From patchwork Thu Jul 25 15:33:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 1136965 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="Y+nZ4sF3"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45vbpj6MBPz9sDB for ; Fri, 26 Jul 2019 01:33:49 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389019AbfGYPdt (ORCPT ); Thu, 25 Jul 2019 11:33:49 -0400 Received: from mail-pl1-f201.google.com ([209.85.214.201]:54416 "EHLO mail-pl1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388995AbfGYPdt (ORCPT ); Thu, 25 Jul 2019 11:33:49 -0400 Received: by mail-pl1-f201.google.com with SMTP id u10so26502163plq.21 for ; Thu, 25 Jul 2019 08:33:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=BiKfBntvSFGLnKAjRbgK5CvGVATtpbHbwqwm+GPuZM4=; b=Y+nZ4sF3XfsqIdOBUvW6QLFFURKIkSbiN2BirNiVi09bpzTbt/WkF9toIjRNZVRPMc 4Pw7iVR+Ki4t68gxFEEfyi93KvLpti3+lhXOwN0vasftojfM/a3wL/zI5i+FqUthpkYn njLCufcM56Tbum98fAPzBCga//Re2YIbDCNIAtSb3FZ/9OusYh44rykwdB6BIxxFvtoV OHJeb/aSO8tRUoyK68jJvpHWJGiSOZOEJa2v1km7aNETL5ViGKMDXny4x9H/FwDPcTDy wKoWN52AtQ1TZ9zsZGuKNtVpsm0+nVWYZeTEexvSf9b3s+qbyHxzaFQBQZPFpUS2QvXm 6hzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=BiKfBntvSFGLnKAjRbgK5CvGVATtpbHbwqwm+GPuZM4=; b=Ke1PR2IDFfDdjLntcFJNIWVhJ26orMOS4+dXo8XChfeBFlcz82pIUL/9KHAmS6NMqb oXFXL9nTtbr6RFno7dZon6lLMoBA/DKYWPu3qvGF5DpjLTPz6yDUyRpI/mzK13mzK1fF I9n9pvdDIGT5kor/B1morRaZru5U5hxMqlLalfAf3E09vzGOeZPcAtnIRQ93hU2o7cKo 6HLq61aFtXvY4YBS1rfPvzC80feq4PUwh4A2egqA+Y7uyYfFv3jKDlS6GZoOJb1wG6HL LjBF5CuanGCJrQDhDaTpKGu3b7QBkzIFQJ19diWn2aWZCejE0Az+BY/zcHycixUnitRy fCKw== X-Gm-Message-State: APjAAAXYeebE5LPv6WSmkYhUEGTqeMRciTX+myTcba4fUjvJHEdPXCM7 tWw16RFcCbsqlqssfKswOoCNzzc= X-Google-Smtp-Source: APXvYqxZ0SC77ZxbxqR3/hY40el0h/u5xVtOwr2M2vPzJXBpCCswhoYh6QYZSLr8aAqW9Pm73y3YREk= X-Received: by 2002:a63:d23:: with SMTP id c35mr86278020pgl.376.1564068827362; Thu, 25 Jul 2019 08:33:47 -0700 (PDT) Date: Thu, 25 Jul 2019 08:33:36 -0700 In-Reply-To: <20190725153342.3571-1-sdf@google.com> Message-Id: <20190725153342.3571-2-sdf@google.com> Mime-Version: 1.0 References: <20190725153342.3571-1-sdf@google.com> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog Subject: [PATCH bpf-next v2 1/7] bpf/flow_dissector: pass input flags to BPF flow dissector program From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, Stanislav Fomichev , Willem de Bruijn , Song Liu , Petar Penkov Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org C flow dissector supports input flags that tell it to customize parsing by either stopping early or trying to parse as deep as possible. Pass those flags to the BPF flow dissector so it can make the same decisions. In the next commits I'll add support for those flags to our reference bpf_flow.c Acked-by: Willem de Bruijn Acked-by: Song Liu Cc: Song Liu Cc: Willem de Bruijn Cc: Petar Penkov Signed-off-by: Stanislav Fomichev --- include/linux/skbuff.h | 2 +- include/net/flow_dissector.h | 4 ---- include/uapi/linux/bpf.h | 5 +++++ net/bpf/test_run.c | 2 +- net/core/flow_dissector.c | 5 +++-- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 718742b1c505..9b7a8038beec 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -1271,7 +1271,7 @@ static inline int skb_flow_dissector_bpf_prog_detach(const union bpf_attr *attr) struct bpf_flow_dissector; bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx, - __be16 proto, int nhoff, int hlen); + __be16 proto, int nhoff, int hlen, unsigned int flags); bool __skb_flow_dissect(const struct net *net, const struct sk_buff *skb, diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h index 90bd210be060..3e2642587b76 100644 --- a/include/net/flow_dissector.h +++ b/include/net/flow_dissector.h @@ -253,10 +253,6 @@ enum flow_dissector_key_id { FLOW_DISSECTOR_KEY_MAX, }; -#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG BIT(0) -#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL BIT(1) -#define FLOW_DISSECTOR_F_STOP_AT_ENCAP BIT(2) - struct flow_dissector_key { enum flow_dissector_key_id key_id; size_t offset; /* offset of struct flow_dissector_key_* diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index fa1c753dcdbc..b4ad19bd6aa8 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -3507,6 +3507,10 @@ enum bpf_task_fd_type { BPF_FD_TYPE_URETPROBE, /* filename + offset */ }; +#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG (1U << 0) +#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL (1U << 1) +#define FLOW_DISSECTOR_F_STOP_AT_ENCAP (1U << 2) + struct bpf_flow_keys { __u16 nhoff; __u16 thoff; @@ -3528,6 +3532,7 @@ struct bpf_flow_keys { __u32 ipv6_dst[4]; /* in6_addr; network order */ }; }; + __u32 flags; }; struct bpf_func_info { diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index 80e6f3a6864d..4e41d15a1098 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -419,7 +419,7 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, time_start = ktime_get_ns(); for (i = 0; i < repeat; i++) { retval = bpf_flow_dissect(prog, &ctx, eth->h_proto, ETH_HLEN, - size); + size, 0); if (signal_pending(current)) { preempt_enable(); diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 3e6fedb57bc1..a74c4ed1b30d 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -784,7 +784,7 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys, } bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx, - __be16 