[12/12] flow_dissector: Parse gtp in UDP

Message ID	20240731172332.683815-13-tom@herbertland.com (mailing list archive)
State	Changes Requested
Delegated to:	Netdev Maintainers
Headers	show Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 207F81BD4E3 for <netdev@vger.kernel.org>; Wed, 31 Jul 2024 17:24:07 +0000 (UTC) From: Tom Herbert <tom@herbertland.com> To: davem@davemloft.net, kuba@kernel.org, edumazet@google.com, netdev@vger.kernel.org, felipe@sipanda.io Cc: Tom Herbert <tom@herbertland.com> Subject: [PATCH 12/12] flow_dissector: Parse gtp in UDP Date: Wed, 31 Jul 2024 10:23:32 -0700 Message-Id: <20240731172332.683815-13-tom@herbertland.com> In-Reply-To: <20240731172332.683815-1-tom@herbertland.com> References: <20240731172332.683815-1-tom@herbertland.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	flow_dissector: Dissect UDP encapsulation protocols \| expand [00/12] flow_dissector: Dissect UDP encapsulation protocols [01/12] skbuff: Unconstantify struct net argument in flowdis functions [02/12] flow_dissector: Parse ETH_P_TEB [03/12] flow_dissector: Move ETH_P_TEB out of GRE [04/12] udp_encaps: Add new UDP_ENCAP constants [05/12] udp_encaps: Set proper UDP_ENCAP types in tunnel setup [06/12] flow_dissector: UDP encap infrastructure [07/12] flow_dissector: Parse vxlan in UDP [08/12] flow_dissector: Parse foo-over-udp (FOU) [09/12] flow_dissector: Parse ESP, L2TP, and SCTP in UDP [10/12] flow_dissector: Parse Geneve in UDP [11/12] flow_dissector: Parse GUE in UDP [12/12] flow_dissector: Parse gtp in UDP

Message ID

20240731172332.683815-13-tom@herbertland.com (mailing list archive)

State

Changes Requested

Delegated to:

Netdev Maintainers

Headers

From: Tom Herbert <tom@herbertland.com>
To: davem@davemloft.net,
	kuba@kernel.org,
	edumazet@google.com,
	netdev@vger.kernel.org,
	felipe@sipanda.io
Cc: Tom Herbert <tom@herbertland.com>
Subject: [PATCH 12/12] flow_dissector: Parse gtp in UDP
Date: Wed, 31 Jul 2024 10:23:32 -0700
Message-Id: <20240731172332.683815-13-tom@herbertland.com>
In-Reply-To: <20240731172332.683815-1-tom@herbertland.com>
References: <20240731172332.683815-1-tom@herbertland.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

flow_dissector: Dissect UDP encapsulation protocols | expand

Context	Check	Description
netdev/series_format	success	Posting correctly formatted
netdev/tree_selection	success	Guessed tree name to be net-next, async
netdev/ynl	success	Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	fail	Errors and warnings before: 46 this patch: 46
netdev/build_tools	success	No tools touched, skip
netdev/cc_maintainers	warning	1 maintainers not CCed: pabeni@redhat.com
netdev/build_clang	fail	Errors and warnings before: 48 this patch: 48
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	fail	Errors and warnings before: 49 this patch: 49
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 111 lines checked
netdev/build_clang_rust	success	No Rust files in patch. Skipping build
netdev/kdoc	success	Errors and warnings before: 3 this patch: 3
netdev/source_inline	success	Was 0 now: 0

Context

Check

Description

netdev/series_format

success

Posting correctly formatted

netdev/tree_selection

success

Guessed tree name to be net-next, async

netdev/ynl

success

Generated files up to date; no warnings/errors; no diff in generated;

netdev/fixes_present

success

Fixes tag not required for -next series

netdev/header_inline

success

No static functions without inline keyword in header files

netdev/build_32bit

fail

Errors and warnings before: 46 this patch: 46

netdev/build_tools

success

No tools touched, skip

netdev/cc_maintainers

warning

1 maintainers not CCed: pabeni@redhat.com

netdev/build_clang

fail

Errors and warnings before: 48 this patch: 48

netdev/verify_signedoff

success

Signed-off-by tag matches author and committer

netdev/deprecated_api

success

None detected

netdev/check_selftest

success

No net selftest shell script

netdev/verify_fixes

success

No Fixes tag

netdev/build_allmodconfig_warn

fail

Errors and warnings before: 49 this patch: 49

netdev/checkpatch

success

total: 0 errors, 0 warnings, 0 checks, 111 lines checked

netdev/build_clang_rust

success

No Rust files in patch. Skipping build

netdev/kdoc

success

Errors and warnings before: 3 this patch: 3

netdev/source_inline

success

Was 0 now: 0

Commit Message

Tom Herbert July 31, 2024, 5:23 p.m. UTC

Parse both version 0 and 1. Call __skb_direct_ip_dissect to determine
IP version of the encapsulated packet

