1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NET_FLOW_DISSECTOR_H 3 #define _NET_FLOW_DISSECTOR_H 4 5 #include <linux/types.h> 6 #include <linux/in6.h> 7 #include <linux/siphash.h> 8 #include <uapi/linux/if_ether.h> 9 10 /** 11 * struct flow_dissector_key_control: 12 * @thoff: Transport header offset 13 */ 14 struct flow_dissector_key_control { 15 u16 thoff; 16 u16 addr_type; 17 u32 flags; 18 }; 19 20 #define FLOW_DIS_IS_FRAGMENT BIT(0) 21 #define FLOW_DIS_FIRST_FRAG BIT(1) 22 #define FLOW_DIS_ENCAPSULATION BIT(2) 23 24 enum flow_dissect_ret { 25 FLOW_DISSECT_RET_OUT_GOOD, 26 FLOW_DISSECT_RET_OUT_BAD, 27 FLOW_DISSECT_RET_PROTO_AGAIN, 28 FLOW_DISSECT_RET_IPPROTO_AGAIN, 29 FLOW_DISSECT_RET_CONTINUE, 30 }; 31 32 /** 33 * struct flow_dissector_key_basic: 34 * @thoff: Transport header offset 35 * @n_proto: Network header protocol (eg. IPv4/IPv6) 36 * @ip_proto: Transport header protocol (eg. TCP/UDP) 37 */ 38 struct flow_dissector_key_basic { 39 __be16 n_proto; 40 u8 ip_proto; 41 u8 padding; 42 }; 43 44 struct flow_dissector_key_tags { 45 u32 flow_label; 46 }; 47 48 struct flow_dissector_key_vlan { 49 u16 vlan_id:12, 50 vlan_dei:1, 51 vlan_priority:3; 52 __be16 vlan_tpid; 53 }; 54 55 struct flow_dissector_key_mpls { 56 u32 mpls_ttl:8, 57 mpls_bos:1, 58 mpls_tc:3, 59 mpls_label:20; 60 }; 61 62 #define FLOW_DIS_TUN_OPTS_MAX 255 63 /** 64 * struct flow_dissector_key_enc_opts: 65 * @data: tunnel option data 66 * @len: length of tunnel option data 67 * @dst_opt_type: tunnel option type 68 */ 69 struct flow_dissector_key_enc_opts { 70 u8 data[FLOW_DIS_TUN_OPTS_MAX]; /* Using IP_TUNNEL_OPTS_MAX is desired 71 * here but seems difficult to #include 72 */ 73 u8 len; 74 __be16 dst_opt_type; 75 }; 76 77 struct flow_dissector_key_keyid { 78 __be32 keyid; 79 }; 80 81 /** 82 * struct flow_dissector_key_ipv4_addrs: 83 * @src: source ip address 84 * @dst: destination ip address 85 */ 86 struct flow_dissector_key_ipv4_addrs { 87 /* (src,dst) must be grouped, in the same way than in IP header */ 88 __be32 src; 89 __be32 dst; 90 }; 91 92 /** 93 * struct flow_dissector_key_ipv6_addrs: 94 * @src: source ip address 95 * @dst: destination ip address 96 */ 97 struct flow_dissector_key_ipv6_addrs { 98 /* (src,dst) must be grouped, in the same way than in IP header */ 99 struct in6_addr src; 100 struct in6_addr dst; 101 }; 102 103 /** 104 * struct flow_dissector_key_tipc: 105 * @key: source node address combined with selector 106 */ 107 struct flow_dissector_key_tipc { 108 __be32 key; 109 }; 110 111 /** 112 * struct flow_dissector_key_addrs: 113 * @v4addrs: IPv4 addresses 114 * @v6addrs: IPv6 addresses 115 */ 116 struct flow_dissector_key_addrs { 117 union { 118 struct flow_dissector_key_ipv4_addrs v4addrs; 119 struct flow_dissector_key_ipv6_addrs v6addrs; 120 struct flow_dissector_key_tipc tipckey; 121 }; 122 }; 123 124 /** 125 * flow_dissector_key_arp: 126 * @ports: Operation, source and target addresses for an ARP header 127 * for Ethernet hardware addresses and IPv4 protocol addresses 128 * sip: Sender IP address 129 * tip: Target IP address 130 * op: Operation 131 * sha: Sender hardware address 132 * tpa: Target hardware address 133 */ 134 struct flow_dissector_key_arp { 135 __u32 sip; 136 __u32 tip; 137 __u8 op; 138 unsigned char