net/core/flow_dissector.c

   1 #include <linux/kernel.h>
   2 #include <linux/skbuff.h>
   3 #include <linux/export.h>
   4 #include <linux/ip.h>
   5 #include <linux/ipv6.h>
   6 #include <linux/if_vlan.h>
   7 #include <net/ip.h>
   8 #include <net/ipv6.h>
   9 #include <net/gre.h>
  10 #include <net/pptp.h>
  11 #include <linux/igmp.h>
  12 #include <linux/icmp.h>
  13 #include <linux/sctp.h>
  14 #include <linux/dccp.h>
  15 #include <linux/if_tunnel.h>
  16 #include <linux/if_pppox.h>
  17 #include <linux/ppp_defs.h>
  18 #include <linux/stddef.h>
  19 #include <linux/if_ether.h>
  20 #include <linux/mpls.h>
  21 #include <net/flow_dissector.h>
  22 #include <scsi/fc/fc_fcoe.h>
  23
  24 static void dissector_set_key(struct flow_dissector *flow_dissector,
  25                               enum flow_dissector_key_id key_id)
  26 {
  27         flow_dissector->used_keys |= (1 << key_id);
  28 }
  29
  30 void skb_flow_dissector_init(struct flow_dissector *flow_dissector,
  31                              const struct flow_dissector_key *key,
  32                              unsigned int key_count)
  33 {
  34         unsigned int i;
  35
  36         memset(flow_dissector, 0, sizeof(*flow_dissector));
  37
  38         for (i = 0; i < key_count; i++, key++) {
  39                 /* User should make sure that every key target offset is withing
  40                  * boundaries of unsigned short.
  41                  */
  42                 BUG_ON(key->offset > USHRT_MAX);
  43                 BUG_ON(dissector_uses_key(flow_dissector,
  44                                           key->key_id));
  45
  46                 dissector_set_key(flow_dissector, key->key_id);
  47                 flow_dissector->offset[key->key_id] = key->offset;
  48         }
  49
  50         /* Ensure that the dissector always includes control and basic key.
  51          * That way we are able to avoid handling lack of these in fast path.
  52          */
  53         BUG_ON(!dissector_uses_key(flow_dissector,
  54                                    FLOW_DISSECTOR_KEY_CONTROL));
  55         BUG_ON(!dissector_uses_key(flow_dissector,
  56                                    FLOW_DISSECTOR_KEY_BASIC));
  57 }
  58 EXPORT_SYMBOL(skb_flow_dissector_init);
  59
  60 /**
  61  * skb_flow_get_be16 - extract be16 entity
  62  * @skb: sk_buff to extract from
  63  * @poff: offset to extract at
  64  * @data: raw buffer pointer to the packet
  65  * @hlen: packet header length
  66  *
  67  * The function will try to retrieve a be32 entity at
  68  * offset poff
  69  */
  70 static __be16 skb_flow_get_be16(const struct sk_buff *skb, int poff,
  71                                 void *data, int hlen)
  72 {
  73         __be16 *u, _u;
  74
  75         u = __skb_header_pointer(skb, poff, sizeof(_u), data, hlen, &_u);
  76         if (u)
  77                 return *u;
  78
  79         return 0;
  80 }
  81
  82 /**
  83  * __skb_flow_get_ports - extract the upper layer ports and return them
  84  * @skb: sk_buff to extract the ports from
  85  * @thoff: transport header offset
  86  * @ip_proto: protocol for which to get port offset
  87  * @data: raw buffer pointer to the packet, if NULL use skb->data
  88  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
  89  *
  90  * The function will try to retrieve the ports at offset thoff + poff where poff
  91  * is the protocol port offset returned from proto_ports_offset
  92  */
  93 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
  94                             void *data, int hlen)
  95 {
  96         int poff = proto_ports_offset(ip_proto);
  97
  98         if (!data) {
  99                 data = skb->data;
 100                 hlen = skb_headlen(skb);
 101         }
 102
 103         if (poff >= 0) {
 104                 __be32 *ports, _ports;
 105
 106                 ports = __skb_header_pointer(skb, thoff + poff,
 107                                              sizeof(_ports), data, hlen, &_ports);
 108                 if (ports)
 109                         return *ports;
 110         }
 111
 112         return 0;
 113 }
 114 EXPORT_SYMBOL(__skb_flow_get_ports);
 115
 116 enum flow_dissect_ret {
 117         FLOW_DISSECT_RET_OUT_GOOD,
 118         FLOW_DISSECT_RET_OUT_BAD,
 119         FLOW_DISSECT_RET_OUT_PROTO_AGAIN,
 120 };
 121
 122 static enum flow_dissect_ret
 123 __skb_flow_dissect_mpls(const struct sk_buff *skb,
 124                         struct flow_dissector *flow_dissector,
 125                         void *target_container, void *data, int nhoff, int hlen)
 126 {
 127         struct flow_dissector_key_keyid *key_keyid;
 128         struct mpls_label *hdr, _hdr[2];
 129
 130         if (!dissector_uses_key(flow_dissector,
 131                                 FLOW_DISSECTOR_KEY_MPLS_ENTROPY))
 132                 return FLOW_DISSECT_RET_OUT_GOOD;
 133
 134         hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data,
 135                                    hlen, &_hdr);
 136         if (!hdr)
 137                 return FLOW_DISSECT_RET_OUT_BAD;
 138
 139         if ((ntohl(hdr[0].entry) & MPLS_LS_LABEL_MASK) >>
 140             MPLS_LS_LABEL_SHIFT == MPLS_LABEL_ENTROPY) {
 141                 key_keyid = skb_flow_dissector_target(flow_dissector,
 142                                                       FLOW_DISSECTOR_KEY_MPLS_ENTROPY,
 143                                                       target_container);
 144                 key_keyid->keyid = hdr[1].entry & htonl(MPLS_LS_LABEL_MASK);
 145         }
 146         return FLOW_DISSECT_RET_OUT_GOOD;
 147 }
 148
 149 static enum flow_dissect_ret
 150 __skb_flow_dissect_arp(const struct sk_buff *skb,
 151                        struct flow_dissector *flow_dissector,
 152                        void *target_container, void *data, int nhoff, int hlen)
 153 {
 154         struct flow_dissector_key_arp *key_arp;
 155         struct {
