1
2#include <limits.h>
3#include <stddef.h>
4#include <stdbool.h>
5#include <string.h>
6#include <linux/pkt_cls.h>
7#include <linux/bpf.h>
8#include <linux/in.h>
9#include <linux/if_ether.h>
10#include <linux/icmp.h>
11#include <linux/ip.h>
12#include <linux/ipv6.h>
13#include <linux/tcp.h>
14#include <linux/udp.h>
15#include <linux/if_packet.h>
16#include <sys/socket.h>
17#include <linux/if_tunnel.h>
18#include <linux/mpls.h>
19#include <bpf/bpf_helpers.h>
20#include <bpf/bpf_endian.h>
21
22#define PROG(F) PROG_(F, _##F)
23#define PROG_(NUM, NAME) SEC("flow_dissector") int flow_dissector_##NUM
24
25
26
27
28
29#define IP 0
30#define IPV6 1
31#define IPV6OP 2
32#define IPV6FR 3
33#define MPLS 4
34#define VLAN 5
35#define MAX_PROG 6
36
37#define IP_MF 0x2000
38#define IP_OFFSET 0x1FFF
39#define IP6_MF 0x0001
40#define IP6_OFFSET 0xFFF8
41
42struct vlan_hdr {
43 __be16 h_vlan_TCI;
44 __be16 h_vlan_encapsulated_proto;
45};
46
47struct gre_hdr {
48 __be16 flags;
49 __be16 proto;
50};
51
52struct frag_hdr {
53 __u8 nexthdr;
54 __u8 reserved;
55 __be16 frag_off;
56 __be32 identification;
57};
58
59struct {
60 __uint(type, BPF_MAP_TYPE_PROG_ARRAY);
61 __uint(max_entries, MAX_PROG);
62 __uint(key_size, sizeof(__u32));
63 __uint(value_size, sizeof(__u32));
64} jmp_table SEC(".maps");
65
66struct {
67 __uint(type, BPF_MAP_TYPE_HASH);
68 __uint(max_entries, 1024);
69 __type(key, __u32);
70 __type(value, struct bpf_flow_keys);
71} last_dissection SEC(".maps");
72
73static __always_inline int export_flow_keys(struct bpf_flow_keys *keys,
74 int ret)
75{
76 __u32 key = (__u32)(keys->sport) << 16 | keys->dport;
77 struct bpf_flow_keys val;
78
79 memcpy(&val, keys, sizeof(val));
80 bpf_map_update_elem(&last_dissection, &key, &val, BPF_ANY);
81 return ret;
82}
83
84#define IPV6_FLOWLABEL_MASK __bpf_constant_htonl(0x000FFFFF)
85static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
86{
87 return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
88}
89
90static __always_inline void *bpf_flow_dissect_get_header(struct __sk_buff *skb,
91 __u16 hdr_size,
92 void *buffer)
93{
94 void *data_end = (void *)(long)skb->data_end;
95 void *data = (void *)(long)skb->data;
96 __u16 thoff = skb->flow_keys->thoff;
97 __u8 *hdr;
98
99
100 if (thoff > (USHRT_MAX - hdr_size))
101 return NULL;
102
103 hdr = data + thoff;
104 if (hdr + hdr_size <= data_end)
105 return hdr;
106
107 if (bpf_skb_load_bytes(skb, thoff, buffer, hdr_size))
108 return NULL;
109
110 return buffer;
111}
112
113
114static __always_inline int parse_eth_proto(struct __sk_buff *skb, __be16 proto)
115{
116 struct bpf_flow_keys *keys = skb->flow_keys;
117
118 switch (proto) {
119 case bpf_htons(ETH_P_IP):
120 bpf_tail_call_static(skb, &jmp_table, IP);
121 break;
122 case bpf_htons(ETH_P_IPV6):
123 bpf_tail_call_static(skb, &jmp_table, IPV6);
124 break;
125 case bpf_htons(ETH_P_MPLS_MC):
126 case bpf_htons(ETH_P_MPLS_UC):
127 bpf_tail_call_static(skb, &jmp_table, MPLS);
128 break;
129 case bpf_htons(ETH_P_8021Q):
130 case bpf_htons(ETH_P_8021AD):
131 bpf_tail_call_static(skb, &jmp_table, VLAN);
132 break;
133 default:
134
135 return export_flow_keys(keys, BPF_DROP);
136 }
137
138 return export_flow_keys(keys, BPF_DROP);
139}
140
141SEC("flow_dissector")
142int _dissect(struct __sk_buff *skb)
143{
144 struct bpf_flow_keys *keys = skb->flow_keys;
145
146 return parse_eth_proto(skb, keys->n_proto);
147}
148
149
150static __always_inline int parse_ip_proto(struct __sk_buff *skb, __u8 proto)
151{
152 struct bpf_flow_keys *keys = skb->flow_keys;
153 void *data_end = (void *)(long)skb->data_end;
154 struct icmphdr *icmp, _icmp;
155 struct gre_hdr *gre, _gre;
156 struct ethhdr *eth, _eth;
