1 #include <linux/skbuff.h>
2 #include <linux/export.h>
4 #include <linux/ipv6.h>
5 #include <linux/if_vlan.h>
8 #include <linux/igmp.h>
9 #include <linux/icmp.h>
10 #include <linux/sctp.h>
11 #include <linux/dccp.h>
12 #include <linux/if_tunnel.h>
13 #include <linux/if_pppox.h>
14 #include <linux/ppp_defs.h>
15 #include <net/flow_dissector.h>
16 #include <scsi/fc/fc_fcoe.h>
18 /* copy saddr & daddr, possibly using 64bit load/store
19 * Equivalent to : flow->src = iph->saddr;
20 * flow->dst = iph->daddr;
22 static void iph_to_flow_copy_addrs(struct flow_keys *flow, const struct iphdr *iph)
24 BUILD_BUG_ON(offsetof(typeof(*flow), dst) !=
25 offsetof(typeof(*flow), src) + sizeof(flow->src));
26 memcpy(&flow->src, &iph->saddr, sizeof(flow->src) + sizeof(flow->dst));
30 * __skb_flow_get_ports - extract the upper layer ports and return them
31 * @skb: sk_buff to extract the ports from
32 * @thoff: transport header offset
33 * @ip_proto: protocol for which to get port offset
34 * @data: raw buffer pointer to the packet, if NULL use skb->data
35 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
37 * The function will try to retrieve the ports at offset thoff + poff where poff
38 * is the protocol port offset returned from proto_ports_offset
40 __be32 __skb_flow_get_ports(const struct sk_buff *skb, int thoff, u8 ip_proto,
43 int poff = proto_ports_offset(ip_proto);
47 hlen = skb_headlen(skb);
51 __be32 *ports, _ports;
53 ports = __skb_header_pointer(skb, thoff + poff,
54 sizeof(_ports), data, hlen, &_ports);
61 EXPORT_SYMBOL(__skb_flow_get_ports);
64 * __skb_flow_dissect - extract the flow_keys struct and return it
65 * @skb: sk_buff to extract the flow from, can be NULL if the rest are specified
66 * @data: raw buffer pointer to the packet, if NULL use skb->data
67 * @proto: protocol for which to get the flow, if @data is NULL use skb->protocol
68 * @nhoff: network header offset, if @data is NULL use skb_network_offset(skb)
69 * @hlen: packet header length, if @data is NULL use skb_headlen(skb)
71 * The function will try to retrieve the struct flow_keys from either the skbuff
72 * or a raw buffer specified by the rest parameters
74 bool __skb_flow_dissect(const struct sk_buff *skb, struct flow_keys *flow,
75 void *data, __be16 proto, int nhoff, int hlen)
81 proto = skb->protocol;
82 nhoff = skb_network_offset(skb);
83 hlen = skb_headlen(skb);
86 memset(flow, 0, sizeof(*flow));
90 case htons(ETH_P_IP): {
91 const struct iphdr *iph;
94 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
95 if (!iph || iph->ihl < 5)
97 nhoff += iph->ihl * 4;
99 ip_proto = iph->protocol;
100 if (ip_is_fragment(iph))
103 /* skip the address processing if skb is NULL. The assumption
104 * here is that if there is no skb we are not looking for flow
105 * info but lengths and protocols.
110 iph_to_flow_copy_addrs(flow, iph);
113 case htons(ETH_P_IPV6): {
114 const struct ipv6hdr *iph;
119 iph = __skb_header_pointer(skb, nhoff, sizeof(_iph), data, hlen, &_iph);
123 ip_proto = iph->nexthdr;
124 nhoff += sizeof(struct ipv6hdr);
126 /* see comment above in IPv4 section */
130 flow->src = (__force __be32)ipv6_addr_hash(&iph->saddr);
131 flow->dst = (__force __be32)ipv6_addr_hash(&iph->daddr);
133 flow_label = ip6_flowlabel(iph);
135 /* Awesome, IPv6 packet has a flow label so we can
136 * use that to represent the ports without any
137 * further dissection.