 156                 unsigned char ar_sha[ETH_ALEN];
 157                 unsigned char ar_sip[4];
 158                 unsigned char ar_tha[ETH_ALEN];
 159                 unsigned char ar_tip[4];
 160         } *arp_eth, _arp_eth;
 161         const struct arphdr *arp;
 162         struct arphdr *_arp;
 163
 164         if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ARP))
 165                 return FLOW_DISSECT_RET_OUT_GOOD;
 166
 167         arp = __skb_header_pointer(skb, nhoff, sizeof(_arp), data,
 168                                    hlen, &_arp);
 169         if (!arp)
 170                 return FLOW_DISSECT_RET_OUT_BAD;
 171
 172         if (arp->ar_hrd != htons(ARPHRD_ETHER) ||
 173             arp->ar_pro != htons(ETH_P_IP) ||
 174             arp->ar_hln != ETH_ALEN ||
 175             arp->ar_pln != 4 ||
 176             (arp->ar_op != htons(ARPOP_REPLY) &&
 177              arp->ar_op != htons(ARPOP_REQUEST)))
 178                 return FLOW_DISSECT_RET_OUT_BAD;
 179
 180         arp_eth = __skb_header_pointer(skb, nhoff + sizeof(_arp),
 181                                        sizeof(_arp_eth), data,
 182                                        hlen, &_arp_eth);
 183         if (!arp_eth)
 184                 return FLOW_DISSECT_RET_OUT_BAD;
 185
 186         key_arp = skb_flow_dissector_target(flow_dissector,
 187                                             FLOW_DISSECTOR_KEY_ARP,
 188                                             target_container);
 189
 190         memcpy(&key_arp->sip, arp_eth->ar_sip, sizeof(key_arp->sip));
 191         memcpy(&key_arp->tip, arp_eth->ar_tip, sizeof(key_arp->tip));
 192
 193         /* Only store the lower byte of the opcode;
 194          * this covers ARPOP_REPLY and ARPOP_REQUEST.
 195          */
 196         key_arp->op = ntohs(arp->ar_op) & 0xff;
 197
 198         ether_addr_copy(key_arp->sha, arp_eth->ar_sha);
 199         ether_addr_copy(key_arp->tha, arp_eth->ar_tha);
 200
 201         return FLOW_DISSECT_RET_OUT_GOOD;
 202 }
 203
 204 static enum flow_dissect_ret
 205 __skb_flow_dissect_gre(const struct sk_buff *skb,
 206                        struct flow_dissector_key_control *key_control,
 207                        struct flow_dissector *flow_dissector,
 208                        void *target_container, void *data,
 209                        __be16 *p_proto, int *p_nhoff, int *p_hlen,
 210                        unsigned int flags)
 211 {
 212         struct flow_dissector_key_keyid *key_keyid;
 213         struct gre_base_hdr *hdr, _hdr;
 214         int offset = 0;
 215         u16 gre_ver;
 216
 217         hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr),
 218                                    data, *p_hlen, &_hdr);
 219         if (!hdr)
 220                 return FLOW_DISSECT_RET_OUT_BAD;
 221
 222         /* Only look inside GRE without routing */
 223         if (hdr->flags & GRE_ROUTING)
 224                 return FLOW_DISSECT_RET_OUT_GOOD;
 225
 226         /* Only look inside GRE for version 0 and 1 */
 227         gre_ver = ntohs(hdr->flags & GRE_VERSION);
 228         if (gre_ver > 1)
 229                 return FLOW_DISSECT_RET_OUT_GOOD;
 230
 231         *p_proto = hdr->protocol;
 232         if (gre_ver) {
 233                 /* Version1 must be PPTP, and check the flags */
 234                 if (!(*p_proto == GRE_PROTO_PPP && (hdr->flags & GRE_KEY)))
 235                         return FLOW_DISSECT_RET_OUT_GOOD;
 236         }
 237
 238         offset += sizeof(struct gre_base_hdr);
 239
 240         if (hdr->flags & GRE_CSUM)
 241                 offset += sizeof(((struct gre_full_hdr *) 0)->csum) +
 242                           sizeof(((struct gre_full_hdr *) 0)->reserved1);
 243
 244         if (hdr->flags & GRE_KEY) {
 245                 const __be32 *keyid;
 246                 __be32 _keyid;
 247
 248                 keyid = __skb_header_pointer(skb, *p_nhoff + offset,
 249                                              sizeof(_keyid),
 250                                              data, *p_hlen, &_keyid);
 251                 if (!keyid)
 252                         return FLOW_DISSECT_RET_OUT_BAD;
 253
 254                 if (dissector_uses_key(flow_dissector,
 255                                        FLOW_DISSECTOR_KEY_GRE_KEYID)) {
 256                         key_keyid = skb_flow_dissector_target(flow_dissector,
 257                                                               FLOW_DISSECTOR_KEY_GRE_KEYID,
 258                                                               target_container);
 259                         if (gre_ver == 0)
 260                                 key_keyid->keyid = *keyid;
 261                         else
 262                                 key_keyid->keyid = *keyid & GRE_PPTP_KEY_MASK;
 263                 }
 264                 offset += sizeof(((struct gre_full_hdr *) 0)->key);
 265         }
 266
 267         if (hdr->flags & GRE_SEQ)
 268                 offset += sizeof(((struct pptp_gre_header *) 0)->seq);
 269
 270         if (gre_ver == 0) {
 271                 if (*p_proto == htons(ETH_P_TEB)) {
 272                         const struct ethhdr *eth;
 273                         struct ethhdr _eth;
 274
 275                         eth = __skb_header_pointer(skb, *p_nhoff + offset,
 276                                                    sizeof(_eth),
 277                                                    data, *p_hlen, &_eth);
 278                         if (!eth)
 279                                 return FLOW_DISSECT_RET_OUT_BAD;
 280                         *p_proto = eth->h_proto;
 281                         offset += sizeof(*eth);
 282
 283                         /* Cap headers that we access via pointers at the
 284                          * end of the Ethernet header as our maximum alignment
 285                          * at that point is only 2 bytes.
