net: flow_dissector: Add IPSEC dissector

Support for dissecting IPSEC field SPI (which is
32bits in size) for ESP and AH packets.

Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index 830f06b..1a7131d 100644 (file)
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -302,6 +302,14 @@ struct flow_dissector_key_l2tpv3 {
 };
 
 /**
+ * struct flow_dissector_key_ipsec:
+ * @spi: identifier for a ipsec connection
+ */
+struct flow_dissector_key_ipsec {
+       __be32 spi;
+};
+
+/**
  * struct flow_dissector_key_cfm
  * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
  * @opcode: code specifying a type of cfm protocol packet
@@ -354,6 +362,7 @@ enum flow_dissector_key_id {
        FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
        FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
        FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
+       FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
 
        FLOW_DISSECTOR_KEY_MAX,
 };

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index ed5dfa3..89d15ce 100644 (file)
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -205,6 +205,50 @@ static void __skb_flow_dissect_icmp(const struct sk_buff *skb,
        skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen);
 }
 
+static void __skb_flow_dissect_ah(const struct sk_buff *skb,
+                                 struct flow_dissector *flow_dissector,
+                                 void *target_container, const void *data,
+                                 int nhoff, int hlen)
+{
+       struct flow_dissector_key_ipsec *key_ah;
+       struct ip_auth_hdr _hdr, *hdr;
+
+       if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))
+               return;
+
+       hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
+       if (!hdr)
+               return;
+
+       key_ah = skb_flow_dissector_target(flow_dissector,
+                                          FLOW_DISSECTOR_KEY_IPSEC,
+                                          target_container);
+
+       key_ah->spi = hdr->spi;
+}
+
+static void __skb_flow_dissect_esp(const struct sk_buff *skb,
+                                  struct flow_dissector *flow_dissector,
+                                  void *target_container, const void *data,
+                                  int nhoff, int hlen)
+{
+       struct flow_dissector_key_ipsec *key_esp;
+       struct ip_esp_hdr _hdr, *hdr;
+
+       if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))
+               return;
+
+       hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
+       if (!hdr)
+               return;
+
+       key_esp = skb_flow_dissector_target(flow_dissector,
+                                           FLOW_DISSECTOR_KEY_IPSEC,
+                                           target_container);
+
+       key_esp->spi = hdr->spi;
+}
+
 static void __skb_flow_dissect_l2tpv3(const struct sk_buff *skb,
                                      struct flow_dissector *flow_dissector,
                                      void *target_container, const void *data,
@@ -1571,7 +1615,14 @@ ip_proto_again:
                __skb_flow_dissect_l2tpv3(skb, flow_dissector, target_container,
                                          data, nhoff, hlen);
                break;
-
+       case IPPROTO_ESP:
+               __skb_flow_dissect_esp(skb, flow_dissector, target_container,
+                                      data, nhoff, hlen);
+               break;
+       case IPPROTO_AH:
+               __skb_flow_dissect_ah(skb, flow_dissector, target_container,
+                                     data, nhoff, hlen);
+               break;
        default:
                break;
        }