list of keys to dissect
330 * @target_container: target structure to put dissected values into
331 * @data: raw buffer pointer to the packet, if NULL use skb->data
332 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
333 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
334 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
336 * The function will try to retrieve individual keys into target specified
337 * by flow_dissector from either the skbuff or a raw buffer specified by the
340 * Caller must take care of zeroing target container memory.
342 bool __skb_flow_dissect(const struct sk_buff *skb,
343 struct flow_dissector *flow_dissector,
344 void *target_container,
345 void *data, __be16 proto, int nhoff, int hlen,
348 struct flow_dissector_key_control *key_control;
349 struct flow_dissector_key_basic *key_basic;
350 struct flow_dissector_key_addrs *key_addrs;
351 struct flow_dissector_key_ports *key_ports;
352 struct flow_dissector_key_icmp *key_icmp;
353 struct flow_dissector_key_tags *key_tags;
354 struct flow_dissector_key_vlan *key_vlan;
355 bool skip_vlan = false;
361 proto = skb_vlan_tag_present(skb) ?
362 skb->vlan_proto : skb->protocol;
363 nhoff = skb_network_offset(skb);
364 hlen = skb_headlen(skb);
367 /* It is ensured by skb_flow_dissector_init() that control key will
370 key_control = skb_flow_dissector_target(flow_dissector,
371 FLOW_DISSECTOR_KEY_CONTROL,
374 /* It is ensured by skb_flow_dissector_init() that basic key will
377 key_basic = skb_flow_dissector_target(flow_dissector,
378 FLOW_DISSECTOR_KEY_BASIC,
381 if (dissector_uses_key(flow_dissector,
382 FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
383 struct ethhdr *eth = eth_hdr(skb);
384 struct flow_dissector_key_eth_addrs *key_eth_addrs;
386 key_eth_addrs = skb_flow_dissector_target(flow_dissector,
387 FLOW_DISSECTOR_KEY_ETH_ADDRS,
389 memcpy(key_eth_addrs, ð->h_dest, sizeof(*key_eth_addrs));
394 case htons(ETH_P_IP): {
395 const struct iphdr *iph;
398 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
399 if (!iph || iph->ihl < 5)
401 nhoff += iph->ihl * 4;
403 ip_proto = iph->protocol;
405 if (dissector_uses_key(flow_dissector,
406 FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
407 key_addrs = skb_flow_dissector_target(flow_dissector,
408 FLOW_DISSECTOR_KEY_IPV4_ADDRS,
411 memcpy(&key_addrs->v4addrs, &iph->saddr,
412 sizeof(key_addrs->v4addrs));
413 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
416 if (ip_is_fragment(iph)) {
417 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
419 if (iph->frag_off & htons(IP_OFFSET)) {
422 key_control->flags |= FLOW_DIS_FIRST_FRAG;
423 if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
428 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
433 case htons(ETH_P_IPV6): {
434 const struct ipv6hdr *iph;
438 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
442 ip_proto = iph->nexthdr;
443 nhoff += sizeof(struct ipv6hdr);
445 if (dissector_uses_key(flow_dissector,
446 FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
447 key_addrs = skb_flow_dissector_target(flow_dissector,
448 FLOW_DISSECTOR_KEY_IPV6_ADDRS,
451 memcpy(&key_addrs->v6addrs, &iph->saddr,
452 sizeof(key_addrs->v6addrs));
453 key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
456 if ((dissector_uses_key(flow_dissector,
457 FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
458 (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
459 ip6_flowlabel(iph)) {
460 __be32 flow_label = ip6_flowlabel(iph);
462 if (dissector_uses_key(flow_dissector,
463 FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
464 key_tags = skb_flow_dissector_target(flow_dissector,
465 FLOW_DISSECTOR_KEY_FLOW_LABEL,
467 key_tags->flow_label = ntohl(flow_label);
469 if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
473 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
478 case htons(ETH_P_8021AD):
479 case htons(ETH_P_8021Q): {
480 const struct vlan_hdr *vlan;
481 struct vlan_hdr _vlan;
482 bool vlan_tag_present = skb && skb_vlan_tag_present(skb);
484 if (vlan_tag_present)
485 proto = skb->protocol;
487 if (!vlan_tag_present || eth_type_vlan(skb->protocol)) {
488 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