proto, int nhoff, int hlen) + __be16 proto, int nhoff, int hlen, unsigned int flags) { struct bpf_flow_keys *flow_keys = ctx->flow_keys; u32 result; @@ -794,6 +794,7 @@ bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx, flow_keys->n_proto = proto; flow_keys->nhoff = nhoff; flow_keys->thoff = flow_keys->nhoff; + flow_keys->flags = flags; preempt_disable(); result = BPF_PROG_RUN(prog, ctx); @@ -914,7 +915,7 @@ bool __skb_flow_dissect(const struct net *net, } ret = bpf_flow_dissect(attached, &ctx, n_proto, nhoff, - hlen); + hlen, flags); __skb_flow_bpf_to_target(&flow_keys, flow_dissector, target_container); rcu_read_unlock(); From patchwork Thu Jul 25 15:33:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 1136967 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="dt7Fyk8+"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45vbpn309Xz9sBt for ; Fri, 26 Jul 2019 01:33:53 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389085AbfGYPdw (ORCPT ); Thu, 25 Jul 2019 11:33:52 -0400 Received: from mail-pg1-f201.google.com ([209.85.215.201]:48372 "EHLO mail-pg1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387422AbfGYPdv (ORCPT ); Thu, 25 Jul 2019 11:33:51 -0400 Received: by mail-pg1-f201.google.com with SMTP id k20so30919345pgg.15 for ; Thu, 25 Jul 2019 08:33:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3XbTWLRwhAiceZDqvAg53SxI5TZhBv0wWnTV5f6ZWpg=; b=dt7Fyk8+3nkOtpq+ABH4X03prQxT2jVZTjXOu26LKAUorYfFXPUtf4Ga4R4An4+QjG nFEeh/gkSzoltiMGhEqQJU59mI9wBqex62CDWTPmY8lslLMqnhD2x1zQRbuZ22pFWjeM N5gipQVPdGvFEAQbEFbgt4KZ0xpzQcnhFNZr/GC8M960zYBoAIKayPZ66FI/KV9TzIDb 7s7ayLv9rkUnQgUr36J5AclM/w83bawrgRsmGIr4te5UZrAE4vrToqnuKZES4WXTfwqm gjLRiC9gtNcCHaN14tnkR72BxE0zidXSBB5uEo2+DQpBMEpWn3m/wR5oAtyyKwK6Y1Lv kcEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3XbTWLRwhAiceZDqvAg53SxI5TZhBv0wWnTV5f6ZWpg=; b=lHDJQStYKbnd2luBAG5cC9bd6V+P8orCTal19IWkdjoUQhLluXch0AGwKx5QucTxU6 2p3tRGdiHTMpiTC+XZuiBD8Cza/SZlHgzhwV3VFnwNbQm/dPcJA7/Q5c8nsuEA/69m5s yF8qRVdpaA9SVS4R2bkbP3pZ20VXBAQAkQCDvumP4AJE4d4920FeTbF3gSTqki75plIJ +Y3PbnWAvYX0mLuh+7LN+zNHJ0EKSnf3EmlqBO0zeADlhnqjRzZCYDrBkVJIpg5psUzt XSAws8SY/A7gv0jp/rFnvMRGaO1Hihmhl/gJuAsm97yUreQ76b1YHN8dPwJrWb5oIzTR 6wrw== X-Gm-Message-State: APjAAAWdQHnVBRHTGduB62HUz2YSkW55izR6x3rZtjcgKBaGocQZEasZ OA8N+Fy6ggr0rctYawYkkIAj2FQ= X-Google-Smtp-Source: APXvYqwLFBkyn38D1qFrEAeYPuAcbFMlbnSs7YTkekejpPm/cNmDJoNnuQp4f4Y9BUhti4M24n36n1c= X-Received: by 2002:a65:6552:: with SMTP id a18mr77689946pgw.208.1564068829986; Thu, 25 Jul 2019 08:33:49 -0700 (PDT) Date: Thu, 25 Jul 2019 08:33:37 -0700 In-Reply-To: <20190725153342.3571-1-sdf@google.com> Message-Id: <20190725153342.3571-3-sdf@google.com> Mime-Version: 1.0 References: <20190725153342.3571-1-sdf@google.com> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog Subject: [PATCH bpf-next v2 2/7] bpf/flow_dissector: document flags From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, Stanislav Fomichev , Willem de Bruijn , Song Liu , Petar Penkov Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Describe what each input flag does and who uses it. Acked-by: Willem de Bruijn Acked-by: Song Liu Cc: Song Liu Cc: Willem de Bruijn Cc: Petar Penkov Signed-off-by: Stanislav Fomichev --- Documentation/bpf/prog_flow_dissector.rst | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Documentation/bpf/prog_flow_dissector.rst b/Documentation/bpf/prog_flow_dissector.rst index ed343abe541e..0f3f380b2ce4 100644 --- a/Documentation/bpf/prog_flow_dissector.rst +++ b/Documentation/bpf/prog_flow_dissector.rst @@ -26,6 +26,7 @@ and output arguments. * ``nhoff`` - initial offset of the networking header * ``thoff`` - initial offset of the transport header, initialized to nhoff * ``n_proto`` - L3 protocol type, parsed out of L2 header + * ``flags`` - optional flags Flow dissector BPF program should fill out the rest of the ``struct bpf_flow_keys`` fields. Input arguments ``nhoff/thoff/n_proto`` should be @@ -101,6 +102,23 @@ can be called for both cases and would have to be written carefully to handle both cases. +Flags +===== + +``flow_keys->flags`` might contain optional input flags that work as follows: + +* ``FLOW_DISSECTOR_F_PARSE_1ST_FRAG`` - tells BPF flow dissector to continue + parsing first fragment; the default expected behavior is that flow dissector + returns as soon as it finds out that the packet is fragmented; + used by ``eth_get_headlen`` to estimate length of all headers for GRO. +* ``FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL`` - tells BPF flow dissector to stop + parsing as soon as it reaches IPv6 flow label; used by ``___skb_get_hash`` + and ``__skb_get_hash_symmetric`` to get flow hash. +* ``FLOW_DISSECTOR_F_STOP_AT_ENCAP`` - tells BPF flow dissector to stop + parsing as soon as it reaches encapsulated headers; used by routing + infrastructure. + + Reference Implementation ======================== From patchwork Thu Jul 25 15:33:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 1136969 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="jl3szocq"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45vbpq4mpRz9sBt for ; Fri, 26 Jul 2019 01:33:55 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389128AbfGYPdz (ORCPT ); Thu, 25 Jul 2019 11:33:55 -0400 Received: from