157 struct tcphdr *tcp, _tcp;
158 struct udphdr *udp, _udp;
159
160 switch (proto) {
161 case IPPROTO_ICMP:
162 icmp = bpf_flow_dissect_get_header(skb, sizeof(*icmp), &_icmp);
163 if (!icmp)
164 return export_flow_keys(keys, BPF_DROP);
165 return export_flow_keys(keys, BPF_OK);
166 case IPPROTO_IPIP:
167 keys->is_encap = true;
168 if (keys->flags & BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP)
169 return export_flow_keys(keys, BPF_OK);
170
171 return parse_eth_proto(skb, bpf_htons(ETH_P_IP));
172 case IPPROTO_IPV6:
173 keys->is_encap = true;
174 if (keys->flags & BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP)
175 return export_flow_keys(keys, BPF_OK);
176
177 return parse_eth_proto(skb, bpf_htons(ETH_P_IPV6));
178 case IPPROTO_GRE:
179 gre = bpf_flow_dissect_get_header(skb, sizeof(*gre), &_gre);
180 if (!gre)
181 return export_flow_keys(keys, BPF_DROP);
182
183 if (bpf_htons(gre->flags & GRE_VERSION))
184
185 return export_flow_keys(keys, BPF_OK);
186
187 keys->thoff += sizeof(*gre);
188 if (GRE_IS_CSUM(gre->flags))
189 keys->thoff += 4;
190 if (GRE_IS_KEY(gre->flags))
191 keys->thoff += 4;
192 if (GRE_IS_SEQ(gre->flags))
193 keys->thoff += 4;
194
195 keys->is_encap = true;
196 if (keys->flags & BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP)
197 return export_flow_keys(keys, BPF_OK);
198
199 if (gre->proto == bpf_htons(ETH_P_TEB)) {
200 eth = bpf_flow_dissect_get_header(skb, sizeof(*eth),
201 &_eth);
202 if (!eth)
203 return export_flow_keys(keys, BPF_DROP);
204
205 keys->thoff += sizeof(*eth);
206
207 return parse_eth_proto(skb, eth->h_proto);
208 } else {
209 return parse_eth_proto(skb, gre->proto);
210 }
211 case IPPROTO_TCP:
212 tcp = bpf_flow_dissect_get_header(skb, sizeof(*tcp), &_tcp);
213 if (!tcp)
214 return export_flow_keys(keys, BPF_DROP);
215
216 if (tcp->doff < 5)
217 return export_flow_keys(keys, BPF_DROP);
218
219 if ((__u8 *)tcp + (tcp->doff << 2) > data_end)
220 return export_flow_keys(keys, BPF_DROP);
221
222 keys->sport = tcp->source;
223 keys->dport = tcp->dest;
224 return export_flow_keys(keys, BPF_OK);
225 case IPPROTO_UDP:
226 case IPPROTO_UDPLITE:
227 udp = bpf_flow_dissect_get_header(skb, sizeof(*udp), &_udp);
228 if (!udp)
229 return export_flow_keys(keys, BPF_DROP);
230
231 keys->sport = udp->source;
232 keys->dport = udp->dest;
233 return export_flow_keys(keys, BPF_OK);
234 default:
235 return export_flow_keys(keys, BPF_DROP);
236 }
237
238 return export_flow_keys(keys, BPF_DROP);
239}
240
241static __always_inline int parse_ipv6_proto(struct __sk_buff *skb, __u8 nexthdr)
242{
243 struct bpf_flow_keys *keys = skb->flow_keys;
244
245 switch (nexthdr) {
246 case IPPROTO_HOPOPTS:
247 case IPPROTO_DSTOPTS:
248 bpf_tail_call_static(skb, &jmp_table, IPV6OP);
249 break;
250 case IPPROTO_FRAGMENT:
251 bpf_tail_call_static(skb, &jmp_table, IPV6FR);
252 break;
253 default:
254 return parse_ip_proto(skb, nexthdr);
255 }
256
257 return export_flow_keys(keys, BPF_DROP);
258}
259
260PROG(IP)(struct __sk_buff *skb)
261{
262 void *data_end = (void *)(long)skb->data_end;
263 struct bpf_flow_keys *keys = skb->flow_keys;
264 void *data = (void *)(long)skb->data;
265 struct iphdr *iph, _iph;
266 bool done = false;
267
268 iph = bpf_flow_dissect_get_header(skb, sizeof(*iph), &_iph);
269 if (!iph)
270 return export_flow_keys(keys, BPF_DROP);
271
272
273 if (iph->ihl < 5)
274 return export_flow_keys(keys, BPF_DROP);
275
276 keys->addr_proto = ETH_P_IP;
277 keys->ipv4_src = iph->saddr;
278 keys->ipv4_dst = iph->daddr;
279 keys->ip_proto = iph->protocol;
280
281 keys->thoff += iph->ihl << 2;
282 if (data + keys->thoff > data_end)
283 return export_flow_keys(keys, BPF_DROP);