492 proto = vlan->h_vlan_encapsulated_proto;
493 nhoff += sizeof(*vlan);
499 if (dissector_uses_key(flow_dissector,
500 FLOW_DISSECTOR_KEY_VLAN)) {
501 key_vlan = skb_flow_dissector_target(flow_dissector,
502 FLOW_DISSECTOR_KEY_VLAN,
505 if (vlan_tag_present) {
506 key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
507 key_vlan->vlan_priority =
508 (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT);
510 key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
512 key_vlan->vlan_priority =
513 (ntohs(vlan->h_vlan_TCI) &
514 VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
520 case htons(ETH_P_PPP_SES): {
522 struct pppoe_hdr hdr;
525 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
529 nhoff += PPPOE_SES_HLEN;
533 case htons(PPP_IPV6):
539 case htons(ETH_P_TIPC): {
544 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
548 if (dissector_uses_key(flow_dissector,
549 FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
550 key_addrs = skb_flow_dissector_target(flow_dissector,
551 FLOW_DISSECTOR_KEY_TIPC_ADDRS,
553 key_addrs->tipcaddrs.srcnode = hdr->srcnode;
554 key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
559 case htons(ETH_P_MPLS_UC):
560 case htons(ETH_P_MPLS_MC):
562 switch (__skb_flow_dissect_mpls(skb, flow_dissector,
563 target_container, data,
565 case FLOW_DISSECT_RET_OUT_GOOD:
567 case FLOW_DISSECT_RET_OUT_BAD:
571 case htons(ETH_P_FCOE):
572 if ((hlen - nhoff) < FCOE_HEADER_LEN)
575 nhoff += FCOE_HEADER_LEN;
578 case htons(ETH_P_ARP):
579 case htons(ETH_P_RARP):
580 switch (__skb_flow_dissect_arp(skb, flow_dissector,
581 target_container, data,
583 case FLOW_DISSECT_RET_OUT_GOOD:
585 case FLOW_DISSECT_RET_OUT_BAD:
596 switch (__skb_flow_dissect_gre(skb, key_control, flow_dissector,
597 target_container, data,
598 &proto, &nhoff, &hlen, flags)) {
599 case FLOW_DISSECT_RET_OUT_GOOD:
601 case FLOW_DISSECT_RET_OUT_BAD:
603 case FLOW_DISSECT_RET_OUT_PROTO_AGAIN:
607 case NEXTHDR_ROUTING:
609 u8 _opthdr[2], *opthdr;
611 if (proto != htons(ETH_P_IPV6))
614 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
615 data, hlen, &_opthdr);
619 ip_proto = opthdr[0];
620 nhoff += (opthdr[1] + 1) << 3;
624 case NEXTHDR_FRAGMENT: {
625 struct frag_hdr _fh, *fh;
627 if (proto != htons(ETH_P_IPV6))
630 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
636 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
638 nhoff += sizeof(_fh);
639 ip_proto = fh->nexthdr;
641 if (!(fh->frag_off & htons(IP6_OFFSET))) {
642 key_control->flags |= FLOW_DIS_FIRST_FRAG;
643 if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
649 proto = htons(ETH_P_IP);
651 key_control->flags |= FLOW_DIS_ENCAPSULATION;
652 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
657 proto = htons(ETH_P_IPV6);
659 key_control->flags |= FLOW_DIS_ENCAPSULATION;
660 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
665 proto = htons(ETH_P_MPLS_UC);
671 if (dissector_uses_key(flow_dissector,
672 FLOW_DISSECTOR_KEY_PORTS)) {
673 key_ports = skb_flow_dissector_target(flow_dissector,
674 FLOW_DISSECTOR_KEY_PORTS,
676 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
680 if (dissector_uses_key(flow_dissector,
681 FLOW_DISSECTOR_KEY_ICMP)) {
682 key_icmp = skb_flow_dissector_target(flow_dissector,
683 FLOW_DISSECTOR_KEY_ICMP,
685 key_icmp->icmp = skb_flow_get_be16(skb, nhoff, data, hlen);
691 key_control->thoff = (u16)nhoff;
693 key_basic->n_proto = proto;
694 key_basic->ip_proto = ip_proto;
700 key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
703 EXPORT_SYMBOL(__skb_flow_dissect);
705 static u32 hashrnd __read_mostly;
706 static __always_inline void __flow_hash_secret_init(void)
708 net_get_random_once(&hashrnd, sizeof(hashrnd));
711 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,
714 return jhash2(words, length, keyval);
717 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)
719 const void *p = flow;
721 BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));
722 return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);
725 static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
727 size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
728 BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