mail-pg1-f201.google.com ([209.85.215.201]:34442 "EHLO mail-pg1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389122AbfGYPdy (ORCPT ); Thu, 25 Jul 2019 11:33:54 -0400 Received: by mail-pg1-f201.google.com with SMTP id x19so30930358pgx.1 for ; Thu, 25 Jul 2019 08:33:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=S1+omtFhB5U2AC0M72Cgb2Rfr2Z1sSSuVrmqGgYoHrg=; b=jl3szocqEJUCetiE659NxMaqklSY3xL8ZKF5CbFoHMfykoBnWbSy8OFUjJeL+Njp/d FqeaRWuFT8/VKctrEdDPP31DgpH1h9u9lWWEoeRvfzDFP5GhgKNDka/vFdX4EYnpGZD4 oYGhgp7KZ+V6wL/KkJ8VlQbFOZ/XD60wThJEqYmWjE656Heq4aKInq4kdcRsn4B3vff7 jGKK2ma7Ome5u44JyA/5vhRh7MAzrwAwqEDjU3waENwhbxZG1SlQW2uaBZ3+nHpnTt5/ sJD3pUHe1zCY/izcEVmEcqeKafHkA7lOCPnp78DzTQoxzxhoquWmVZGY7Bx+AmMYuX06 NQeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=S1+omtFhB5U2AC0M72Cgb2Rfr2Z1sSSuVrmqGgYoHrg=; b=LSHOhg8ZuBvu3T2FtBDHdEnMLGLqF+lfdilnv6Fs8WoCti3zGEFQfssJgyE6HH+NeV Md3ngoAYqhYHid3PDKsAA1EtVxdzXTM36gsyqrbxK3KYOrDv7NwUUju0TDB7gigPo5eG R6MiXMFXx4EXH2y7A7EJZ0iy6YmDqnKWrEuRuZBW5r5ssJuEcjNvYBkgbSEoBCA4TT0c cSBKljjf+/5LHoyf7kK9Yhyyc9Cv3dm4kqGfrOjk8f19VzQn7JktvE+ho8b+73HilARq Bl+XaQjqINV8PRs7445Gu3woCIzv6UsoJO0g23UuNdIxj+opO1SzUFf2vcc3mOw4Ubv1 ZiYA== X-Gm-Message-State: APjAAAXDJsSuoO3ick+1pl6taCO1mSDD0ehUKUrN6sQqGgnu0Fm6xDIO hRVLMZV/sp+hndRLXOKWVbtdDNA= X-Google-Smtp-Source: APXvYqw+gRO4DnDKQ9dB+oET5Ty/v93oX4oX1kww4Iuqa/RxnKRSrvRhwh/qT8flh+pfy9a0o4PzVmU= X-Received: by 2002:a65:62d7:: with SMTP id m23mr86905598pgv.358.1564068833223; Thu, 25 Jul 2019 08:33:53 -0700 (PDT) Date: Thu, 25 Jul 2019 08:33:38 -0700 In-Reply-To: <20190725153342.3571-1-sdf@google.com> Message-Id: <20190725153342.3571-4-sdf@google.com> Mime-Version: 1.0 References: <20190725153342.3571-1-sdf@google.com> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog Subject: [PATCH bpf-next v2 3/7] bpf/flow_dissector: support flags in BPF_PROG_TEST_RUN From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, Stanislav Fomichev , Willem de Bruijn , Song Liu , Petar Penkov Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org This will allow us to write tests for those flags. v2: * Swap kfree(data) and kfree(user_ctx) (Song Liu) Acked-by: Willem de Bruijn Acked-by: Song Liu Cc: Song Liu Cc: Willem de Bruijn Cc: Petar Penkov Signed-off-by: Stanislav Fomichev --- net/bpf/test_run.c | 39 +++++++++++++++++++++++++++++++++++---- 1 file changed, 35 insertions(+), 4 deletions(-) diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index 4e41d15a1098..1153bbcdff72 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -377,6 +377,22 @@ int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr, return ret; } +static int verify_user_bpf_flow_keys(struct bpf_flow_keys *ctx) +{ + /* make sure the fields we don't use are zeroed */ + if (!range_is_zero(ctx, 0, offsetof(struct bpf_flow_keys, flags))) + return -EINVAL; + + /* flags is allowed */ + + if (!range_is_zero(ctx, offsetof(struct bpf_flow_keys, flags) + + FIELD_SIZEOF(struct bpf_flow_keys, flags), + sizeof(struct bpf_flow_keys))) + return -EINVAL; + + return 0; +} + int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, const union bpf_attr *kattr, union bpf_attr __user *uattr) @@ -384,9 +400,11 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, u32 size = kattr->test.data_size_in; struct bpf_flow_dissector ctx = {}; u32 repeat = kattr->test.repeat; + struct bpf_flow_keys *user_ctx; struct bpf_flow_keys flow_keys; u64 time_start, time_spent = 0; const struct ethhdr *eth; + unsigned int flags = 0; u32 retval, duration; void *data; int ret; @@ -395,9 +413,6 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, if (prog->type != BPF_PROG_TYPE_FLOW_DISSECTOR) return -EINVAL; - if (kattr->test.ctx_in || kattr->test.ctx_out) - return -EINVAL; - if (size < ETH_HLEN) return -EINVAL; @@ -410,6 +425,18 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, if (!repeat) repeat = 1; + user_ctx = bpf_ctx_init(kattr, sizeof(struct bpf_flow_keys)); + if (IS_ERR(user_ctx)) { + kfree(data); + return PTR_ERR(user_ctx); + } + if (user_ctx) { + ret = verify_user_bpf_flow_keys(user_ctx); + if (ret) + goto out; + flags = user_ctx->flags; + } + ctx.flow_keys = &flow_keys; ctx.data = data; ctx.data_end = (__u8 *)data + size; @@ -419,7 +446,7 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, time_start = ktime_get_ns(); for (i = 0; i < repeat; i++) { retval = bpf_flow_dissect(prog, &ctx, eth->h_proto, ETH_HLEN, - size, 0); + size, flags); if (signal_pending(current)) { preempt_enable(); @@ -450,8 +477,12 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog, ret = bpf_test_finish(kattr, uattr, &flow_keys, sizeof(flow_keys), retval, duration); + if (!ret) + ret = bpf_ctx_finish(kattr, uattr, user_ctx, + sizeof(struct bpf_flow_keys)); out: + kfree(user_ctx); kfree(data); return ret; } From patchwork Thu Jul 25 15:33:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 1136972 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="CK/FKzbK"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45vbpv2ybSz9sBt for ; Fri, 26 Jul 2019 01:33:59 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389170AbfGYPd6 (ORCPT ); Thu, 25 Jul 2019 11:33:58 -0400 Received: from mail-vs1-f73.google.com ([209.85.217.73]:37362 "EHLO mail-vs1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389153AbfGYPd5 (ORCPT ); Thu, 