Signed-off-by: Tom Herbert <tom@herbertland.com>
---
 net/core/flow_dissector.c | 87 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)

Comments

Willem de Bruijn Aug. 3, 2024, 7:30 p.m. UTC | #1

Tom Herbert wrote:
> Parse both version 0 and 1. Call __skb_direct_ip_dissect to determine
> IP version of the encapsulated packet
> 
> Signed-off-by: Tom Herbert <tom@herbertland.com>
> ---
>  net/core/flow_dissector.c | 87 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 87 insertions(+)
> 
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 7f0bf737c3db..af197ed560b8 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -9,6 +9,7 @@
>  #include <net/dsa.h>
>  #include <net/dst_metadata.h>
>  #include <net/fou.h>
> +#include <net/gtp.h>
>  #include <net/ip.h>
>  #include <net/ipv6.h>
>  #include <net/geneve.h>
> @@ -35,6 +36,7 @@
>  #include <net/pkt_cls.h>
>  #include <scsi/fc/fc_fcoe.h>
>  #include <uapi/linux/batadv_packet.h>
> +#include <uapi/linux/gtp.h>
>  #include <linux/bpf.h>
>  #if IS_ENABLED(CONFIG_NF_CONNTRACK)
>  #include <net/netfilter/nf_conntrack_core.h>
> @@ -887,6 +889,81 @@ __skb_flow_dissect_gue(const struct sk_buff *skb,
>  	return FLOW_DISSECT_RET_IPPROTO_AGAIN;
>  }
>  
> +static enum flow_dissect_ret
> +__skb_flow_dissect_gtp0(const struct sk_buff *skb,
> +			struct flow_dissector *flow_dissector,
> +			void *target_container, const void *data,
> +			__u8 *p_ip_proto, int *p_nhoff, int hlen,
> +			unsigned int flags)
> +{
> +	__u8 *ip_version, _ip_version, proto;
> +	struct gtp0_header *hdr, _hdr;
> +
> +	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
> +				   &_hdr);
> +	if (!hdr)
> +		return FLOW_DISSECT_RET_OUT_BAD;
> +
> +	if ((hdr->flags >> 5) != GTP_V0)
> +		return FLOW_DISSECT_RET_OUT_GOOD;
> +
> +	ip_version = skb_header_pointer(skb, *p_nhoff + sizeof(_hdr),
> +					sizeof(*ip_version),
> +					&_ip_version);
> +	if (!ip_version)
> +		return FLOW_DISSECT_RET_OUT_BAD;
> +
> +	proto = __skb_direct_ip_dissect(ip_version);
> +	if (!proto)
> +		return FLOW_DISSECT_RET_OUT_GOOD;
> +
> +	*p_ip_proto = proto;
> +	*p_nhoff += sizeof(struct gtp0_header);
> +
> +	return FLOW_DISSECT_RET_IPPROTO_AGAIN;
> +}
> +
> +static enum flow_dissect_ret
> +__skb_flow_dissect_gtp1u(const struct sk_buff *skb,
> +			 struct flow_dissector *flow_dissector,
> +			 void *target_container, const void *data,
> +			 __u8 *p_ip_proto, int *p_nhoff, int hlen,
> +			 unsigned int flags)
> +{
> +	__u8 *ip_version, _ip_version, proto;
> +	struct gtp1_header *hdr, _hdr;
> +	int hdrlen = sizeof(_hdr);
> +
> +	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
> +				   &_hdr);
> +	if (!hdr)
> +		return FLOW_DISSECT_RET_OUT_BAD;
> +
> +	if ((hdr->flags >> 5) != GTP_V1)
> +		return FLOW_DISSECT_RET_OUT_GOOD;
> +
> +	if (hdr->type != GTP_TPDU)
> +		return FLOW_DISSECT_RET_OUT_GOOD;
> +
> +	if (hdr->flags & GTP1_F_MASK)
> +		hdrlen += 4;
> +

The only difference with +__skb_flow_dissect_gtp0 is these two
branches. Can probably deduplicate.

Also, escape early if any of the other optional field bits are set?