729 BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=
730 sizeof(*flow) - sizeof(flow->addrs));
732 switch (flow->control.addr_type) {
733 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
734 diff -= sizeof(flow->addrs.v4addrs);
736 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
737 diff -= sizeof(flow->addrs.v6addrs);
739 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
740 diff -= sizeof(flow->addrs.tipcaddrs);
743 return (sizeof(*flow) - diff) / sizeof(u32);
746 __be32 flow_get_u32_src(const struct flow_keys *flow)
748 switch (flow->control.addr_type) {
749 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
750 return flow->addrs.v4addrs.src;
751 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
752 return (__force __be32)ipv6_addr_hash(
753 &flow->addrs.v6addrs.src);
754 case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
755 return flow->addrs.tipcaddrs.srcnode;
760 EXPORT_SYMBOL(flow_get_u32_src);
762 __be32 flow_get_u32_dst(const struct flow_keys *flow)
764 switch (flow->control.addr_type) {
765 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
766 return flow->addrs.v4addrs.dst;
767 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
768 return (__force __be32)ipv6_addr_hash(
769 &flow->addrs.v6addrs.dst);
774 EXPORT_SYMBOL(flow_get_u32_dst);
776 static inline void __flow_hash_consistentify(struct flow_keys *keys)
780 switch (keys->control.addr_type) {
781 case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
782 addr_diff = (__force u32)keys->addrs.v4addrs.dst -
783 (__force u32)keys->addrs.v4addrs.src;
784 if ((addr_diff < 0) ||
786 ((__force u16)keys->ports.dst <
787 (__force u16)keys->ports.src))) {
788 swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
789 swap(keys->ports.src, keys->ports.dst);
792 case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
793 addr_diff = memcmp(&keys->addrs.v6addrs.dst,
794 &keys->addrs.v6addrs.src,
795 sizeof(keys->addrs.v6addrs.dst));
796 if ((addr_diff < 0) ||
798 ((__force u16)keys->ports.dst <
799 (__force u16)keys->ports.src))) {
800 for (i = 0; i < 4; i++)
801 swap(keys->addrs.v6addrs.src.s6_addr32[i],
802 keys->addrs.v6addrs.dst.s6_addr32[i]);
803 swap(keys->ports.src, keys->ports.dst);
809 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
813 __flow_hash_consistentify(keys);
815 hash = __flow_hash_words(flow_keys_hash_start(keys),
816 flow_keys_hash_length(keys), keyval);
823 u32 flow_hash_from_keys(struct flow_keys *keys)
825 __flow_hash_secret_init();
826 return __flow_hash_from_keys(keys, hashrnd);
828 EXPORT_SYMBOL(flow_hash_from_keys);
830 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
831 struct flow_keys *keys, u32 keyval)
833 skb_flow_dissect_flow_keys(skb, keys,
834 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
836 return __flow_hash_from_keys(keys, keyval);
839 struct _flow_keys_digest_data {
848 void make_flow_keys_digest(struct flow_keys_digest *digest,
849 const struct flow_keys *flow)
851 struct _flow_keys_digest_data *data =
852 (struct _flow_keys_digest_data *)digest;
854 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
856 memset(digest, 0, sizeof(*digest));
858 data->n_proto = flow->basic.n_proto;
859 data->ip_proto = flow->basic.ip_proto;
860 data->ports = flow->ports.ports;
861 data->src = flow->addrs.v4addrs.src;
862 data->dst = flow->addrs.v4addrs.dst;
864 EXPORT_SYMBOL(make_flow_keys_digest);
866 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
868 u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
870 struct flow_keys keys;
872 __flow_hash_secret_init();
874 memset(&keys, 0, sizeof(keys));
875 __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
877 FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
879 return __flow_hash_from_keys(&keys, hashrnd);
881 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
884 * __skb_get_hash: calculate a flow hash
885 * @skb: sk_buff to calculate flow hash from
887 * This function calculates a flow hash based on src/dst addresses
888 * and src/dst port numbers. Sets hash in skb to non-zero hash value
889 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
890 * if hash is a canonical 4-tuple hash over transport ports.