25 Jul 2019 11:33:57 -0400 Received: by mail-vs1-f73.google.com with SMTP id a23so13506503vsn.4 for ; Thu, 25 Jul 2019 08:33:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=kCJBSP0++BkIRS8UIK5zEBUXqgfh3zWN44O45srvAnM=; b=CK/FKzbKEB2RwBpklhJ+q5UQoPNaAcNGGdaQLi/8ofpGngIegXpN+zfxmR7EGyUl+o IylfjIn9Lo6G8oL+QGh6CRZSnYv29EjQTVUqyE9xP2bQB/t1If/hbM9R7P787CVaXRQo QNYjsQqmu3fnIlQYRTkPs0Ns54pzcQJS7nd/UUYbOuSQ3Pq9868mONdpdzCFLELxyzz7 UNCqRExP36scQGHqDcSubm8GIa/C3eaHwsFN9zfr7zHMTc9Z2E/ugFP2evRdWviChOwV mblWdqnbT2rd4GBCANqZ+MtmIkjUWtatwlxZOr8mQqj2792ywe1UMdHMzzLFTSTso0m7 Tl1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=kCJBSP0++BkIRS8UIK5zEBUXqgfh3zWN44O45srvAnM=; b=JkfDPoU9+bZI7569IloQVICXKCZSQdlesbVphMxq4HTlRTEri266JFClCGqDXiLiMs ywHoGPOJVZ6Y4arKzFJXyL4Cwfmz/IFlKtPojWiVB4/NwbUeNGAB110r3RLIbJN9Rv9U jqYClY9rnvG9VzkeQ/qH/XCNuimbeD0djmWtp2zl4Q9ri6aaymPSF5xprNJ8dyXM+Gib LsbDnsjAMolIm3EDsanUyzVfjUYw9fWZXC9o7z5PgsWWBQ+rYDMFm/F/pOMuLQC0CWz9 SiUnCik5aFeQ4tVPQKIYpPTozBpJkiWhqRXas//A7LAndVfagy+Kb2eH4DGpymzjN7HH 9B5g== X-Gm-Message-State: APjAAAXQo8+iDdgYmYkftpICNYvNc1O+YBBl6kWU70s/lmWtbW2Ctpqy TjsLZ+JfwhI4EaVI4/Z/TVEeBFk= X-Google-Smtp-Source: APXvYqxlbDRaSWg3h0K0/giWqpcn+ZyJSvC7FKVVpDCzicE/ysjWyJw0c1Mx0Vutk7NKt2sQJ2xQ3/I= X-Received: by 2002:ab0:18a6:: with SMTP id t38mr22503847uag.83.1564068836333; Thu, 25 Jul 2019 08:33:56 -0700 (PDT) Date: Thu, 25 Jul 2019 08:33:39 -0700 In-Reply-To: <20190725153342.3571-1-sdf@google.com> Message-Id: <20190725153342.3571-5-sdf@google.com> Mime-Version: 1.0 References: <20190725153342.3571-1-sdf@google.com> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog Subject: [PATCH bpf-next v2 4/7] tools/bpf: sync bpf_flow_keys flags From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, Stanislav Fomichev , Willem de Bruijn , Song Liu , Petar Penkov Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Export bpf_flow_keys flags to tools/libbpf/selftests. Acked-by: Willem de Bruijn Acked-by: Song Liu Cc: Song Liu Cc: Willem de Bruijn Cc: Petar Penkov Signed-off-by: Stanislav Fomichev --- tools/include/uapi/linux/bpf.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 4e455018da65..a0e1c891b56f 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -3504,6 +3504,10 @@ enum bpf_task_fd_type { BPF_FD_TYPE_URETPROBE, /* filename + offset */ }; +#define FLOW_DISSECTOR_F_PARSE_1ST_FRAG (1U << 0) +#define FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL (1U << 1) +#define FLOW_DISSECTOR_F_STOP_AT_ENCAP (1U << 2) + struct bpf_flow_keys { __u16 nhoff; __u16 thoff; @@ -3525,6 +3529,7 @@ struct bpf_flow_keys { __u32 ipv6_dst[4]; /* in6_addr; network order */ }; }; + __u32 flags; }; struct bpf_func_info { From patchwork Thu Jul 25 15:33:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 1136974 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="r5kb15Tx"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45vbpy66WXz9sBt for ; Fri, 26 Jul 2019 01:34:02 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389201AbfGYPeC (ORCPT ); Thu, 25 Jul 2019 11:34:02 -0400 Received: from mail-qk1-f201.google.com ([209.85.222.201]:40589 "EHLO mail-qk1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389193AbfGYPd7 (ORCPT ); Thu, 25 Jul 2019 11:33:59 -0400 Received: by mail-qk1-f201.google.com with SMTP id c1so42610701qkl.7 for ; Thu, 25 Jul 2019 08:33:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Fq6IZgW4iOignB5P3NDDYUqS650/L2ZWasm6xkd4wQI=; b=r5kb15TxNspk5pTGy0JZeAumNmle01ejUcMAQjKiQxg1xN7QvTX2MJW5aHm49u7X2Z Mh6OeTrsW4bSmuBRpyINHj9bE/7NutGmT76yNyDCz0IGCNKuOtLoRDuXFsPRbYfb7D+x pBF+LS7GTTYkh+2LPLRtsEUdyePdYQPLH6dCfbFhvG8prnWhgE/KShizYPF5u1czQr5+ +pY1D+pPysQ2VFxMx+uyw9x7jmNTSpwIr6EewpjWcgWbBssNIF/704KCewibfrPwsoYa lfZ92PYveB10vpFiknbspznULh+/euWSTCGdaj/AuLPX198Rqy6U9JvXGn34xiKGIVj4 E+Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Fq6IZgW4iOignB5P3NDDYUqS650/L2ZWasm6xkd4wQI=; b=tHrT5PNYPTgMEgMXluwLchf4PtmXDp4Ev6Dl1Npx1i0unsuK8TQxgDhruHGnrO7NMP ftmIk9BXus/CePFpOM+nks8ih7Z7RHdvgbGWa6u2F0BaEylexC37dwcrh/cxWEY+XD+Q Vho4bQTCJz7gTBJAnr1BLw4KMOGONi5rqfTAQVqT2FdV1azFmB14cXEpi9QHuGDY3w+v pZtz4aD3R7cDlN28WZHnBlkOt/Sa8Cq1nRFBnRrdkkAUxwjHnzm/ZCU2cv2ERyUyAP9h wugcPmKle1pPYMksd1Hsu3a1vqvjUZGeZ5++4+s7+ef/7J3BzV/IdOPv5P8yyUUyJEc9 d38g== X-Gm-Message-State: APjAAAVCveuayeD4yAONpnzUuAd8k4fyVa9xeHB3HQmmJh0oTa1in1VO gmHwJLuxYeoJKUZjhwgroR4A60Q= X-Google-Smtp-Source: APXvYqwDKwqRzE9v9RUJzcj/K/w9EIFKEtuCpO0u5/zvR3exREZZ2yrLLLGj2SB/WXv6Zcw+Ncl5JJA= X-Received: by 2002:a05:620a:4:: with SMTP id j4mr58927359qki.269.1564068838815; Thu, 25 Jul 2019 08:33:58 -0700 (PDT) Date: Thu, 25 Jul 2019 08:33:40 -0700 In-Reply-To: <20190725153342.3571-1-sdf@google.com> Message-Id: <20190725153342.3571-6-sdf@google.com> Mime-Version: 1.0 References: <20190725153342.3571-1-sdf@google.com> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog Subject: [PATCH bpf-next v2 5/7] selftests/bpf: support FLOW_DISSECTOR_F_PARSE_1ST_FRAG From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, Stanislav Fomichev , Willem de Bruijn , Song Liu , Petar Penkov Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org bpf_flow.c: exit early unless FLOW_DISSECTOR_F_PARSE_1ST_FRAG is passed in flags. Also, set ip_proto earlier, this makes sure we have correct value with fragmented packets. Add selftest cases to test ipv4/ipv6 