 286                          */
 287                         if (NET_IP_ALIGN)
 288                                 *p_hlen = *p_nhoff + offset;
 289                 }
 290         } else { /* version 1, must be PPTP */
 291                 u8 _ppp_hdr[PPP_HDRLEN];
 292                 u8 *ppp_hdr;
 293
 294                 if (hdr->flags & GRE_ACK)
 295                         offset += sizeof(((struct pptp_gre_header *) 0)->ack);
 296
 297                 ppp_hdr = __skb_header_pointer(skb, *p_nhoff + offset,
 298                                                sizeof(_ppp_hdr),
 299                                                data, *p_hlen, _ppp_hdr);
 300                 if (!ppp_hdr)
 301                         return FLOW_DISSECT_RET_OUT_BAD;
 302
 303                 switch (PPP_PROTOCOL(ppp_hdr)) {
 304                 case PPP_IP:
 305                         *p_proto = htons(ETH_P_IP);
 306                         break;
 307                 case PPP_IPV6:
 308                         *p_proto = htons(ETH_P_IPV6);
 309                         break;
 310                 default:
 311                         /* Could probably catch some more like MPLS */
 312                         break;
 313                 }
 314
 315                 offset += PPP_HDRLEN;
 316         }
 317
 318         *p_nhoff += offset;
 319         key_control->flags |= FLOW_DIS_ENCAPSULATION;
 320         if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
 321                 return FLOW_DISSECT_RET_OUT_GOOD;
 322
 323         return FLOW_DISSECT_RET_OUT_PROTO_AGAIN;
 324 }
 325
 326 /**
 327  * __skb_flow_dissect - extract the flow_keys struct and return it
 328  * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
 329  * @flow_dissector: list of keys to dissect
 330  * @target_container: target structure to put dissected values into
 331  * @data: raw buffer pointer to the packet, if NULL use skb->data
 332  * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
 333  * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
 334  * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
 335  *
 336  * The function will try to retrieve individual keys into target specified
 337  * by flow_dissector from either the skbuff or a raw buffer specified by the
 338  * rest parameters.
 339  *
 340  * Caller must take care of zeroing target container memory.
 341  */
 342 bool __skb_flow_dissect(const struct sk_buff *skb,
 343                         struct flow_dissector *flow_dissector,
 344                         void *target_container,
 345                         void *data, __be16 proto, int nhoff, int hlen,
 346                         unsigned int flags)
 347 {
 348         struct flow_dissector_key_control *key_control;
 349         struct flow_dissector_key_basic *key_basic;
 350         struct flow_dissector_key_addrs *key_addrs;
 351         struct flow_dissector_key_ports *key_ports;
 352         struct flow_dissector_key_icmp *key_icmp;
 353         struct flow_dissector_key_tags *key_tags;
 354         struct flow_dissector_key_vlan *key_vlan;
 355         bool skip_vlan = false;
 356         u8 ip_proto = 0;
 357         bool ret;
 358
 359         if (!data) {
 360                 data = skb->data;
 361                 proto = skb_vlan_tag_present(skb) ?
 362                          skb->vlan_proto : skb->protocol;
 363                 nhoff = skb_network_offset(skb);
 364                 hlen = skb_headlen(skb);
 365         }
 366
 367         /* It is ensured by skb_flow_dissector_init() that control key will
 368          * be always present.
 369          */
 370         key_control = skb_flow_dissector_target(flow_dissector,
 371                                                 FLOW_DISSECTOR_KEY_CONTROL,
 372                                                 target_container);
 373
 374         /* It is ensured by skb_flow_dissector_init() that basic key will
 375          * be always present.
