Merge branch 'flow_dissector-input-flags'

  * ``nhoff`` - initial offset of the networking header

  * ``thoff`` - initial offset of the transport header, initialized to nhoff

  * ``n_proto`` - L3 protocol type, parsed out of L2 header

  * ``flags`` - optional flags

Flow dissector BPF program should fill out the rest of the ``struct

bpf_flow_keys`` fields. Input arguments ``nhoff/thoff/n_proto`` should be

handle both cases.

Flags

=====

``flow_keys->flags`` might contain optional input flags that work as follows:

* ``BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG`` - tells BPF flow dissector to

  continue parsing first fragment; the default expected behavior is that

  flow dissector returns as soon as it finds out that the packet is fragmented;

  used by ``eth_get_headlen`` to estimate length of all headers for GRO.

* ``BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL`` - tells BPF flow dissector to

  stop parsing as soon as it reaches IPv6 flow label; used by

  ``___skb_get_hash`` and ``__skb_get_hash_symmetric`` to get flow hash.

* ``BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP`` - tells BPF flow dissector to stop

  parsing as soon as it reaches encapsulated headers; used by routing

  infrastructure.

Reference Implementation

========================

struct bpf_flow_dissector;

bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,

		      __be16 proto, int nhoff, int hlen);

		      __be16 proto, int nhoff, int hlen, unsigned int flags);

bool __skb_flow_dissect(const struct net *net,

			const struct sk_buff *skb,

	BPF_FD_TYPE_URETPROBE,		/* filename + offset */

};

#define BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG		(1U << 0)

#define BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL		(1U << 1)

#define BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP		(1U << 2)

struct bpf_flow_keys {

	__u16	nhoff;

	__u16	thoff;

			__u32	ipv6_dst[4];	/* in6_addr; network order */

		};

	};

	__u32	flags;

	__be32	flow_label;

};

struct bpf_func_info {

	return ret;

}

static int verify_user_bpf_flow_keys(struct bpf_flow_keys *ctx)

{

	/* make sure the fields we don't use are zeroed */

	if (!range_is_zero(ctx, 0, offsetof(struct bpf_flow_keys, flags)))

		return -EINVAL;

	/* flags is allowed */

	if (!range_is_zero(ctx, offsetof(struct bpf_flow_keys, flags) +

			   FIELD_SIZEOF(struct bpf_flow_keys, flags),

			   sizeof(struct bpf_flow_keys)))

		return -EINVAL;

	return 0;

}

int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,

				     const union bpf_attr *kattr,

				     union bpf_attr __user *uattr)

	u32 size = kattr->test.data_size_in;

	struct bpf_flow_dissector ctx = {};

	u32 repeat = kattr->test.repeat;

	struct bpf_flow_keys *user_ctx;

	struct bpf_flow_keys flow_keys;

	u64 time_start, time_spent = 0;

	const struct ethhdr *eth;

	unsigned int flags = 0;

	u32 retval, duration;

	void *data;

	int ret;

	if (prog->type != BPF_PROG_TYPE_FLOW_DISSECTOR)

		return -EINVAL;

	if (kattr->test.ctx_in || kattr->test.ctx_out)

		return -EINVAL;

	if (size < ETH_HLEN)

		return -EINVAL;

	if (!repeat)

		repeat = 1;

	user_ctx = bpf_ctx_init(kattr, sizeof(struct bpf_flow_keys));

	if (IS_ERR(user_ctx)) {

		kfree(data);

		return PTR_ERR(user_ctx);

	}

	if (user_ctx) {

		ret = verify_user_bpf_flow_keys(user_ctx);

		if (ret)

			goto out;

		flags = user_ctx->flags;

	}

	ctx.flow_keys = &flow_keys;

	ctx.data = data;

	ctx.data_end = (__u8 *)data + size;

	time_start = ktime_get_ns();

	for (i = 0; i < repeat; i++) {

		retval = bpf_flow_dissect(prog, &ctx, eth->h_proto, ETH_HLEN,

					  size);

					  size, flags);

		if (signal_pending(current)) {

			preempt_enable();

	ret = bpf_test_finish(kattr, uattr, &flow_keys, sizeof(flow_keys),

			      retval, duration);

	if (!ret)

		ret = bpf_ctx_finish(kattr, uattr, user_ctx,

				     sizeof(struct bpf_flow_keys));

out:

	kfree(user_ctx);

	kfree(data);

	return ret;

}

	struct flow_dissector_key_basic *key_basic;

	struct flow_dissector_key_addrs *key_addrs;

	struct flow_dissector_key_ports *key_ports;

	struct flow_dissector_key_tags *key_tags;

	key_control = skb_flow_dissector_target(flow_dissector,

						FLOW_DISSECTOR_KEY_CONTROL,

		key_ports->src = flow_keys->sport;

		key_ports->dst = flow_keys->dport;

	}

	if (dissector_uses_key(flow_dissector,

			       FLOW_DISSECTOR_KEY_FLOW_LABEL)) {

		key_tags = skb_flow_dissector_target(flow_dissector,

						     FLOW_DISSECTOR_KEY_FLOW_LABEL,

						     target_container);

		key_tags->flow_label = ntohl(flow_keys->flow_label);

	}

}

bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,

		      __be16 proto, int nhoff, int hlen)

		      __be16 proto, int nhoff, int hlen, unsigned int flags)

{

	struct bpf_flow_keys *flow_keys = ctx->flow_keys;

	u32 result;

	flow_keys->nhoff = nhoff;

	flow_keys->thoff = flow_keys->nhoff;

	BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_PARSE_1ST_FRAG !=

		     (int)FLOW_DISSECTOR_F_PARSE_1ST_FRAG);

	BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL !=

		     (int)FLOW_DISSECTOR_F_STOP_AT_FLOW_LABEL);

	BUILD_BUG_ON((int)BPF_FLOW_DISSECTOR_F_STOP_AT_ENCAP !=

		     (int)FLOW_DISSECTOR_F_STOP_AT_ENCAP);

	flow_keys->flags = flags;

	preempt_disable();

	result = BPF_PROG_RUN(prog, ctx);

	preempt_enable();

			}

			ret = bpf_flow_dissect(attached, &ctx, n_proto, nhoff,

					       hlen);

					       hlen, flags);

			__skb_flow_bpf_to_target(&flow_keys, flow_dissector,

						 target_container);

			rcu_read_unlock();