fragments and skip eth_get_headlen tests that don't have FLOW_DISSECTOR_F_PARSE_1ST_FRAG flag. eth_get_headlen calls flow dissector with FLOW_DISSECTOR_F_PARSE_1ST_FRAG flag so we can't run tests that have different set of input flags against it. v2: * sefltests -> selftests (Willem de Bruijn) * Reword a comment about eth_get_headlen flags (Song Liu) Acked-by: Willem de Bruijn Cc: Song Liu Cc: Willem de Bruijn Cc: Petar Penkov Signed-off-by: Stanislav Fomichev Acked-by: Song Liu --- .../selftests/bpf/prog_tests/flow_dissector.c | 132 +++++++++++++++++- tools/testing/selftests/bpf/progs/bpf_flow.c | 28 +++- 2 files changed, 153 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c index c938283ac232..f93a115db650 100644 --- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c @@ -5,6 +5,10 @@ #include #include +#ifndef IP_MF +#define IP_MF 0x2000 +#endif + #define CHECK_FLOW_KEYS(desc, got, expected) \ CHECK_ATTR(memcmp(&got, &expected, sizeof(got)) != 0, \ desc, \ @@ -49,6 +53,18 @@ struct ipv6_pkt { struct tcphdr tcp; } __packed; +struct ipv6_frag_pkt { + struct ethhdr eth; + struct ipv6hdr iph; + struct frag_hdr { + __u8 nexthdr; + __u8 reserved; + __be16 frag_off; + __be32 identification; + } ipf; + struct tcphdr tcp; +} __packed; + struct dvlan_ipv6_pkt { struct ethhdr eth; __u16 vlan_tci; @@ -65,9 +81,11 @@ struct test { struct ipv4_pkt ipv4; struct svlan_ipv4_pkt svlan_ipv4; struct ipv6_pkt ipv6; + struct ipv6_frag_pkt ipv6_frag; struct dvlan_ipv6_pkt dvlan_ipv6; } pkt; struct bpf_flow_keys keys; + __u32 flags; }; #define VLAN_HLEN 4 @@ -143,6 +161,102 @@ struct test tests[] = { .n_proto = __bpf_constant_htons(ETH_P_IPV6), }, }, + { + .name = "ipv4-frag", + .pkt.ipv4 = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IP), + .iph.ihl = 5, + .iph.protocol = IPPROTO_TCP, + .iph.tot_len = __bpf_constant_htons(MAGIC_BYTES), + .iph.frag_off = __bpf_constant_htons(IP_MF), + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG, + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct iphdr), + .addr_proto = ETH_P_IP, + .ip_proto = IPPROTO_TCP, + .n_proto = __bpf_constant_htons(ETH_P_IP), + .is_frag = true, + .is_first_frag = true, + .sport = 80, + .dport = 8080, + }, + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG, + }, + { + .name = "ipv4-no-frag", + .pkt.ipv4 = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IP), + .iph.ihl = 5, + .iph.protocol = IPPROTO_TCP, + .iph.tot_len = __bpf_constant_htons(MAGIC_BYTES), + .iph.frag_off = __bpf_constant_htons(IP_MF), + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct iphdr), + .addr_proto = ETH_P_IP, + .ip_proto = IPPROTO_TCP, + .n_proto = __bpf_constant_htons(ETH_P_IP), + .is_frag = true, + .is_first_frag = true, + }, + }, + { + .name = "ipv6-frag", + .pkt.ipv6_frag = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IPV6), + .iph.nexthdr = IPPROTO_FRAGMENT, + .iph.payload_len = __bpf_constant_htons(MAGIC_BYTES), + .ipf.nexthdr = IPPROTO_TCP, + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG, + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct ipv6hdr) + + sizeof(struct frag_hdr), + .addr_proto = ETH_P_IPV6, + .ip_proto = IPPROTO_TCP, + .n_proto = __bpf_constant_htons(ETH_P_IPV6), + .is_frag = true, + .is_first_frag = true, + .sport = 80, + .dport = 8080, + }, + .flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG, + }, + { + .name = "ipv6-no-frag", + .pkt.ipv6_frag = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IPV6), + .iph.nexthdr = IPPROTO_FRAGMENT, + .iph.payload_len = __bpf_constant_htons(MAGIC_BYTES), + .ipf.nexthdr = IPPROTO_TCP, + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct ipv6hdr) + + sizeof(struct frag_hdr), + .addr_proto = ETH_P_IPV6, + .ip_proto = IPPROTO_TCP, + .n_proto = __bpf_constant_htons(ETH_P_IPV6), + .is_frag = true, + .is_first_frag = true, + }, + }, }; static int create_tap(const char *ifname) @@ -225,6 +339,13 @@ void test_flow_dissector(void) .data_size_in = sizeof(tests[i].pkt), .data_out = &flow_keys, }; + static struct bpf_flow_keys ctx = {}; + + if (tests[i].flags) { + tattr.ctx_in = &ctx; + tattr.ctx_size_in = sizeof(ctx); + ctx.flags = tests[i].flags; + } err = bpf_prog_test_run_xattr(&tattr); CHECK_ATTR(tattr.data_size_out != sizeof(flow_keys) || @@ -251,10 +372,19 @@ void test_flow_dissector(void) CHECK(err, "ifup", "err %d errno %d\n", err, errno); for (i = 0; i < ARRAY_SIZE(tests); i++) { - struct bpf_flow_keys flow_keys = {}; + /* Keep in sync with 'flags' from eth_get_headlen. */ + __u32 eth_get_headlen_flags = FLOW_DISSECTOR_F_PARSE_1ST_FRAG; struct bpf_prog_test_run_attr tattr = {}; + struct bpf_flow_keys flow_keys = {}; __u32 key = 0; + /* For skb-less case we can't pass input flags; run + * only the tests that have a matching set of flags. + */ + + if (tests[i].flags != eth_get_headlen_flags) + continue; + err = tx_tap(tap_fd, &tests[i].pkt, sizeof(tests[i].pkt)); CHECK(err < 0, "tx_tap", "err %d errno %d\n", err, errno); diff --git a/tools/testing/selftests/bpf/progs/bpf_flow.c b/tools/testing/selftests/bpf/progs/bpf_flow.c index 5ae485a6af3f..0eabe5e57944 100644 --- a/tools/testing/selftests/bpf/progs/bpf_flow.c +++ b/tools/testing/selftests/bpf/progs/bpf_flow.c @@ -153,7 +153,6 @@ static __always_inline int parse_ip_proto(struct __sk_buff *skb, __u8 proto) struct