@@ -3554,7 +3554,7 @@ static bool bond_flow_dissect(struct bonding *bond, struct sk_buff *skb,
case BOND_XMIT_POLICY_ENCAP34:
memset(fk, 0, sizeof(*fk));
return __skb_flow_dissect(NULL, skb, &flow_keys_bonding,
- fk, NULL, 0, 0, 0, 0);
+ fk, NULL, 0, 0, 0, 0, NULL);
default:
break;
}
@@ -1312,18 +1312,20 @@ struct bpf_flow_dissector;
bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
__be16 proto, int nhoff, int hlen, unsigned int flags);
+struct virtio_net_hdr;
bool __skb_flow_dissect(const struct net *net,
const struct sk_buff *skb,
struct flow_dissector *flow_dissector,
void *target_container, const void *data,
- __be16 proto, int nhoff, int hlen, unsigned int flags);
+ __be16 proto, int nhoff, int hlen, unsigned int flags,
+ const struct virtio_net_hdr *vhdr);
static inline bool skb_flow_dissect(const struct sk_buff *skb,
struct flow_dissector *flow_dissector,
void *target_container, unsigned int flags)
{
return __skb_flow_dissect(NULL, skb, flow_dissector,
- target_container, NULL, 0, 0, 0, flags);
+ target_container, NULL, 0, 0, 0, flags, NULL);
}
static inline bool skb_flow_dissect_flow_keys(const struct sk_buff *skb,
@@ -1332,7 +1334,20 @@ static inline bool skb_flow_dissect_flow_keys(const struct sk_buff *skb,
{
memset(flow, 0, sizeof(*flow));
return __skb_flow_dissect(NULL, skb, &flow_keys_dissector,
- flow, NULL, 0, 0, 0, flags);
+ flow, NULL, 0, 0, 0, flags, NULL);
+}
+
+static inline bool
+__skb_flow_dissect_flow_keys_basic(const struct net *net,
+ const struct sk_buff *skb,
+ struct flow_keys_basic *flow,
+ const void *data, __be16 proto,
+ int nhoff, int hlen, unsigned int flags,
+ const struct virtio_net_hdr *vhdr)
+{
+ memset(flow, 0, sizeof(*flow));
+ return __skb_flow_dissect(net, skb, &flow_keys_basic_dissector, flow,
+ data, proto, nhoff, hlen, flags, vhdr);
}
static inline bool
@@ -1342,9 +1357,8 @@ skb_flow_dissect_flow_keys_basic(const struct net *net,
const void *data, __be16 proto,
int nhoff, int hlen, unsigned int flags)
{
- memset(flow, 0, sizeof(*flow));
- return __skb_flow_dissect(net, skb, &flow_keys_basic_dissector, flow,
- data, proto, nhoff, hlen, flags);
+ return __skb_flow_dissect_flow_keys_basic(net, skb, flow, data, proto,
+ nhoff, hlen, flags, NULL);
}
void skb_flow_dissect_meta(const struct sk_buff *skb,
@@ -370,6 +370,12 @@ struct bpf_flow_dissector {
const struct sk_buff *skb;
const void *data;
const void *data_end;
+ __u8 vhdr_flags;
+ __u8 vhdr_gso_type;
+ __u16 vhdr_hdr_len;
+ __u16 vhdr_gso_size;
+ __u16 vhdr_csum_start;
+ __u16 vhdr_csum_offset;
};
static inline void
@@ -5155,6 +5155,12 @@ struct __sk_buff {
__u32 gso_segs;
__bpf_md_ptr(struct bpf_sock *, sk);
__u32 gso_size;
+ __u8 vhdr_flags;
+ __u8 vhdr_gso_type;
+ __u16 vhdr_hdr_len;
+ __u16 vhdr_gso_size;
+ __u16 vhdr_csum_start;
+ __u16 vhdr_csum_offset;
};
struct bpf_tunnel_key {
@@ -8358,6 +8358,16 @@ static bool flow_dissector_is_valid_access(int off, int size,
return false;
info->reg_type = PTR_TO_FLOW_KEYS;
return true;
+ case bpf_ctx_range(struct __sk_buff, len):
+ return size == size_default;
+ case bpf_ctx_range(struct __sk_buff, vhdr_flags):
+ case bpf_ctx_range(struct __sk_buff, vhdr_gso_type):
+ return size == sizeof(__u8);
+ case bpf_ctx_range(struct __sk_buff, vhdr_hdr_len):
+ case bpf_ctx_range(struct __sk_buff, vhdr_gso_size):
+ case bpf_ctx_range(struct __sk_buff, vhdr_csum_start):
+ case bpf_ctx_range(struct __sk_buff, vhdr_csum_offset):
+ return size == sizeof(__u16);
default:
return false;
}
@@ -8390,6 +8400,51 @@ static u32 flow_dissector_convert_ctx_access(enum bpf_access_type type,
si->dst_reg, si->src_reg,
offsetof(struct bpf_flow_dissector, flow_keys));
break;
+
+ case offsetof(struct __sk_buff, vhdr_flags):
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, vhdr_flags),
+ si->dst_reg, si->src_reg,
+ offsetof(struct bpf_flow_dissector, vhdr_flags));
+ break;
+
+ case offsetof(struct __sk_buff, vhdr_gso_type):