 376          */
 377         key_basic = skb_flow_dissector_target(flow_dissector,
 378                                               FLOW_DISSECTOR_KEY_BASIC,
 379                                               target_container);
 380
 381         if (dissector_uses_key(flow_dissector,
 382                                FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
 383                 struct ethhdr *eth = eth_hdr(skb);
 384                 struct flow_dissector_key_eth_addrs *key_eth_addrs;
 385
 386                 key_eth_addrs = skb_flow_dissector_target(flow_dissector,
 387                                                           FLOW_DISSECTOR_KEY_ETH_ADDRS,
 388                                                           target_container);
 389                 memcpy(key_eth_addrs, &eth->h_dest, sizeof(*key_eth_addrs));
 390         }
 391
 392 proto_again:
 393         switch (proto) {
 394         case htons(ETH_P_IP): {
 395                 const struct iphdr *iph;
 396                 struct iphdr _iph;
 397 ip:
 398                 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
 399                 if (!iph || iph->ihl < 5)
 400                         goto out_bad;
 401                 nhoff += iph->ihl * 4;
 402
 403                 ip_proto = iph->protocol;
 404
 405                 if (dissector_uses_key(flow_dissector,
 406                                        FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
 407                         key_addrs = skb_flow_dissector_target(flow_dissector,
 408                                                               FLOW_DISSECTOR_KEY_IPV4_ADDRS,
 409                                                               target_container);
 410
 411                         memcpy(&key_addrs->v4addrs, &iph->saddr,
 412                                sizeof(key_addrs->v4addrs));
 413                         key_control->addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
 414                 }
 415
 416                 if (ip_is_fragment(iph)) {
 417                         key_control->flags |= FLOW_DIS_IS_FRAGMENT;
 418
 419                         if (iph->frag_off & htons(IP_OFFSET)) {
 420                                 goto out_good;
 421                         } else {
 422                                 key_control->flags |= FLOW_DIS_FIRST_FRAG;
 423                                 if (!(flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
 424                                         goto out_good;
 425                         }
 426                 }
 427
 428                 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
 429                         goto out_good;
 430
 431                 break;
 432         }
 433         case htons(ETH_P_IPV6): {
 434                 const struct ipv6hdr *iph;
 435                 struct ipv6hdr _iph;
 436
 437 ipv6:
 438                 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
 439                 if (!iph)
 440                         goto out_bad;
 441
 442                 ip_proto = iph->nexthdr;
 443                 nhoff += sizeof(struct ipv6hdr);
 444
 445                 if (dissector_uses_key(flow_dissector,
 446                                        FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
 447                         key_addrs = skb_flow_dissector_target(flow_dissector,
 448                                                               FLOW_DISSECTOR_KEY_IPV6_ADDRS,
 449                                                               target_container);
 450
 451                         memcpy(&key_addrs->v6addrs, &iph->saddr,
 452                                sizeof(key_addrs->v6addrs));
 453                         key_control->addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
 454                 }
 455
 456                 if ((dissector_uses_key(flow_dissector,
 457                                         FLOW_DISSECTOR_KEY_FLOW_LABEL) ||
 458                      (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)) &&
 459                     ip6_flowlabel(iph)) {
 460                         __be32 flow_label = ip6_flowlabel(iph);
 461
 462                         if (dissector_uses_key(flow_dissector,
 463                                                FLOW_DISSECTOR_KEY_FLOW_LABEL)) {
 464                                 key_tags = skb_flow_dissector_target(flow_dissector,
 465                                                                      FLOW_DISSECTOR_KEY_FLOW_LABEL,
 466                                                                      target_container);
 467                                 key_tags->flow_label = ntohl(flow_label);
 468                         }
 469                         if (flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
 470                                 goto out_good;
 471                 }
 472
 473                 if (flags & FLOW_DISSECTOR_F_STOP_AT_L3)
 474                         goto out_good;
 475
 476                 break;
 477         }
 478         case htons(ETH_P_8021AD):
 479         case htons(ETH_P_8021Q): {
 480                 const struct vlan_hdr *vlan;
 481                 struct vlan_hdr _vlan;
 482                 bool vlan_tag_present = skb && skb_vlan_tag_present(skb);
 483
 484                 if (vlan_tag_present)
 485                         proto = skb->protocol;
 486
 487                 if (!vlan_tag_present || eth_type_vlan(skb->protocol)) {
 488                         vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan),
 489                                                     data, hlen, &_vlan);
 490                         if (!vlan)
 491                                 goto out_bad;
 492                         proto = vlan->h_vlan_encapsulated_proto;
 493                         nhoff += sizeof(*vlan);
 494                         if (skip_vlan)
 495                                 goto proto_again;
 496                 }
 497
 498                 skip_vlan = true;
 499                 if (dissector_uses_key(flow_dissector,
 500                                        FLOW_DISSECTOR_KEY_VLAN)) {
 501                         key_vlan = skb_flow_dissector_target(flow_dissector,
 502                                                              FLOW_DISSECTOR_KEY_VLAN,
 503                                                              target_container);
 504
 505                         if (vlan_tag_present) {
 506                                 key_vlan->vlan_id = skb_vlan_tag_get_id(skb);
 507                                 key_vlan->vlan_priority =
 508                                         (skb_vlan_tag_get_prio(skb) >> VLAN_PRIO_SHIFT);
 509                         } else {
 510                                 key_vlan->vlan_id = ntohs(vlan->h_vlan_TCI) &
 511                                         VLAN_VID_MASK;
 512                                 key_vlan->vlan_priority =
 513                                         (ntohs(vlan->h_vlan_TCI) &
 514                                          VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT;
 515                         }
 516                 }
 517
 518                 goto proto_again;
 519         }
 520         case htons(ETH_P_PPP_SES): {
 521                 struct {