tcphdr *tcp, _tcp; struct udphdr *udp, _udp; - keys->ip_proto = proto; switch (proto) { case IPPROTO_ICMP: icmp = bpf_flow_dissect_get_header(skb, sizeof(*icmp), &_icmp); @@ -231,7 +230,6 @@ static __always_inline int parse_ipv6_proto(struct __sk_buff *skb, __u8 nexthdr) { struct bpf_flow_keys *keys = skb->flow_keys; - keys->ip_proto = nexthdr; switch (nexthdr) { case IPPROTO_HOPOPTS: case IPPROTO_DSTOPTS: @@ -266,6 +264,7 @@ PROG(IP)(struct __sk_buff *skb) keys->addr_proto = ETH_P_IP; keys->ipv4_src = iph->saddr; keys->ipv4_dst = iph->daddr; + keys->ip_proto = iph->protocol; keys->thoff += iph->ihl << 2; if (data + keys->thoff > data_end) @@ -273,13 +272,19 @@ PROG(IP)(struct __sk_buff *skb) if (iph->frag_off & bpf_htons(IP_MF | IP_OFFSET)) { keys->is_frag = true; - if (iph->frag_off & bpf_htons(IP_OFFSET)) + if (iph->frag_off & bpf_htons(IP_OFFSET)) { /* From second fragment on, packets do not have headers * we can parse. */ done = true; - else + } else { keys->is_first_frag = true; + /* No need to parse fragmented packet unless + * explicitly asked for. + */ + if (!(keys->flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)) + done = true; + } } if (done) @@ -301,6 +306,7 @@ PROG(IPV6)(struct __sk_buff *skb) memcpy(&keys->ipv6_src, &ip6h->saddr, 2*sizeof(ip6h->saddr)); keys->thoff += sizeof(struct ipv6hdr); + keys->ip_proto = ip6h->nexthdr; return parse_ipv6_proto(skb, ip6h->nexthdr); } @@ -317,7 +323,8 @@ PROG(IPV6OP)(struct __sk_buff *skb) /* hlen is in 8-octets and does not include the first 8 bytes * of the header */ - skb->flow_keys->thoff += (1 + ip6h->hdrlen) << 3; + keys->thoff += (1 + ip6h->hdrlen) << 3; + keys->ip_proto = ip6h->nexthdr; return parse_ipv6_proto(skb, ip6h->nexthdr); } @@ -333,9 +340,18 @@ PROG(IPV6FR)(struct __sk_buff *skb) keys->thoff += sizeof(*fragh); keys->is_frag = true; - if (!(fragh->frag_off & bpf_htons(IP6_OFFSET))) + keys->ip_proto = fragh->nexthdr; + + if (!(fragh->frag_off & bpf_htons(IP6_OFFSET))) { keys->is_first_frag = true; + /* No need to parse fragmented packet unless + * explicitly asked for. + */ + if (!(keys->flags & FLOW_DISSECTOR_F_PARSE_1ST_FRAG)) + return export_flow_keys(keys, BPF_OK); + } + return parse_ipv6_proto(skb, fragh->nexthdr); } From patchwork Thu Jul 25 15:33:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 1136977 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="HKwbSIA0"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45vbq21HdCz9sBt for ; Fri, 26 Jul 2019 01:34:06 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389230AbfGYPeF (ORCPT ); Thu, 25 Jul 2019 11:34:05 -0400 Received: from mail-pf1-f201.google.com ([209.85.210.201]:50489 "EHLO mail-pf1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389196AbfGYPeC (ORCPT ); Thu, 25 Jul 2019 11:34:02 -0400 Received: by mail-pf1-f201.google.com with SMTP id h27so31072078pfq.17 for ; Thu, 25 Jul 2019 08:34:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=GCDFpw0uwYKg8zzlh+Y1kxTvxF1Qwih2k/AvYXFT5Ik=; b=HKwbSIA0mCQhrV2+nOxZIkn2DYopPVzf3R8bk+nGOZrtqV79bm3fyXKHLwLho6yj/0 q9A8pZ7VWHkonV0ONoE9p+5WB7zcsvd9PGWrS7pQrOLkD+F6+pYCsnHWIKrKwbJxbD3Q JxUe/8zBfBZxhpETICtOR8MkHwmKajG2X7frEY5+kYBWZ4KFtbO5DdtLc8lEtqtzFjDV QjZYAw/FinWw03/J3djHZLiz4jkPdW/QZco/AaRsDDCtP77mJGJ5lB0d79ZQhDCQLo0Z qwf0jjn6RQYkyAUH8K3BHpk4sgtJxgPu4pJmPMynOpYmt6mkvrGucGaf+sC2Gu6QicbA yBlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=GCDFpw0uwYKg8zzlh+Y1kxTvxF1Qwih2k/AvYXFT5Ik=; b=iKIY1bZaDYXXKPdasiOCrg40BY9ciyYE/o6nzbqewkvSbwoL9XQNO0OnCrW9vzuE/p Tz3LO6CX87FWVbcuN871iYO4jN6T4U+c223hF53sJIsGzv4Pxa6iDQ/fPRjioFriEwkA 0TA5QfmyGhkvFw6GM95szjg1S94NJcea8v2jx79ip780LeVawLuXkFxGRNqaKs7iKA3y rVcXUXyI6sW34GmdgStYMJVw+h2Sp6znIsoSic4Wv2xw1TQuDBocIN/mulp9kr148SvR 9gKT1I6E8gPbFx4yMXjO1M+1EDoQwukumQPRre7Z+pseXM9PiwnZwNE51nGBWQGmbIJB JkpA== X-Gm-Message-State: APjAAAWu/brOWiCSaRYiTKTYqpufBtk2zIUu80yJQ0jwYGFCsAXs8+eZ F+e+XuCFM3wT7a1ighj09B3ZlyoZZ83T++wzqHz8il70jxEkrg9LI7jqyK6k9qKuSbBWEFl3Srp xiMFU1WWENRHtvYoVoOaYiBUd/D4B9bXnKWHbNXoflHGMX3zwtWUkpA== X-Google-Smtp-Source: APXvYqxSgH8dRwQdP+gWtFYoqtycYvcefSC3FwyFRg24iKhyPYiKSqsjQnBF7qbvAilYR/uObeTSPtM= X-Received: by 2002:a63:c70d:: with SMTP id n13mr85830085pgg.171.1564068841043; Thu, 25 Jul 2019 08:34:01 -0700 (PDT) Date: Thu, 25 Jul 2019 08:33:41 -0700 In-Reply-To: <20190725153342.3571-1-sdf@google.com> Message-Id: <20190725153342.3571-7-sdf@google.com> Mime-Version: 1.0 References: <20190725153342.3571-1-sdf@google.com> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog Subject: [PATCH bpf-next v2 6/7] bpf/flow_dissector: support ipv6 flow_label and FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, Stanislav Fomichev , Willem de Bruijn , Song Liu , Petar Penkov Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add support for exporting ipv6 flow label via bpf_flow_keys. Export flow label from bpf_flow.c and also return early when FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL is passed. Acked-by: Willem de Bruijn Acked-by: Song Liu Cc: Song Liu Cc: Willem de Bruijn Cc: Petar Penkov Signed-off-by: Stanislav Fomichev --- include/uapi/linux/bpf.h | 1 + net/core/flow_dissector.c | 9 ++++ tools/include/uapi/linux/bpf.h | 1 + .../selftests/bpf/prog_tests/flow_dissector.c | 46 +++++++++++++++++++ tools/testing/selftests/bpf/progs/bpf_flow.c | 10 ++++ 5 