sha[ETH_ALEN]; 139 unsigned char tha[ETH_ALEN]; 140 }; 141 142 /** 143 * flow_dissector_key_tp_ports: 144 * @ports: port numbers of Transport header 145 * src: source port number 146 * dst: destination port number 147 */ 148 struct flow_dissector_key_ports { 149 union { 150 __be32 ports; 151 struct { 152 __be16 src; 153 __be16 dst; 154 }; 155 }; 156 }; 157 158 /** 159 * flow_dissector_key_icmp: 160 * @ports: type and code of ICMP header 161 * icmp: ICMP type (high) and code (low) 162 * type: ICMP type 163 * code: ICMP code 164 */ 165 struct flow_dissector_key_icmp { 166 union { 167 __be16 icmp; 168 struct { 169 u8 type; 170 u8 code; 171 }; 172 }; 173 }; 174 175 /** 176 * struct flow_dissector_key_eth_addrs: 177 * @src: source Ethernet address 178 * @dst: destination Ethernet address 179 */ 180 struct flow_dissector_key_eth_addrs { 181 /* (dst,src) must be grouped, in the same way than in ETH header */ 182 unsigned char dst[ETH_ALEN]; 183 unsigned char src[ETH_ALEN]; 184 }; 185 186 /** 187 * struct flow_dissector_key_tcp: 188 * @flags: flags 189 */ 190 struct flow_dissector_key_tcp { 191 __be16 flags; 192 }; 193 194 /** 195 * struct flow_dissector_key_ip: 196 * @tos: tos 197 * @ttl: ttl 198 */ 199 struct flow_dissector_key_ip { 200 __u8 tos; 201 __u8 ttl; 202 }; 203 204 /** 205 * struct flow_dissector_key_meta: 206 * @ingress_ifindex: ingress ifindex 207 */ 208 struct flow_dissector_key_meta { 209 int ingress_ifindex; 210 }; 211 212 /** 213 * struct flow_dissector_key_ct: 214 * @ct_state: conntrack state after converting with map 215 * @ct_mark: conttrack mark 216 * @ct_zone: conntrack zone 217 * @ct_labels: conntrack labels 218 */ 219 struct flow_dissector_key_ct { 220 u16 ct_state; 221 u16 ct_zone; 222 u32 ct_mark; 223 u32 ct_labels[4]; 224 }; 225 226 enum flow_dissector_key_id { 227 FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */ 228 FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */ 229 FLOW_DISSECTOR_KEY_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 230 FLOW_DISSECTOR_KEY_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 231 FLOW_DISSECTOR_KEY_PORTS, /* struct flow_dissector_key_ports */ 232 FLOW_DISSECTOR_KEY_ICMP, /* struct flow_dissector_key_icmp */ 233 FLOW_DISSECTOR_KEY_ETH_ADDRS, /* struct flow_dissector_key_eth_addrs */ 234 FLOW_DISSECTOR_KEY_TIPC, /* struct flow_dissector_key_tipc */ 235 FLOW_DISSECTOR_KEY_ARP, /* struct flow_dissector_key_arp */ 236 FLOW_DISSECTOR_KEY_VLAN, /* struct flow_dissector_key_vlan */ 237 FLOW_DISSECTOR_KEY_FLOW_LABEL, /* struct flow_dissector_key_tags */ 238 FLOW_DISSECTOR_KEY_GRE_KEYID, /* struct flow_dissector_key_keyid */ 239 FLOW_DISSECTOR_KEY_MPLS_ENTROPY, /* struct flow_dissector_key_keyid */ 240 FLOW_DISSECTOR_KEY_ENC_KEYID, /* struct flow_dissector_key_keyid */ 241 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, /* struct flow_dissector_key_ipv4_addrs */ 242 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, /* struct flow_dissector_key_ipv6_addrs */ 243 FLOW_DISSECTOR_KEY_ENC_CONTROL, /* struct flow_dissector_key_control */ 244 FLOW_DISSECTOR_KEY_ENC_PORTS, /* struct flow_dissector_key_ports */ 245 FLOW_DISSECTOR_KEY_MPLS, /* struct flow_dissector_key_mpls */ 246 FLOW_DISSECTOR_KEY_TCP, /* struct flow_dissector_key_tcp */ 247 