  #define GTP1_F_NPDU     0x01
  #define GTP1_F_SEQ      0x02
  #define GTP1_F_EXTHDR   0x04

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 7f0bf737c3db..af197ed560b8 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -9,6 +9,7 @@ 
 #include <net/dsa.h>
 #include <net/dst_metadata.h>
 #include <net/fou.h>
+#include <net/gtp.h>
 #include <net/ip.h>
 #include <net/ipv6.h>
 #include <net/geneve.h>
@@ -35,6 +36,7 @@ 
 #include <net/pkt_cls.h>
 #include <scsi/fc/fc_fcoe.h>
 #include <uapi/linux/batadv_packet.h>
+#include <uapi/linux/gtp.h>
 #include <linux/bpf.h>
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
 #include <net/netfilter/nf_conntrack_core.h>
@@ -887,6 +889,81 @@  __skb_flow_dissect_gue(const struct sk_buff *skb,
 	return FLOW_DISSECT_RET_IPPROTO_AGAIN;
 }
 
+static enum flow_dissect_ret
+__skb_flow_dissect_gtp0(const struct sk_buff *skb,
+			struct flow_dissector *flow_dissector,
+			void *target_container, const void *data,
+			__u8 *p_ip_proto, int *p_nhoff, int hlen,
+			unsigned int flags)
+{
+	__u8 *ip_version, _ip_version, proto;
+	struct gtp0_header *hdr, _hdr;
+
+	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
+				   &_hdr);
+	if (!hdr)
+		return FLOW_DISSECT_RET_OUT_BAD;
+
+	if ((hdr->flags >> 5) != GTP_V0)
+		return FLOW_DISSECT_RET_OUT_GOOD;
+
+	ip_version = skb_header_pointer(skb, *p_nhoff + sizeof(_hdr),
+					sizeof(*ip_version),
+					&_ip_version);
+	if (!ip_version)
+		return FLOW_DISSECT_RET_OUT_BAD;
+
+	proto = __skb_direct_ip_dissect(ip_version);
+	if (!proto)
+		return FLOW_DISSECT_RET_OUT_GOOD;
+
+	*p_ip_proto = proto;
+	*p_nhoff += sizeof(struct gtp0_header);
+
+	return FLOW_DISSECT_RET_IPPROTO_AGAIN;
+}
+
+static enum flow_dissect_ret
+__skb_flow_dissect_gtp1u(const struct sk_buff *skb,
+			 struct flow_dissector *flow_dissector,
+			 void *target_container, const void *data,
+			 __u8 *p_ip_proto, int *p_nhoff, int hlen,
+			 unsigned int flags)
+{
+	__u8 *ip_version, _ip_version, proto;
+	struct gtp1_header *hdr, _hdr;
+	int hdrlen = sizeof(_hdr);
+
+	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
+				   &_hdr);
+	if (!hdr)
+		return FLOW_DISSECT_RET_OUT_BAD;
+
+	if ((hdr->flags >> 5) != GTP_V1)
+		return FLOW_DISSECT_RET_OUT_GOOD;
+
+	if (hdr->type != GTP_TPDU)
+		return FLOW_DISSECT_RET_OUT_GOOD;
+
+	if (hdr->flags & GTP1_F_MASK)
+		hdrlen += 4;
+
+	ip_version = skb_header_pointer(skb, *p_nhoff + hdrlen,
+					sizeof(*ip_version),
+					&_ip_version);
+	if (!ip_version)
+		return FLOW_DISSECT_RET_OUT_GOOD;
+
+	proto = __skb_direct_ip_dissect(ip_version);
+	if (!proto)
+		return FLOW_DISSECT_RET_OUT_GOOD;
+
+	*p_ip_proto = proto;
+	*p_nhoff += hdrlen;
+
+	return FLOW_DISSECT_RET_IPPROTO_AGAIN;
+}
+
 /**
  * __skb_flow_dissect_batadv() - dissect batman-adv header
  * @skb: sk_buff to with the batman-adv header
@@ -1039,6 +1116,16 @@  __skb_flow_dissect_udp(const struct sk_buff *skb, struct net *net,
 		*p_ip_proto = IPPROTO_L2TP;
 		ret = FLOW_DISSECT_RET_IPPROTO_AGAIN;
 		break;
+	case UDP_ENCAP_GTP0:
+		ret = __skb_flow_dissect_gtp0(skb, flow_dissector,
+					      target_container, data,
+					      p_ip_proto, &nhoff, hlen, flags);
+		break;
+	case UDP_ENCAP_GTP1U:
+		ret = __skb_flow_dissect_gtp1u(skb, flow_dissector,
+					       target_container, data,
+					       p_ip_proto, &nhoff, hlen, flags);
+		break;
 	case UDP_ENCAP_FOU:
 		*p_ip_proto = fou_protocol;
 		ret = FLOW_DISSECT_RET_IPPROTO_AGAIN;

[12/12] flow_dissector: Parse gtp in UDP

Checks

Commit Message

Comments

Patch