 522                         struct pppoe_hdr hdr;
 523                         __be16 proto;
 524                 } *hdr, _hdr;
 525                 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
 526                 if (!hdr)
 527                         goto out_bad;
 528                 proto = hdr->proto;
 529                 nhoff += PPPOE_SES_HLEN;
 530                 switch (proto) {
 531                 case htons(PPP_IP):
 532                         goto ip;
 533                 case htons(PPP_IPV6):
 534                         goto ipv6;
 535                 default:
 536                         goto out_bad;
 537                 }
 538         }
 539         case htons(ETH_P_TIPC): {
 540                 struct {
 541                         __be32 pre[3];
 542                         __be32 srcnode;
 543                 } *hdr, _hdr;
 544                 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
 545                 if (!hdr)
 546                         goto out_bad;
 547
 548                 if (dissector_uses_key(flow_dissector,
 549                                        FLOW_DISSECTOR_KEY_TIPC_ADDRS)) {
 550                         key_addrs = skb_flow_dissector_target(flow_dissector,
 551                                                               FLOW_DISSECTOR_KEY_TIPC_ADDRS,
 552                                                               target_container);
 553                         key_addrs->tipcaddrs.srcnode = hdr->srcnode;
 554                         key_control->addr_type = FLOW_DISSECTOR_KEY_TIPC_ADDRS;
 555                 }
 556                 goto out_good;
 557         }
 558
 559         case htons(ETH_P_MPLS_UC):
 560         case htons(ETH_P_MPLS_MC):
 561 mpls:
 562                 switch (__skb_flow_dissect_mpls(skb, flow_dissector,
 563                                                 target_container, data,
 564                                                 nhoff, hlen)) {
 565                 case FLOW_DISSECT_RET_OUT_GOOD:
 566                         goto out_good;
 567                 case FLOW_DISSECT_RET_OUT_BAD:
 568                 default:
 569                         goto out_bad;
 570                 }
 571         case htons(ETH_P_FCOE):
 572                 if ((hlen - nhoff) < FCOE_HEADER_LEN)
 573                         goto out_bad;
 574
 575                 nhoff += FCOE_HEADER_LEN;
 576                 goto out_good;
 577
 578         case htons(ETH_P_ARP):
 579         case htons(ETH_P_RARP):
 580                 switch (__skb_flow_dissect_arp(skb, flow_dissector,
 581                                                target_container, data,
 582                                                nhoff, hlen)) {
 583                 case FLOW_DISSECT_RET_OUT_GOOD:
 584                         goto out_good;
 585                 case FLOW_DISSECT_RET_OUT_BAD:
 586                 default:
 587                         goto out_bad;
 588                 }
 589         default:
 590                 goto out_bad;
 591         }
 592
 593 ip_proto_again:
 594         switch (ip_proto) {
 595         case IPPROTO_GRE:
 596                 switch (__skb_flow_dissect_gre(skb, key_control, flow_dissector,
 597                                                target_container, data,
 598                                                &proto, &nhoff, &hlen, flags)) {
 599                 case FLOW_DISSECT_RET_OUT_GOOD:
 600                         goto out_good;
 601                 case FLOW_DISSECT_RET_OUT_BAD:
 602                         goto out_bad;
 603                 case FLOW_DISSECT_RET_OUT_PROTO_AGAIN:
 604                         goto proto_again;
 605                 }
 606         case NEXTHDR_HOP:
 607         case NEXTHDR_ROUTING:
 608         case NEXTHDR_DEST: {
 609                 u8 _opthdr[2], *opthdr;
 610
 611                 if (proto != htons(ETH_P_IPV6))
 612                         break;
 613
 614                 opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
 615                                               data, hlen, &_opthdr);
 616                 if (!opthdr)
 617                         goto out_bad;
 618
 619                 ip_proto = opthdr[0];
 620                 nhoff += (opthdr[1] + 1) << 3;
 621
 622                 goto ip_proto_again;
 623         }
 624         case NEXTHDR_FRAGMENT: {
 625                 struct frag_hdr _fh, *fh;
 626
 627                 if (proto != htons(ETH_P_IPV6))
 628                         break;
 629
 630                 fh = __skb_header_pointer(skb, nhoff, sizeof(_fh),
 631                                           data, hlen, &_fh);
 632
 633                 if (!fh)
 634                         goto out_bad;
 635
 636                 key_control->flags |= FLOW_DIS_IS_FRAGMENT;
 637
 638                 nhoff += sizeof(_fh);
 639                 ip_proto = fh->nexthdr;
 640
 641                 if (!(fh->frag_off & htons(IP6_OFFSET))) {
 642                         key_control->flags |= FLOW_DIS_FIRST_FRAG;
 643                         if (flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)
 644                                 goto ip_proto_again;
 645                 }
 646                 goto out_good;
 647         }
 648         case IPPROTO_IPIP:
 649                 proto = htons(ETH_P_IP);
 650
 651                 key_control->flags |= FLOW_DIS_ENCAPSULATION;
 652                 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
 653                         goto out_good;
 654
 655                 goto ip;
 656         case IPPROTO_IPV6:
 657                 proto = htons(ETH_P_IPV6);
 658
 659                 key_control->flags |= FLOW_DIS_ENCAPSULATION;
 660                 if (flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP)
 661                         goto out_good;
 662
 663                 goto ipv6;
 664         case IPPROTO_MPLS:
 665                 proto = htons(ETH_P_MPLS_UC);
 666                 goto mpls;
 667         default:
 668                 break;
 669         }
 670
 671         if (dissector_uses_key(flow_dissector,
 672                                FLOW_DISSECTOR_KEY_PORTS)) {
 673                 key_ports = skb_flow_dissector_target(flow_dissector,
 674                                                       FLOW_DISSECTOR_KEY_PORTS,
 675                                                       target_container);
 676                 key_ports->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
 677                                                         data, hlen);
 678         }
 679
 680         if (dissector_uses_key(flow_dissector,
 681                                FLOW_DISSECTOR_KEY_ICMP)) {
 682                 key_icmp = skb_flow_dissector_target(flow_dissector,
 683                                                      FLOW_DISSECTOR_KEY_ICMP,
 684                                                      target_container);
 685                 key_icmp->icmp = skb_flow_get_be16(skb, nhoff, data, hlen);
 686         }
 687
 688 out_good:
 689         ret = true;
 690
 691         key_control->thoff = (u16)nhoff;
 692 out:
 693         key_basic->n_proto = proto;
 694         key_basic->ip_proto = ip_proto;
 695
 696         return ret;
 697
 698 out_bad:
 699         ret = false;
 700         key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