FLOW_DISSECTOR_KEY_IP, /* struct flow_dissector_key_ip */ 248 FLOW_DISSECTOR_KEY_CVLAN, /* struct flow_dissector_key_vlan */ 249 FLOW_DISSECTOR_KEY_ENC_IP, /* struct flow_dissector_key_ip */ 250 FLOW_DISSECTOR_KEY_ENC_OPTS, /* struct flow_dissector_key_enc_opts */ 251 FLOW_DISSECTOR_KEY_META, /* struct flow_dissector_key_meta */ 252 FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */ 253 254 FLOW_DISSECTOR_KEY_MAX, 255 }; 256 257 #define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0) 258 #define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1) 259 #define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2) 260 261 struct flow_dissector_key { 262 enum flow_dissector_key_id key_id; 263 size_t offset; /* offset of struct flow_dissector_key_* 264 in target the struct */ 265 }; 266 267 struct flow_dissector { 268 unsigned int used_keys; /* each bit repesents presence of one key id */ 269 unsigned short int offset[FLOW_DISSECTOR_KEY_MAX]; 270 }; 271 272 struct flow_keys_basic { 273 struct flow_dissector_key_control control; 274 struct flow_dissector_key_basic basic; 275 }; 276 277 struct flow_keys { 278 struct flow_dissector_key_control control; 279 #define FLOW_KEYS_HASH_START_FIELD basic 280 struct flow_dissector_key_basic basic __aligned(SIPHASH_ALIGNMENT); 281 struct flow_dissector_key_tags tags; 282 struct flow_dissector_key_vlan vlan; 283 struct flow_dissector_key_vlan cvlan; 284 struct flow_dissector_key_keyid keyid; 285 struct flow_dissector_key_ports ports; 286 struct flow_dissector_key_addrs addrs; 287 }; 288 289 #define FLOW_KEYS_HASH_OFFSET \ 290 offsetof(struct flow_keys, FLOW_KEYS_HASH_START_FIELD) 291 292 __be32 flow_get_u32_src(const struct flow_keys *flow); 293 __be32 flow_get_u32_dst(const struct flow_keys *flow); 294 295 extern struct flow_dissector flow_keys_dissector; 296 extern struct flow_dissector flow_keys_basic_dissector; 297 298 /* struct flow_keys_digest: 299 * 300 * This structure is used to hold a digest of the full flow keys. This is a 301 * larger "hash" of a flow to allow definitively matching specific flows where 302 * the 32 bit skb->hash is not large enough. The size is limited to 16 bytes so 303 * that it can be used in CB of skb (see sch_choke for an example). 304 */ 305 #define FLOW_KEYS_DIGEST_LEN 16 306 struct flow_keys_digest { 307 u8 data[FLOW_KEYS_DIGEST_LEN]; 308 }; 309 310 void make_flow_keys_digest(struct flow_keys_digest *digest, 311 const struct flow_keys *flow); 312 313 static inline bool flow_keys_have_l4(const struct flow_keys *keys) 314 { 315 return (keys->ports.ports || keys->tags.flow_label); 316 } 317 318 u32 flow_hash_from_keys(struct flow_keys *keys); 319 320 static inline bool dissector_uses_key(const struct flow_dissector *flow_dissector, 321 enum flow_dissector_key_id key_id) 322 { 323 return flow_dissector->used_keys & (1 << key_id); 324 } 325 326 static inline void *skb_flow_dissector_target(struct flow_dissector *flow_dissector, 327 enum flow_dissector_key_id key_id, 328 void *target_container) 329 { 330 return ((char *)target_container) + flow_dissector->offset[key_id]; 331 } 332 333 struct bpf_flow_dissector { 334 struct bpf_flow_keys *flow_keys; 335 const struct sk_buff *skb; 336 void *data; 337 void *data_end; 338 }; 339 340 #endif 341