From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: steffen.klassert@secunet.com, herbert@gondor.apana.org.au,
Florian Westphal <fw@strlen.de>
Subject: [RFC ipsec-next 2/3] flow_dissector: add ipv6 mobility header support
Date: Fri, 8 Sep 2023 14:06:19 +0200 [thread overview]
Message-ID: <20230908120628.26164-3-fw@strlen.de> (raw)
In-Reply-To: <20230908120628.26164-1-fw@strlen.de>
Needed to replace xfrm home-grown decoder with the flow dissector if we
don't want to lose functionality.
Alternative is to drop mobility header support and see if
anyone complains.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/flow_dissector.h | 5 +++++
net/core/flow_dissector.c | 27 +++++++++++++++++++++++++++
2 files changed, 32 insertions(+)
diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index 1a7131d6cb0e..a82b7039d755 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -329,6 +329,10 @@ struct flow_dissector_key_cfm {
#define FLOW_DIS_CFM_MDL_MASK GENMASK(7, 5)
#define FLOW_DIS_CFM_MDL_MAX 7
+struct flow_dissector_ipv6_mh {
+ u8 mh_type;
+};
+
enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -363,6 +367,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
+ FLOW_DISSECTOR_KEY_IPV6MH, /* struct flow_dissector_ipv6_mh */
FLOW_DISSECTOR_KEY_MAX,
};
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 89d15ceaf9af..6dcd608f8da6 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1531,6 +1531,33 @@ bool __skb_flow_dissect(const struct net *net,
fdret = FLOW_DISSECT_RET_IPPROTO_AGAIN;
break;
}
+ case NEXTHDR_MOBILITY: {
+ struct flow_dissector_ipv6_mh *key_ipv6mh;
+ u8 _opthdr[3], *opthdr;
+
+ if (proto != htons(ETH_P_IPV6))
+ break;
+
+ opthdr = __skb_header_pointer(skb, nhoff, sizeof(_opthdr),
+ data, hlen, &_opthdr);
+ if (!opthdr) {
+ fdret = FLOW_DISSECT_RET_OUT_BAD;
+ break;
+ }
+
+ if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPV6MH))
+ break;
+
+ key_ipv6mh = skb_flow_dissector_target(flow_dissector,
+ FLOW_DISSECTOR_KEY_IPV6MH,
+ target_container);
+ ip_proto = opthdr[0];
+ nhoff += (opthdr[1] + 1) << 3;
+ key_ipv6mh->mh_type = opthdr[2];
+
+ fdret = FLOW_DISSECT_RET_OUT_GOOD;
+ break;
+ }
case NEXTHDR_FRAGMENT: {
struct frag_hdr _fh, *fh;
--
2.41.0
next prev parent reply other threads:[~2023-09-08 12:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-08 12:06 [RFC ipsec-next 0/3] xfrm: policy: replace session decode with flow dissector Florian Westphal
2023-09-08 12:06 ` [RFC ipsec-next 1/3] xfrm: move mark and oif flowi decode into common code Florian Westphal
2023-09-08 12:06 ` Florian Westphal [this message]
2023-09-08 12:06 ` [RFC ipsec-next 3/3] xfrm: policy: replace session decode with flow dissector Florian Westphal
2023-09-09 22:30 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230908120628.26164-3-fw@strlen.de \
--to=fw@strlen.de \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.