892 void __skb_get_hash(struct sk_buff *skb)
894 struct flow_keys keys;
897 __flow_hash_secret_init();
899 hash = ___skb_get_hash(skb, &keys, hashrnd);
901 __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
903 EXPORT_SYMBOL(__skb_get_hash);
905 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
907 struct flow_keys keys;
909 return ___skb_get_hash(skb, &keys, perturb);
911 EXPORT_SYMBOL(skb_get_hash_perturb);
913 __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6)
915 struct flow_keys keys;
917 memset(&keys, 0, sizeof(keys));
919 memcpy(&keys.addrs.v6addrs.src, &fl6->saddr,
920 sizeof(keys.addrs.v6addrs.src));
921 memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr,
922 sizeof(keys.addrs.v6addrs.dst));
923 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
924 keys.ports.src = fl6->fl6_sport;
925 keys.ports.dst = fl6->fl6_dport;
926 keys.keyid.keyid = fl6->fl6_gre_key;
927 keys.tags.flow_label = (__force u32)fl6->flowlabel;
928 keys.basic.ip_proto = fl6->flowi6_proto;
930 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
931 flow_keys_have_l4(&keys));
935 EXPORT_SYMBOL(__skb_get_hash_flowi6);
937 __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4)
939 struct flow_keys keys;
941 memset(&keys, 0, sizeof(keys));
943 keys.addrs.v4addrs.src = fl4->saddr;
944 keys.addrs.v4addrs.dst = fl4->daddr;
945 keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
946 keys.ports.src = fl4->fl4_sport;
947 keys.ports.dst = fl4->fl4_dport;
948 keys.keyid.keyid = fl4->fl4_gre_key;
949 keys.basic.ip_proto = fl4->flowi4_proto;
951 __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
952 flow_keys_have_l4(&keys));
956 EXPORT_SYMBOL(__skb_get_hash_flowi4);
958 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
959 const struct flow_keys *keys, int hlen)
961 u32 poff = keys->control.thoff;
963 /* skip L4 headers for fragments after the first */
964 if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
965 !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
968 switch (keys->basic.ip_proto) {
970 /* access doff as u8 to avoid unaligned access */
974 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
979 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
983 case IPPROTO_UDPLITE:
984 poff += sizeof(struct udphdr);
986 /* For the rest, we do not really care about header
987 * extensions at this point for now.
990 poff += sizeof(struct icmphdr);
993 poff += sizeof(struct icmp6hdr);
996 poff += sizeof(struct igmphdr);
999 poff += sizeof(struct dccp_hdr);
1002 poff += sizeof(struct sctphdr);
1010 * skb_get_poff - get the offset to the payload
1011 * @skb: sk_buff to get the payload offset from
1013 * The function will get the offset to the payload as far as it could
1014 * be dissected. The main user is currently BPF, so that we can dynamically
1015 * truncate packets without needing to push actual payload to the user
1016 * space and can analyze headers only, instead.