 701         goto out;
 702 }
 703 EXPORT_SYMBOL(__skb_flow_dissect);
 704
 705 static u32 hashrnd __read_mostly;
 706 static __always_inline void __flow_hash_secret_init(void)
 707 {
 708         net_get_random_once(&hashrnd, sizeof(hashrnd));
 709 }
 710
 711 static __always_inline u32 __flow_hash_words(const u32 *words, u32 length,
 712                                              u32 keyval)
 713 {
 714         return jhash2(words, length, keyval);
 715 }
 716
 717 static inline const u32 *flow_keys_hash_start(const struct flow_keys *flow)
 718 {
 719         const void *p = flow;
 720
 721         BUILD_BUG_ON(FLOW_KEYS_HASH_OFFSET % sizeof(u32));
 722         return (const u32 *)(p + FLOW_KEYS_HASH_OFFSET);
 723 }
 724
 725 static inline size_t flow_keys_hash_length(const struct flow_keys *flow)
 726 {
 727         size_t diff = FLOW_KEYS_HASH_OFFSET + sizeof(flow->addrs);
 728         BUILD_BUG_ON((sizeof(*flow) - FLOW_KEYS_HASH_OFFSET) % sizeof(u32));
 729         BUILD_BUG_ON(offsetof(typeof(*flow), addrs) !=
 730                      sizeof(*flow) - sizeof(flow->addrs));
 731
 732         switch (flow->control.addr_type) {
 733         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
 734                 diff -= sizeof(flow->addrs.v4addrs);
 735                 break;
 736         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
 737                 diff -= sizeof(flow->addrs.v6addrs);
 738                 break;
 739         case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
 740                 diff -= sizeof(flow->addrs.tipcaddrs);
 741                 break;
 742         }
 743         return (sizeof(*flow) - diff) / sizeof(u32);
 744 }
 745
 746 __be32 flow_get_u32_src(const struct flow_keys *flow)
 747 {
 748         switch (flow->control.addr_type) {
 749         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
 750                 return flow->addrs.v4addrs.src;
 751         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
 752                 return (__force __be32)ipv6_addr_hash(
 753                         &flow->addrs.v6addrs.src);
 754         case FLOW_DISSECTOR_KEY_TIPC_ADDRS:
 755                 return flow->addrs.tipcaddrs.srcnode;
 756         default:
 757                 return 0;
 758         }
 759 }
 760 EXPORT_SYMBOL(flow_get_u32_src);
 761
 762 __be32 flow_get_u32_dst(const struct flow_keys *flow)
 763 {
 764         switch (flow->control.addr_type) {
 765         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
 766                 return flow->addrs.v4addrs.dst;
 767         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
 768                 return (__force __be32)ipv6_addr_hash(
 769                         &flow->addrs.v6addrs.dst);
 770         default:
 771                 return 0;
 772         }
 773 }
 774 EXPORT_SYMBOL(flow_get_u32_dst);
 775
 776 static inline void __flow_hash_consistentify(struct flow_keys *keys)
 777 {
 778         int addr_diff, i;
 779
 780         switch (keys->control.addr_type) {
 781         case FLOW_DISSECTOR_KEY_IPV4_ADDRS:
 782                 addr_diff = (__force u32)keys->addrs.v4addrs.dst -
 783                             (__force u32)keys->addrs.v4addrs.src;
 784                 if ((addr_diff < 0) ||
 785                     (addr_diff == 0 &&
 786                      ((__force u16)keys->ports.dst <
 787                       (__force u16)keys->ports.src))) {
 788                         swap(keys->addrs.v4addrs.src, keys->addrs.v4addrs.dst);
 789                         swap(keys->ports.src, keys->ports.dst);
 790                 }
 791                 break;
 792         case FLOW_DISSECTOR_KEY_IPV6_ADDRS:
 793                 addr_diff = memcmp(&keys->addrs.v6addrs.dst,
 794                                    &keys->addrs.v6addrs.src,
 795                                    sizeof(keys->addrs.v6addrs.dst));
 796                 if ((addr_diff < 0) ||
 797                     (addr_diff == 0 &&
 798                      ((__force u16)keys->ports.dst <
 799                       (__force u16)keys->ports.src))) {
 800                         for (i = 0; i < 4; i++)
 801                                 swap(keys->addrs.v6addrs.src.s6_addr32[i],
 802                                      keys->addrs.v6addrs.dst.s6_addr32[i]);
 803                         swap(keys->ports.src, keys->ports.dst);
 804                 }
 805                 break;
 806         }
 807 }
 808
 809 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
 810 {
 811         u32 hash;
 812
 813         __flow_hash_consistentify(keys);
 814
 815         hash = __flow_hash_words(flow_keys_hash_start(keys),
 816                                  flow_keys_hash_length(keys), keyval);
 817         if (!hash)
 818                 hash = 1;
 819
 820         return hash;
 821 }
 822
 823 u32 flow_hash_from_keys(struct flow_keys *keys)
 824 {
 825         __flow_hash_secret_init();
 826         return __flow_hash_from_keys(keys, hashrnd);
 827 }
 828 EXPORT_SYMBOL(flow_hash_from_keys);
 829
 830 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
 831                                   struct flow_keys *keys, u32 keyval)
 832 {
 833         skb_flow_dissect_flow_keys(skb, keys,
 834                                    FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
 835
 836         return __flow_hash_from_keys(keys, keyval);
 837 }
 838
 839 struct _flow_keys_digest_data {
 840         __be16  n_proto;
 841         u8      ip_proto;
 842         u8      padding;
 843         __be32  ports;
 844         __be32  src;
 845         __be32  dst;
 846 };
 847
 848 void make_flow_keys_digest(struct flow_keys_digest *digest,
 849                            const struct flow_keys *flow)
 850 {
 851         struct _flow_keys_digest_data *data =
 852             (struct _flow_keys_digest_data *)digest;
 853
 854         BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
 855
 856         memset(digest, 0, sizeof(*digest));
 857
 858         data->n_proto = flow->basic.n_proto;
 859         data->ip_proto = flow->basic.ip_proto;
 860         data->ports = flow->ports.ports;
 861         data->src = flow->addrs.v4addrs.src;
 862         data->dst = flow->addrs.v4addrs.dst;
 863 }
 864 EXPORT_SYMBOL(make_flow_keys_digest);
 865
 866 static struct flow_dissector flow_keys_dissector_symmetric __read_mostly;
 867
 868 u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
 869 {
 870         struct flow_keys keys;
 871
 872         __flow_hash_secret_init();
 873
 874         memset(&keys, 0, sizeof(keys));
 875         __skb_flow_dissect(skb, &flow_keys_dissector_symmetric, &keys,
 876                            NULL, 0, 0, 0,
 877                            FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
 878
 879         return __flow_hash_from_keys(&keys, hashrnd);
 880 }
 881 EXPORT_SYMBOL_GPL(__skb_get_hash_symmetric);
 882
 883 /**
 884  * __skb_get_hash: calculate a flow hash
 885  * @skb: sk_buff to calculate flow hash from
 886  *
 887  * This function calculates a flow hash based on src/dst addresses
 888  * and src/dst port numbers.  Sets hash in skb to non-zero hash value
 889  * on success, zero indicates no valid hash.  Also, sets l4_hash in skb
 890  * if hash is a canonical 4-tuple hash over transport ports.