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, vhdr_gso_type),
+ si->dst_reg, si->src_reg,
+ offsetof(struct bpf_flow_dissector, vhdr_gso_type));
+ break;
+
+ case offsetof(struct __sk_buff, vhdr_hdr_len):
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, vhdr_hdr_len),
+ si->dst_reg, si->src_reg,
+ offsetof(struct bpf_flow_dissector, vhdr_hdr_len));
+ break;
+
+ case offsetof(struct __sk_buff, vhdr_gso_size):
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, vhdr_gso_size),
+ si->dst_reg, si->src_reg,
+ offsetof(struct bpf_flow_dissector, vhdr_gso_size));
+ break;
+
+ case offsetof(struct __sk_buff, vhdr_csum_start):
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, vhdr_csum_start),
+ si->dst_reg, si->src_reg,
+ offsetof(struct bpf_flow_dissector, vhdr_csum_start));
+ break;
+
+ case offsetof(struct __sk_buff, vhdr_csum_offset):
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, vhdr_csum_offset),
+ si->dst_reg, si->src_reg,
+ offsetof(struct bpf_flow_dissector, vhdr_csum_offset));
+ break;
+
+ case offsetof(struct __sk_buff, len):
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct bpf_flow_dissector, skb),
+ si->dst_reg, si->src_reg,
+ offsetof(struct bpf_flow_dissector, skb));
+ *insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, len),
+ si->dst_reg, si->dst_reg,
+ offsetof(struct sk_buff, len));
+ break;
}
return insn - insn_buf;
@@ -28,6 +28,7 @@
#include <scsi/fc/fc_fcoe.h>
#include <uapi/linux/batadv_packet.h>
#include <linux/bpf.h>
+#include <linux/virtio_net.h>
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
#include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/nf_conntrack_labels.h>
@@ -904,6 +905,7 @@ bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
* @hlen: packet header length, if @data is NULL use skb_headlen(skb)
* @flags: flags that control the dissection process, e.g.
* FLOW_DISSECTOR_F_STOP_AT_ENCAP.
+ * @vhdr: virtio_net_header to include in kernel context for BPF flow dissector
*
* The function will try to retrieve individual keys into target specified
* by flow_dissector from either the skbuff or a raw buffer specified by the
@@ -915,7 +917,8 @@ bool __skb_flow_dissect(const struct net *net,
const struct sk_buff *skb,
struct flow_dissector *flow_dissector,
void *target_container, const void *data,
- __be16 proto, int nhoff, int hlen, unsigned int flags)
+ __be16 proto, int nhoff, int hlen, unsigned int flags,
+ const struct virtio_net_hdr *vhdr)
{
struct flow_dissector_key_control *key_control;
struct flow_dissector_key_basic *key_basic;
@@ -1001,6 +1004,23 @@ bool __skb_flow_dissect(const struct net *net,
__be16 n_proto = proto;
struct bpf_prog *prog;
+ if (vhdr) {
+ ctx.vhdr_flags = vhdr->flags;
+ ctx.vhdr_gso_type = vhdr->gso_type;
+ ctx.vhdr_hdr_len =
+ __virtio16_to_cpu(virtio_legacy_is_little_endian(),
+ vhdr->hdr_len);
+ ctx.vhdr_gso_size =
+ __virtio16_to_cpu(virtio_legacy_is_little_endian(),
+ vhdr->gso_size);
+ ctx.vhdr_csum_start =
+ __virtio16_to_cpu(virtio_legacy_is_little_endian(),
+ vhdr->csum_start);
+ ctx.vhdr_csum_offset =
+ __virtio16_to_cpu(virtio_legacy_is_little_endian(),
+ vhdr->csum_offset);
+ }
+
if (skb) {
ctx.skb = skb;
/* we can't use 'proto' in the skb case
@@ -1610,7 +1630,7 @@ u32 __skb_get_hash_symmetric(const struct sk_buff *skb)
memset(&keys, 0, sizeof(keys));
__skb_flow_dissect(NULL, skb, &flow_keys_dissector_symmetric,
&keys, NULL, 0, 0, 0,
- FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);
+ FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL, NULL);
return __flow_hash_from_keys(&keys, &hashrnd);
}
@@ -5155,6 +5155,12 @@ struct __sk_buff {
__u32 gso_segs;
__bpf_md_ptr(struct bpf_sock *, sk);
__u32 gso_size;
+ __u8 vhdr_flags;
+ __u8 vhdr_gso_type;
+ __u16 vhdr_hdr_len;
+ __u16 vhdr_gso_size;
+ __u16 vhdr_csum_start;
+ __u16 vhdr_csum_offset;
};
struct bpf_tunnel_key {