1018 u32 skb_get_poff(const struct sk_buff *skb)
1020 struct flow_keys keys;
1022 if (!skb_flow_dissect_flow_keys(skb, &keys, 0))
1025 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
1028 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
1030 memset(keys, 0, sizeof(*keys));
1032 memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
1033 sizeof(keys->addrs.v6addrs.src));
1034 memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
1035 sizeof(keys->addrs.v6addrs.dst));
1036 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1037 keys->ports.src = fl6->fl6_sport;
1038 keys->ports.dst = fl6->fl6_dport;
1039 keys->keyid.keyid = fl6->fl6_gre_key;
1040 keys->tags.flow_label = (__force u32)fl6->flowlabel;
1041 keys->basic.ip_proto = fl6->flowi6_proto;
1043 return flow_hash_from_keys(keys);
1045 EXPORT_SYMBOL(__get_hash_from_flowi6);
1047 __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys)
1049 memset(keys, 0, sizeof(*keys));
1051 keys->addrs.v4addrs.src = fl4->saddr;
1052 keys->addrs.v4addrs.dst = fl4->daddr;
1053 keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1054 keys->ports.src = fl4->fl4_sport;
1055 keys->ports.dst = fl4->fl4_dport;
1056 keys->keyid.keyid = fl4->fl4_gre_key;
1057 keys->basic.ip_proto = fl4->flowi4_proto;
1059 return flow_hash_from_keys(keys);
1061 EXPORT_SYMBOL(__get_hash_from_flowi4);
1063 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
1065 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1066 .offset = offsetof(struct flow_keys, control),
1069 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1070 .offset = offsetof(struct flow_keys, basic),
1073 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1074 .offset = offsetof(struct flow_keys, addrs.v4addrs),
1077 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1078 .offset = offsetof(struct flow_keys, addrs.v6addrs),
1081 .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
1082 .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
1085 .key_id = FLOW_DISSECTOR_KEY_PORTS,
1086 .offset = offsetof(struct flow_keys, ports),
1089 .key_id = FLOW_DISSECTOR_KEY_VLAN,
1090 .offset = offsetof(struct flow_keys, vlan),
1093 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
1094 .offset = offsetof(struct flow_keys, tags),
1097 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
1098 .offset = offsetof(struct flow_keys, keyid),
1102 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
1104 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1105 .offset = offsetof(struct flow_keys, control),
1108 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1109 .offset = offsetof(struct flow_keys, basic),
1112 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1113 .offset = offsetof(struct flow_keys, addrs.v4addrs),
1116 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1117 .offset = offsetof(struct flow_keys, addrs.v6addrs),
1120 .key_id = FLOW_DISSECTOR_KEY_PORTS,
1121 .offset = offsetof(struct flow_keys, ports),
1125 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
1127 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1128 .offset = offsetof(struct flow_keys, control),
1131 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1132 .offset = offsetof(struct flow_keys, basic),
1136 struct flow_dissector flow_keys_dissector __read_mostly;
1137 EXPORT_SYMBOL(flow_keys_dissector);
1139 struct flow_dissector flow_keys_buf_dissector __read_mostly;
1141 static int __init init_default_flow_dissectors(void)
1143 skb_flow_dissector_init(&flow_keys_dissector,
1144 flow_keys_dissector_keys,
1145 ARRAY_SIZE(flow_keys_dissector_keys));
1146 skb_flow_dissector_init(&flow_keys_dissector_symmetric,
1147 flow_keys_dissector_symmetric_keys,
1148 ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
1149 skb_flow_dissector_init(&flow_keys_buf_dissector,
1150 flow_keys_buf_dissector_keys,
1151 ARRAY_SIZE(flow_keys_buf_dissector_keys));
1155 core_initcall(init_default_flow_dissectors);