files changed, 67 insertions(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index b4ad19bd6aa8..83b4150466af 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -3533,6 +3533,7 @@ struct bpf_flow_keys { }; }; __u32 flags; + __be32 flow_label; }; struct bpf_func_info { diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index a74c4ed1b30d..bcdb863cad28 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -737,6 +737,7 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys, struct flow_dissector_key_basic *key_basic; struct flow_dissector_key_addrs *key_addrs; struct flow_dissector_key_ports *key_ports; + struct flow_dissector_key_tags *key_tags; key_control = skb_flow_dissector_target(flow_dissector, FLOW_DISSECTOR_KEY_CONTROL, @@ -781,6 +782,14 @@ static void __skb_flow_bpf_to_target(const struct bpf_flow_keys *flow_keys, key_ports->src = flow_keys->sport; key_ports->dst = flow_keys->dport; } + + if (dissector_uses_key(flow_dissector, + FLOW_DISSECTOR_KEY_FLOW_LABEL)) { + key_tags = skb_flow_dissector_target(flow_dissector, + FLOW_DISSECTOR_KEY_FLOW_LABEL, + target_container); + key_tags->flow_label = ntohl(flow_keys->flow_label); + } } bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx, diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index a0e1c891b56f..c26ca432b1b3 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -3530,6 +3530,7 @@ struct bpf_flow_keys { }; }; __u32 flags; + __be32 flow_label; }; struct bpf_func_info { diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c index f93a115db650..ada032be6199 100644 --- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c @@ -20,6 +20,7 @@ "is_encap=%u/%u " \ "ip_proto=0x%x/0x%x " \ "n_proto=0x%x/0x%x " \ + "flow_label=0x%x/0x%x " \ "sport=%u/%u " \ "dport=%u/%u\n", \ got.nhoff, expected.nhoff, \ @@ -30,6 +31,7 @@ got.is_encap, expected.is_encap, \ got.ip_proto, expected.ip_proto, \ got.n_proto, expected.n_proto, \ + got.flow_label, expected.flow_label, \ got.sport, expected.sport, \ got.dport, expected.dport) @@ -257,6 +259,50 @@ struct test tests[] = { .is_first_frag = true, }, }, + { + .name = "ipv6-flow-label", + .pkt.ipv6 = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IPV6), + .iph.nexthdr = IPPROTO_TCP, + .iph.payload_len = __bpf_constant_htons(MAGIC_BYTES), + .iph.flow_lbl = { 0xb, 0xee, 0xef }, + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct ipv6hdr), + .addr_proto = ETH_P_IPV6, + .ip_proto = IPPROTO_TCP, + .n_proto = __bpf_constant_htons(ETH_P_IPV6), + .sport = 80, + .dport = 8080, + .flow_label = __bpf_constant_htonl(0xbeeef), + }, + }, + { + .name = "ipv6-no-flow-label", + .pkt.ipv6 = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IPV6), + .iph.nexthdr = IPPROTO_TCP, + .iph.payload_len = __bpf_constant_htons(MAGIC_BYTES), + .iph.flow_lbl = { 0xb, 0xee, 0xef }, + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .flags = FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL, + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct ipv6hdr), + .addr_proto = ETH_P_IPV6, + .ip_proto = IPPROTO_TCP, + .n_proto = __bpf_constant_htons(ETH_P_IPV6), + .flow_label = __bpf_constant_htonl(0xbeeef), + }, + .flags = FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL, + }, }; static int create_tap(const char *ifname) diff --git a/tools/testing/selftests/bpf/progs/bpf_flow.c b/tools/testing/selftests/bpf/progs/bpf_flow.c index 0eabe5e57944..7d73b7bfe609 100644 --- a/tools/testing/selftests/bpf/progs/bpf_flow.c +++ b/tools/testing/selftests/bpf/progs/bpf_flow.c @@ -83,6 +83,12 @@ static __always_inline int export_flow_keys(struct bpf_flow_keys *keys, return ret; } +#define IPV6_FLOWLABEL_MASK __bpf_constant_htonl(0x000FFFFF) +static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr) +{ + return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK; +} + static __always_inline void *bpf_flow_dissect_get_header(struct __sk_buff *skb, __u16 hdr_size, void *buffer) @@ -307,6 +313,10 @@ PROG(IPV6)(struct __sk_buff *skb) keys->thoff += sizeof(struct ipv6hdr); keys->ip_proto = ip6h->nexthdr; + keys->flow_label = ip6_flowlabel(ip6h); + + if (keys->flags & FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL) + return export_flow_keys(keys, BPF_OK); return parse_ipv6_proto(skb, ip6h->nexthdr); } From patchwork Thu Jul 25 15:33:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 1136978 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="TETaKcXe"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45vbq33C6gz9sDQ for ; Fri, 26 Jul 2019 01:34:07 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389231AbfGYPeF (ORCPT ); Thu, 25 Jul 2019 11:34:05 -0400 Received: from mail-pf1-f202.google.com ([209.85.210.202]:47745 "EHLO mail-pf1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389195AbfGYPeF (ORCPT ); Thu, 25 Jul 2019 11:34:05 -0400 Received: by mail-pf1-f202.google.com with SMTP id f25so31064601pfk.14 for ; Thu, 25 Jul 2019 08:34:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=cwc6MFuQeVYESzjjmb98s1+UYBUaqh95Zn6ch0zENRw=; b=TETaKcXejX2FlpfjkqWWHA4Gf5x0ixuRBfgqI1bh+V3+PVgISKvJ2r+geazwh4H+sl 8NwfLm7XEy9gQtWItzVw/RRza0tpUiuhpXC3tByEdl8HMJGjHppV9ykVSy7nSDfMMtMi xdkjM7w1Lk14V4Nk9OZiO6j+vZeCJ1DPFBJ5yTC7x+bZLRifgVlawu0BTYcHZnrb37Iu MjGEP/HFGfMPsdMgKztzQr/m9u9oO+qVV3bKng17yjqCuKIKPLyyqv+exIMWCDcuM/rc