284
285 if (iph->frag_off & bpf_htons(IP_MF | IP_OFFSET)) {
286 keys->is_frag = true;
287 if (iph->frag_off & bpf_htons(IP_OFFSET)) {
288
289
290
291 done = true;
292 } else {
293 keys->is_first_frag = true;
294
295
296
297 if (!(keys->flags &
298 BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
299 done = true;
300 }
301 }
302
303 if (done)
304 return export_flow_keys(keys, BPF_OK);
305
306 return parse_ip_proto(skb, iph->protocol);
307}
308
309PROG(IPV6)(struct __sk_buff *skb)
310{
311 struct bpf_flow_keys *keys = skb->flow_keys;
312 struct ipv6hdr *ip6h, _ip6h;
313
314 ip6h = bpf_flow_dissect_get_header(skb, sizeof(*ip6h), &_ip6h);
315 if (!ip6h)
316 return export_flow_keys(keys, BPF_DROP);
317
318 keys->addr_proto = ETH_P_IPV6;
319 memcpy(&keys->ipv6_src, &ip6h->saddr, 2*sizeof(ip6h->saddr));
320
321 keys->thoff += sizeof(struct ipv6hdr);
322 keys->ip_proto = ip6h->nexthdr;
323 keys->flow_label = ip6_flowlabel(ip6h);
324
325 if (keys->flags & BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL)
326 return export_flow_keys(keys, BPF_OK);
327
328 return parse_ipv6_proto(skb, ip6h->nexthdr);
329}
330
331PROG(IPV6OP)(struct __sk_buff *skb)
332{
333 struct bpf_flow_keys *keys = skb->flow_keys;
334 struct ipv6_opt_hdr *ip6h, _ip6h;
335
336 ip6h = bpf_flow_dissect_get_header(skb, sizeof(*ip6h), &_ip6h);
337 if (!ip6h)
338 return export_flow_keys(keys, BPF_DROP);
339
340
341
342
343 keys->thoff += (1 + ip6h->hdrlen) << 3;
344 keys->ip_proto = ip6h->nexthdr;
345
346 return parse_ipv6_proto(skb, ip6h->nexthdr);
347}
348
349PROG(IPV6FR)(struct __sk_buff *skb)
350{
351 struct bpf_flow_keys *keys = skb->flow_keys;
352 struct frag_hdr *fragh, _fragh;
353
354 fragh = bpf_flow_dissect_get_header(skb, sizeof(*fragh), &_fragh);
355 if (!fragh)
356 return export_flow_keys(keys, BPF_DROP);
357
358 keys->thoff += sizeof(*fragh);
359 keys->is_frag = true;
360 keys->ip_proto = fragh->nexthdr;
361
362 if (!(fragh->frag_off & bpf_htons(IP6_OFFSET))) {
363 keys->is_first_frag = true;
364
365
366
367
368 if (!(keys->flags & BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG))
369 return export_flow_keys(keys, BPF_OK);
370 } else {
371 return export_flow_keys(keys, BPF_OK);
372 }
373
374 return parse_ipv6_proto(skb, fragh->nexthdr);
375}
376
377PROG(MPLS)(struct __sk_buff *skb)
378{
379 struct bpf_flow_keys *keys = skb->flow_keys;
380 struct mpls_label *mpls, _mpls;
381
382 mpls = bpf_flow_dissect_get_header(skb, sizeof(*mpls), &_mpls);
383 if (!mpls)
384 return export_flow_keys(keys, BPF_DROP);
385
386 return export_flow_keys(keys, BPF_OK);
387}
388
389PROG(VLAN)(struct __sk_buff *skb)
390{
391 struct bpf_flow_keys *keys = skb->flow_keys;
392 struct vlan_hdr *vlan, _vlan;
393
394
395 if (keys->n_proto == bpf_htons(ETH_P_8021AD)) {
396 vlan = bpf_flow_dissect_get_header(skb, sizeof(*vlan), &_vlan);
397 if (!vlan)
398 return export_flow_keys(keys, BPF_DROP);
399
400 if (vlan->h_vlan_encapsulated_proto != bpf_htons(ETH_P_8021Q))
401 return export_flow_keys(keys, BPF_DROP);
402
403 keys->nhoff += sizeof(*vlan);
404 keys->thoff += sizeof(*vlan);
405 }
406
407 vlan = bpf_flow_dissect_get_header(skb, sizeof(*vlan), &_vlan);
408 if (!vlan)
409 return export_flow_keys(keys, BPF_DROP);
410
411 keys->nhoff += sizeof(*vlan);
412 keys->thoff += sizeof(*vlan);
413
414 if (vlan->h_vlan_encapsulated_proto == bpf_htons(ETH_P_8021AD) ||
415 vlan->h_vlan_encapsulated_proto == bpf_htons(ETH_P_8021Q))
416 return export_flow_keys(keys, BPF_DROP);
417
418 keys->n_proto = vlan->h_vlan_encapsulated_proto;
419 return parse_eth_proto(skb, vlan->h_vlan_encapsulated_proto);
420}
421
422char __license[] SEC("license") = "GPL";
423