 891  */
 892 void __skb_get_hash(struct sk_buff *skb)
 893 {
 894         struct flow_keys keys;
 895         u32 hash;
 896
 897         __flow_hash_secret_init();
 898
 899         hash = ___skb_get_hash(skb, &keys, hashrnd);
 900
 901         __skb_set_sw_hash(skb, hash, flow_keys_have_l4(&keys));
 902 }
 903 EXPORT_SYMBOL(__skb_get_hash);
 904
 905 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
 906 {
 907         struct flow_keys keys;
 908
 909         return ___skb_get_hash(skb, &keys, perturb);
 910 }
 911 EXPORT_SYMBOL(skb_get_hash_perturb);
 912
 913 __u32 __skb_get_hash_flowi6(struct sk_buff *skb, const struct flowi6 *fl6)
 914 {
 915         struct flow_keys keys;
 916
 917         memset(&keys, 0, sizeof(keys));
 918
 919         memcpy(&keys.addrs.v6addrs.src, &fl6->saddr,
 920                sizeof(keys.addrs.v6addrs.src));
 921         memcpy(&keys.addrs.v6addrs.dst, &fl6->daddr,
 922                sizeof(keys.addrs.v6addrs.dst));
 923         keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
 924         keys.ports.src = fl6->fl6_sport;
 925         keys.ports.dst = fl6->fl6_dport;
 926         keys.keyid.keyid = fl6->fl6_gre_key;
 927         keys.tags.flow_label = (__force u32)fl6->flowlabel;
 928         keys.basic.ip_proto = fl6->flowi6_proto;
 929
 930         __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
 931                           flow_keys_have_l4(&keys));
 932
 933         return skb->hash;
 934 }
 935 EXPORT_SYMBOL(__skb_get_hash_flowi6);
 936
 937 __u32 __skb_get_hash_flowi4(struct sk_buff *skb, const struct flowi4 *fl4)
 938 {
 939         struct flow_keys keys;
 940
 941         memset(&keys, 0, sizeof(keys));
 942
 943         keys.addrs.v4addrs.src = fl4->saddr;
 944         keys.addrs.v4addrs.dst = fl4->daddr;
 945         keys.control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
 946         keys.ports.src = fl4->fl4_sport;
 947         keys.ports.dst = fl4->fl4_dport;
 948         keys.keyid.keyid = fl4->fl4_gre_key;
 949         keys.basic.ip_proto = fl4->flowi4_proto;
 950
 951         __skb_set_sw_hash(skb, flow_hash_from_keys(&keys),
 952                           flow_keys_have_l4(&keys));
 953
 954         return skb->hash;
 955 }
 956 EXPORT_SYMBOL(__skb_get_hash_flowi4);
 957
 958 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
 959                    const struct flow_keys *keys, int hlen)
 960 {
 961         u32 poff = keys->control.thoff;
 962
 963         /* skip L4 headers for fragments after the first */
 964         if ((keys->control.flags & FLOW_DIS_IS_FRAGMENT) &&
 965             !(keys->control.flags & FLOW_DIS_FIRST_FRAG))
 966                 return poff;
 967
 968         switch (keys->basic.ip_proto) {
 969         case IPPROTO_TCP: {
 970                 /* access doff as u8 to avoid unaligned access */
 971                 const u8 *doff;
 972                 u8 _doff;
 973
 974                 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
 975                                             data, hlen, &_doff);
 976                 if (!doff)
 977                         return poff;
 978
 979                 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
 980                 break;
 981         }
 982         case IPPROTO_UDP:
 983         case IPPROTO_UDPLITE:
 984                 poff += sizeof(struct udphdr);
 985                 break;
 986         /* For the rest, we do not really care about header
 987          * extensions at this point for now.
 988          */
 989         case IPPROTO_ICMP:
 990                 poff += sizeof(struct icmphdr);
 991                 break;
 992         case IPPROTO_ICMPV6:
 993                 poff += sizeof(struct icmp6hdr);
 994                 break;
 995         case IPPROTO_IGMP:
 996                 poff += sizeof(struct igmphdr);
 997                 break;
 998         case IPPROTO_DCCP:
 999                 poff += sizeof(struct dccp_hdr);
1000                 break;
1001         case IPPROTO_SCTP:
1002                 poff += sizeof(struct sctphdr);
1003                 break;
1004         }
1005
1006         return poff;
1007 }
1008
1009 /**
1010  * skb_get_poff - get the offset to the payload
1011  * @skb: sk_buff to get the payload offset from
1012  *
1013  * The function will get the offset to the payload as far as it could
1014  * be dissected.  The main user is currently BPF, so that we can dynamically
1015  * truncate packets without needing to push actual payload to the user
1016  * space and can analyze headers only, instead.
