[net-next,v2,05/12] flow_dissector: Parse vxlan in UDP

Commit Message

Tom Herbert Aug. 15, 2024, 9:45 p.m. UTC

Parse vxlan in a UDP encapsulation

Signed-off-by: Tom Herbert <tom@herbertland.com>
---
 net/core/flow_dissector.c | 57 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)

Comments

Willem de Bruijn Aug. 16, 2024, 7:19 p.m. UTC | #1

Tom Herbert wrote:
> Parse vxlan in a UDP encapsulation
> 
> Signed-off-by: Tom Herbert <tom@herbertland.com>

Reviewed-by: Willem de Bruijn <willemb@google.com>

(not very familiar with VXLAN)

Jakub Kicinski Aug. 17, 2024, 1:09 a.m. UTC | #2

On Thu, 15 Aug 2024 14:45:20 -0700 Tom Herbert wrote:
> +	if (hdr->vx_flags & VXLAN_F_GPE) {

sparse points out that VXLAN_F_GPE needs to be byte swapped

not 100% sure I'm following the scheme but it appears _F_ flags are in
CPU byte order, and _HF_ flags are in network

Tom Herbert Aug. 20, 2024, 6:15 p.m. UTC | #3

On Fri, Aug 16, 2024 at 6:09 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Thu, 15 Aug 2024 14:45:20 -0700 Tom Herbert wrote:
> > +     if (hdr->vx_flags & VXLAN_F_GPE) {
>
> sparse points out that VXLAN_F_GPE needs to be byte swapped
>
> not 100% sure I'm following the scheme but it appears _F_ flags are in
> CPU byte order, and _HF_ flags are in network

Hmmm, VXLAN does seem to be a bit squirrely :-) AFAICT, a VXLAN-GPE
packet isn't self identifying but requires a VNI lookup which is what
the vxlan driver. We don't have access to that table in flow
dissector, but I think we can safely infer a VXLAN-GPE packet if the
next proto-applied flag bit is set (it's always set for VXLAN-GPE,
never for VXLAN).

Tom



> --
> pw-bot: cr

Patch

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 160801b83d54..57cfae4b5d2f 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -13,7 +13,9 @@ 
 #include <net/gre.h>
 #include <net/pptp.h>
 #include <net/tipc.h>
+#include <net/tun_proto.h>
 #include <net/udp.h>
+#include <net/vxlan.h>
 #include <linux/igmp.h>
 #include <linux/icmp.h>
 #include <linux/sctp.h>
@@ -756,6 +758,55 @@  __skb_flow_dissect_gre(const struct sk_buff *skb,
 	return FLOW_DISSECT_RET_PROTO_AGAIN;
 }
 
+static enum flow_dissect_ret
+__skb_flow_dissect_vxlan(const struct sk_buff *skb,
+			 struct flow_dissector *flow_dissector,
+			 void *target_container, const void *data,
+			 __be16 *p_proto, int *p_nhoff, int hlen,
+			 unsigned int flags)
+{
+	struct vxlanhdr *hdr, _hdr;
+	__be16 protocol;
+
+	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
+				   &_hdr);
+	if (!hdr)
+		return FLOW_DISSECT_RET_OUT_BAD;
+
+	/* VNI flag always required to be set */
+	if (!(hdr->vx_flags & VXLAN_HF_VNI))
+		return FLOW_DISSECT_RET_OUT_BAD;
+
+	if (hdr->vx_flags & VXLAN_F_GPE) {
+		struct vxlanhdr_gpe *gpe = (struct vxlanhdr_gpe *)hdr;
+
+		/* Need to have Next Protocol set for interfaces in GPE mode. */
+		if (!gpe->np_applied)
+			return FLOW_DISSECT_RET_OUT_BAD;
+
+		/* The initial version is 0 */
+		if (gpe->version != 0)
+			return FLOW_DISSECT_RET_OUT_GOOD;
+
+		/* "When the O bit is set to 1, the packet is an OAM packet and
+		 * OAM so ignore
+		 */
+		if (gpe->oam_flag)
+			return FLOW_DISSECT_RET_OUT_GOOD;
+
+		protocol = tun_p_to_eth_p(gpe->next_protocol);
+		if (!protocol)
+			return FLOW_DISSECT_RET_OUT_GOOD;
+	} else {
+		protocol = htons(ETH_P_TEB);
+	}
+
+	*p_nhoff += sizeof(struct vxlanhdr);
+	*p_proto = protocol;
+
+	return FLOW_DISSECT_RET_PROTO_AGAIN;
+}
+
 /**
  * __skb_flow_dissect_batadv() - dissect batman-adv header
  * @skb: sk_buff to with the batman-adv header
@@ -900,6 +951,12 @@  __skb_flow_dissect_udp(const struct sk_buff *skb, const struct net *net,
 	ret = FLOW_DISSECT_RET_OUT_GOOD;
 
 	switch (encap_type) {
+	case UDP_ENCAP_VXLAN:
+	case UDP_ENCAP_VXLAN_GPE:
+		ret = __skb_flow_dissect_vxlan(skb, flow_dissector,
+					       target_container, data,
+					       p_proto, &nhoff, hlen, flags);
+		break;
 	default:
 		break;
 	}