eK5/97NR5wgXWYuO0lf+zQE6N5DsnZ9vmE7fRJ3S05EIQnvN6hplurIJi4drGsJoeNBK udLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=cwc6MFuQeVYESzjjmb98s1+UYBUaqh95Zn6ch0zENRw=; b=fgJCAaoVgIRus4DTltCqlX5YqlTEIwWRgGdyljpZ5xTM2PSLlQ6/dVxd32MXkzEG1n 2mXDpYUUzXX0NAjbsXG3I62Rk84KxFPNu20CvTgU4F16xyiryfCqHHGfb6w8qYoDBodP nSJwLcCbjHWheQr6P6NMOUo/p7b/yVjpleOj54pbQw4sOqyo4w+XliNYwGiGzGWl31n4 js8EBlD8UJfgH9XCTRq13GJhXk/NgBjLlOMYPLgq9yAWGgNSepDveMKqQQJrldkKFyc9 jVDXtSoZuXAtx9AeaCINrqzoRuFuvS134O9Svql+A1sDSc4rnaeLL6wxhmC9BhMTe25r 4MrA== X-Gm-Message-State: APjAAAX1qeHcbXXUzWij8DoHnoOSDPdA2bPoAConTXj/IsaT/ycsW64Z /kUwga0cCWvj/L8YzURE+QSSFj4= X-Google-Smtp-Source: APXvYqxsaIF0+3j3tO9QIyHUUbsUly3lsHn8bpSIYPZ8k8PLRjL0LFHG319mOWHjfLNH4T5YmHpzGhE= X-Received: by 2002:a63:dd17:: with SMTP id t23mr59456661pgg.295.1564068843582; Thu, 25 Jul 2019 08:34:03 -0700 (PDT) Date: Thu, 25 Jul 2019 08:33:42 -0700 In-Reply-To: <20190725153342.3571-1-sdf@google.com> Message-Id: <20190725153342.3571-8-sdf@google.com> Mime-Version: 1.0 References: <20190725153342.3571-1-sdf@google.com> X-Mailer: git-send-email 2.22.0.657.g960e92d24f-goog Subject: [PATCH bpf-next v2 7/7] selftests/bpf: support FLOW_DISSECTOR_F_STOP_AT_ENCAP From: Stanislav Fomichev To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: davem@davemloft.net, ast@kernel.org, daniel@iogearbox.net, Stanislav Fomichev , Willem de Bruijn , Song Liu , Petar Penkov Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Exit as soon as we found that packet is encapped when FLOW_DISSECTOR_F_STOP_AT_ENCAP is passed. Add appropriate selftest cases. v2: * Subtract sizeof(struct iphdr) from .iph_inner.tot_len (Willem de Bruijn) Acked-by: Willem de Bruijn Acked-by: Song Liu Cc: Song Liu Cc: Willem de Bruijn Cc: Petar Penkov Signed-off-by: Stanislav Fomichev --- .../selftests/bpf/prog_tests/flow_dissector.c | 64 +++++++++++++++++++ tools/testing/selftests/bpf/progs/bpf_flow.c | 8 +++ 2 files changed, 72 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c index ada032be6199..15265c7a90a3 100644 --- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c @@ -41,6 +41,13 @@ struct ipv4_pkt { struct tcphdr tcp; } __packed; +struct ipip_pkt { + struct ethhdr eth; + struct iphdr iph; + struct iphdr iph_inner; + struct tcphdr tcp; +} __packed; + struct svlan_ipv4_pkt { struct ethhdr eth; __u16 vlan_tci; @@ -82,6 +89,7 @@ struct test { union { struct ipv4_pkt ipv4; struct svlan_ipv4_pkt svlan_ipv4; + struct ipip_pkt ipip; struct ipv6_pkt ipv6; struct ipv6_frag_pkt ipv6_frag; struct dvlan_ipv6_pkt dvlan_ipv6; @@ -303,6 +311,62 @@ struct test tests[] = { }, .flags = FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL, }, + { + .name = "ipip-encap", + .pkt.ipip = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IP), + .iph.ihl = 5, + .iph.protocol = IPPROTO_IPIP, + .iph.tot_len = __bpf_constant_htons(MAGIC_BYTES), + .iph_inner.ihl = 5, + .iph_inner.protocol = IPPROTO_TCP, + .iph_inner.tot_len = + __bpf_constant_htons(MAGIC_BYTES) - + sizeof(struct iphdr), + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .nhoff = 0, + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct iphdr) + + sizeof(struct iphdr), + .addr_proto = ETH_P_IP, + .ip_proto = IPPROTO_TCP, + .n_proto = __bpf_constant_htons(ETH_P_IP), + .is_encap = true, + .sport = 80, + .dport = 8080, + }, + }, + { + .name = "ipip-no-encap", + .pkt.ipip = { + .eth.h_proto = __bpf_constant_htons(ETH_P_IP), + .iph.ihl = 5, + .iph.protocol = IPPROTO_IPIP, + .iph.tot_len = __bpf_constant_htons(MAGIC_BYTES), + .iph_inner.ihl = 5, + .iph_inner.protocol = IPPROTO_TCP, + .iph_inner.tot_len = + __bpf_constant_htons(MAGIC_BYTES) - + sizeof(struct iphdr), + .tcp.doff = 5, + .tcp.source = 80, + .tcp.dest = 8080, + }, + .keys = { + .flags = FLOW_DISSECTOR_F_STOP_AT_ENCAP, + .nhoff = ETH_HLEN, + .thoff = ETH_HLEN + sizeof(struct iphdr), + .addr_proto = ETH_P_IP, + .ip_proto = IPPROTO_IPIP, + .n_proto = __bpf_constant_htons(ETH_P_IP), + .is_encap = true, + }, + .flags = FLOW_DISSECTOR_F_STOP_AT_ENCAP, + }, }; static int create_tap(const char *ifname) diff --git a/tools/testing/selftests/bpf/progs/bpf_flow.c b/tools/testing/selftests/bpf/progs/bpf_flow.c index 7d73b7bfe609..b6236cdf8564 100644 --- a/tools/testing/selftests/bpf/progs/bpf_flow.c +++ b/tools/testing/selftests/bpf/progs/bpf_flow.c @@ -167,9 +167,15 @@ static __always_inline int parse_ip_proto(struct __sk_buff *skb, __u8 proto) return export_flow_keys(keys, BPF_OK); case IPPROTO_IPIP: keys->is_encap = true; + if (keys->flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) + return export_flow_keys(keys, BPF_OK); + return parse_eth_proto(skb, bpf_htons(ETH_P_IP)); case IPPROTO_IPV6: keys->is_encap = true; + if (keys->flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) + return export_flow_keys(keys, BPF_OK); + return parse_eth_proto(skb, bpf_htons(ETH_P_IPV6)); case IPPROTO_GRE: gre = bpf_flow_dissect_get_header(skb, sizeof(*gre), &_gre); @@ -189,6 +195,8 @@ static __always_inline int parse_ip_proto(struct __sk_buff *skb, __u8 proto) keys->thoff += 4; /* Step over sequence number */ keys->is_encap = true; + if (keys->flags & FLOW_DISSECTOR_F_STOP_AT_ENCAP) + return export_flow_keys(keys, BPF_OK); if (gre->proto == bpf_htons(ETH_P_TEB)) { eth = bpf_flow_dissect_get_header(skb, sizeof(*eth),