1017  */
1018 u32 skb_get_poff(const struct sk_buff *skb)
1019 {
1020         struct flow_keys keys;
1021
1022         if (!skb_flow_dissect_flow_keys(skb, &keys, 0))
1023                 return 0;
1024
1025         return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));
1026 }
1027
1028 __u32 __get_hash_from_flowi6(const struct flowi6 *fl6, struct flow_keys *keys)
1029 {
1030         memset(keys, 0, sizeof(*keys));
1031
1032         memcpy(&keys->addrs.v6addrs.src, &fl6->saddr,
1033             sizeof(keys->addrs.v6addrs.src));
1034         memcpy(&keys->addrs.v6addrs.dst, &fl6->daddr,
1035             sizeof(keys->addrs.v6addrs.dst));
1036         keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
1037         keys->ports.src = fl6->fl6_sport;
1038         keys->ports.dst = fl6->fl6_dport;
1039         keys->keyid.keyid = fl6->fl6_gre_key;
1040         keys->tags.flow_label = (__force u32)fl6->flowlabel;
1041         keys->basic.ip_proto = fl6->flowi6_proto;
1042
1043         return flow_hash_from_keys(keys);
1044 }
1045 EXPORT_SYMBOL(__get_hash_from_flowi6);
1046
1047 __u32 __get_hash_from_flowi4(const struct flowi4 *fl4, struct flow_keys *keys)
1048 {
1049         memset(keys, 0, sizeof(*keys));
1050
1051         keys->addrs.v4addrs.src = fl4->saddr;
1052         keys->addrs.v4addrs.dst = fl4->daddr;
1053         keys->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
1054         keys->ports.src = fl4->fl4_sport;
1055         keys->ports.dst = fl4->fl4_dport;
1056         keys->keyid.keyid = fl4->fl4_gre_key;
1057         keys->basic.ip_proto = fl4->flowi4_proto;
1058
1059         return flow_hash_from_keys(keys);
1060 }
1061 EXPORT_SYMBOL(__get_hash_from_flowi4);
1062
1063 static const struct flow_dissector_key flow_keys_dissector_keys[] = {
1064         {
1065                 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1066                 .offset = offsetof(struct flow_keys, control),
1067         },
1068         {
1069                 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1070                 .offset = offsetof(struct flow_keys, basic),
1071         },
1072         {
1073                 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1074                 .offset = offsetof(struct flow_keys, addrs.v4addrs),
1075         },
1076         {
1077                 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1078                 .offset = offsetof(struct flow_keys, addrs.v6addrs),
1079         },
1080         {
1081                 .key_id = FLOW_DISSECTOR_KEY_TIPC_ADDRS,
1082                 .offset = offsetof(struct flow_keys, addrs.tipcaddrs),
1083         },
1084         {
1085                 .key_id = FLOW_DISSECTOR_KEY_PORTS,
1086                 .offset = offsetof(struct flow_keys, ports),
1087         },
1088         {
1089                 .key_id = FLOW_DISSECTOR_KEY_VLAN,
1090                 .offset = offsetof(struct flow_keys, vlan),
1091         },
1092         {
1093                 .key_id = FLOW_DISSECTOR_KEY_FLOW_LABEL,
1094                 .offset = offsetof(struct flow_keys, tags),
1095         },
1096         {
1097                 .key_id = FLOW_DISSECTOR_KEY_GRE_KEYID,
1098                 .offset = offsetof(struct flow_keys, keyid),
1099         },
1100 };
1101
1102 static const struct flow_dissector_key flow_keys_dissector_symmetric_keys[] = {
1103         {
1104                 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1105                 .offset = offsetof(struct flow_keys, control),
1106         },
1107         {
1108                 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1109                 .offset = offsetof(struct flow_keys, basic),
1110         },
1111         {
1112                 .key_id = FLOW_DISSECTOR_KEY_IPV4_ADDRS,
1113                 .offset = offsetof(struct flow_keys, addrs.v4addrs),
1114         },
1115         {
1116                 .key_id = FLOW_DISSECTOR_KEY_IPV6_ADDRS,
1117                 .offset = offsetof(struct flow_keys, addrs.v6addrs),
1118         },
1119         {
1120                 .key_id = FLOW_DISSECTOR_KEY_PORTS,
1121                 .offset = offsetof(struct flow_keys, ports),
1122         },
1123 };
1124
1125 static const struct flow_dissector_key flow_keys_buf_dissector_keys[] = {
1126         {
1127                 .key_id = FLOW_DISSECTOR_KEY_CONTROL,
1128                 .offset = offsetof(struct flow_keys, control),
1129         },
1130         {
1131                 .key_id = FLOW_DISSECTOR_KEY_BASIC,
1132                 .offset = offsetof(struct flow_keys, basic),
1133         },
1134 };
1135
1136 struct flow_dissector flow_keys_dissector __read_mostly;
1137 EXPORT_SYMBOL(flow_keys_dissector);
1138
1139 struct flow_dissector flow_keys_buf_dissector __read_mostly;
1140
1141 static int __init init_default_flow_dissectors(void)
1142 {
1143         skb_flow_dissector_init(&flow_keys_dissector,
1144                                 flow_keys_dissector_keys,
1145                                 ARRAY_SIZE(flow_keys_dissector_keys));
1146         skb_flow_dissector_init(&flow_keys_dissector_symmetric,
1147                                 flow_keys_dissector_symmetric_keys,
1148                                 ARRAY_SIZE(flow_keys_dissector_symmetric_keys));
1149         skb_flow_dissector_init(&flow_keys_buf_dissector,
1150                                 flow_keys_buf_dissector_keys,
1151                                 ARRAY_SIZE(flow_keys_buf_dissector_keys));
1152         return 0;
1153 }
1154
1155 core_initcall(init_default_flow_dissectors);