139 flow->n_proto = proto;
140 flow->ip_proto = ip_proto;
141 flow->ports = flow_label;
142 flow->thoff = (u16)nhoff;
149 case htons(ETH_P_8021AD):
150 case htons(ETH_P_8021Q): {
151 const struct vlan_hdr *vlan;
152 struct vlan_hdr _vlan;
154 vlan = __skb_header_pointer(skb, nhoff, sizeof(_vlan), data, hlen, &_vlan);
158 proto = vlan->h_vlan_encapsulated_proto;
159 nhoff += sizeof(*vlan);
162 case htons(ETH_P_PPP_SES): {
164 struct pppoe_hdr hdr;
167 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
171 nhoff += PPPOE_SES_HLEN;
175 case htons(PPP_IPV6):
181 case htons(ETH_P_TIPC): {
186 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
189 flow->src = hdr->srcnode;
191 flow->n_proto = proto;
192 flow->thoff = (u16)nhoff;
195 case htons(ETH_P_FCOE):
196 flow->thoff = (u16)(nhoff + FCOE_HEADER_LEN);
209 hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
213 * Only look inside GRE if version zero and no
216 if (!(hdr->flags & (GRE_VERSION|GRE_ROUTING))) {
219 if (hdr->flags & GRE_CSUM)
221 if (hdr->flags & GRE_KEY)
223 if (hdr->flags & GRE_SEQ)
225 if (proto == htons(ETH_P_TEB)) {
226 const struct ethhdr *eth;
229 eth = __skb_header_pointer(skb, nhoff,
234 proto = eth->h_proto;
235 nhoff += sizeof(*eth);
242 proto = htons(ETH_P_IP);
245 proto = htons(ETH_P_IPV6);
251 flow->n_proto = proto;
252 flow->ip_proto = ip_proto;
253 flow->thoff = (u16) nhoff;
255 /* unless skb is set we don't need to record port info */
257 flow->ports = __skb_flow_get_ports(skb, nhoff, ip_proto,
262 EXPORT_SYMBOL(__skb_flow_dissect);
264 static u32 hashrnd __read_mostly;
265 static __always_inline void __flow_hash_secret_init(void)
267 net_get_random_once(&hashrnd, sizeof(hashrnd));
270 static __always_inline u32 __flow_hash_3words(u32 a, u32 b, u32 c, u32 keyval)
272 return jhash_3words(a, b, c, keyval);
275 static inline u32 __flow_hash_from_keys(struct flow_keys *keys, u32 keyval)
279 /* get a consistent hash (same value on both flow directions) */
280 if (((__force u32)keys->dst < (__force u32)keys->src) ||
281 (((__force u32)keys->dst == (__force u32)keys->src) &&
282 ((__force u16)keys->port16[1] < (__force u16)keys->port16[0]))) {
283 swap(keys->dst, keys->src);
284 swap(keys->port16[0], keys->port16[1]);
287 hash = __flow_hash_3words((__force u32)keys->dst,
288 (__force u32)keys->src,
289 (__force u32)keys->ports,
297 u32 flow_hash_from_keys(struct flow_keys *keys)
299 __flow_hash_secret_init();
300 return __flow_hash_from_keys(keys, hashrnd);
302 EXPORT_SYMBOL(flow_hash_from_keys);
304 static inline u32 ___skb_get_hash(const struct sk_buff *skb,
305 struct flow_keys *keys, u32 keyval)
307 if (!skb_flow_dissect(skb, keys))
310 return __flow_hash_from_keys(keys, keyval);
313 struct _flow_keys_digest_data {
322 void make_flow_keys_digest(struct flow_keys_digest *digest,
323 const struct flow_keys *flow)
325 struct _flow_keys_digest_data *data =
326 (struct _flow_keys_digest_data *)digest;
328 BUILD_BUG_ON(sizeof(*data) > sizeof(*digest));
330 memset(digest, 0, sizeof(*digest));
332 data->n_proto = flow->n_proto;
333 data->ip_proto = flow->ip_proto;
334 data->ports = flow->ports;
335 data->src = flow->src;
336 data->dst = flow->dst;
338 EXPORT_SYMBOL(make_flow_keys_digest);
341 * __skb_get_hash: calculate a flow hash
342 * @skb: sk_buff to calculate flow hash from
344 * This function calculates a flow hash based on src/dst addresses
345 * and src/dst port numbers. Sets hash in skb to non-zero hash value
346 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
347 * if hash is a canonical 4-tuple hash over transport ports.
349 void __skb_get_hash(struct sk_buff *skb)
351 struct flow_keys keys;
354 __flow_hash_secret_init();
356 hash = ___skb_get_hash(skb, &keys, hashrnd);
364 EXPORT_SYMBOL(__skb_get_hash);
366 __u32 skb_get_hash_perturb(const struct sk_buff *skb, u32 perturb)
368 struct flow_keys keys;
370 return ___skb_get_hash(skb, &keys, perturb);
372 EXPORT_SYMBOL(skb_get_hash_perturb);
374 u32 __skb_get_poff(const struct sk_buff *skb, void *data,
375 const struct flow_keys *keys, int hlen)
377 u32 poff = keys->thoff;
379 switch (keys->ip_proto) {
381 /* access doff as u8 to avoid unaligned access */
385 doff = __skb_header_pointer(skb, poff + 12, sizeof(_doff),
390 poff += max_t(u32, sizeof(struct tcphdr), (*doff & 0xF0) >> 2);
394 case IPPROTO_UDPLITE:
395 poff += sizeof(struct udphdr);
397 /* For the rest, we do not really care about header
398 * extensions at this point for now.
401 poff += sizeof(struct icmphdr);
404 poff += sizeof(struct icmp6hdr);
407 poff += sizeof(struct igmphdr);
410 poff += sizeof(struct dccp_hdr);
413 poff += sizeof(struct sctphdr);
420 /* skb_get_poff() returns the offset to the payload as far as it could
421 * be dissected. The main user is currently BPF, so that we can dynamically
422 * truncate packets without needing to push actual payload to the user
423 * space and can analyze headers only, instead.
425 u32 skb_get_poff(const struct sk_buff *skb)
427 struct flow_keys keys;
429 if (!skb_flow_dissect(skb, &keys))
432 return __skb_get_poff(skb, skb->data, &keys, skb_headlen(skb));