From: Marcin Szycik <marcin.szycik@linux.intel.com>
To: netdev@vger.kernel.org
Cc: anthony.l.nguyen@intel.com, davem@davemloft.net,
xiyou.wangcong@gmail.com, jesse.brandeburg@intel.com,
gustavoars@kernel.org, baowen.zheng@corigine.com,
boris.sukholitko@broadcom.com, edumazet@google.com,
kuba@kernel.org, jhs@mojatatu.com, jiri@resnulli.us,
kurt@linutronix.de, pablo@netfilter.org, pabeni@redhat.com,
paulb@nvidia.com, simon.horman@corigine.com,
komachi.yoshiki@gmail.com, zhangkaiheb@126.com,
intel-wired-lan@lists.osuosl.org,
michal.swiatkowski@linux.intel.com, wojciech.drewek@intel.com,
alexandr.lobakin@intel.com, gnault@redhat.com,
mostrows@speakeasy.net, paulus@samba.org
Subject: [RFC PATCH net-next v5 1/4] flow_dissector: Add PPPoE dissectors
Date: Fri, 15 Jul 2022 15:04:27 +0200 [thread overview]
Message-ID: <20220715130430.160029-2-marcin.szycik@linux.intel.com> (raw)
In-Reply-To: <20220715130430.160029-1-marcin.szycik@linux.intel.com>
From: Wojciech Drewek <wojciech.drewek@intel.com>
Allow to dissect PPPoE specific fields which are:
- session ID (16 bits)
- ppp protocol (16 bits)
- type (16 bits) - this is PPPoE ethertype, for now only
ETH_P_PPP_SES is supported, possible ETH_P_PPP_DISC
in the future
The goal is to make the following TC command possible:
# tc filter add dev ens6f0 ingress prio 1 protocol ppp_ses \
flower \
pppoe_sid 12 \
ppp_proto ip \
action drop
Note that only PPPoE Session is supported.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
---
v5: fix endianness when processing compressed protocols
v4:
* pppoe header validation
* added MPLS dissection
* added support for compressed ppp protocol field
* flow_dissector_key_pppoe::session_id stored in __be16
* new field: flow_dissector_key_pppoe::type
v3: revert byte order changes in is_ppp_proto_supported from
previous version
v2: ntohs instead of htons in is_ppp_proto_supported
include/net/flow_dissector.h | 13 ++++++
net/core/flow_dissector.c | 85 +++++++++++++++++++++++++++++++++---
2 files changed, 91 insertions(+), 7 deletions(-)
diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index 0f9544a9bb9e..6c74812d64b2 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -277,6 +277,18 @@ struct flow_dissector_key_num_of_vlans {
u8 num_of_vlans;
};
+/**
+ * struct flow_dissector_key_pppoe:
+ * @session_id: pppoe session id
+ * @ppp_proto: ppp protocol
+ * @type: pppoe eth type
+ */
+struct flow_dissector_key_pppoe {
+ __be16 session_id;
+ __be16 ppp_proto;
+ __be16 type;
+};
+
enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -307,6 +319,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
+ FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
FLOW_DISSECTOR_KEY_MAX,
};
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 6aee04f75e3e..e3dfc9e5d095 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -895,6 +895,42 @@ bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
return result == BPF_OK;
}
+/**
+ * is_ppp_proto_supported - checks if inner PPP protocol should be dissected
+ * @proto: protocol type (PPP proto field)
+ */
+static bool is_ppp_proto_supported(__be16 proto)
+{
+ switch (proto) {
+ case htons(PPP_AT):
+ case htons(PPP_IPX):
+ case htons(PPP_VJC_COMP):
+ case htons(PPP_VJC_UNCOMP):
+ case htons(PPP_MP):
+ case htons(PPP_COMPFRAG):
+ case htons(PPP_COMP):
+ case htons(PPP_IPCP):
+ case htons(PPP_ATCP):
+ case htons(PPP_IPXCP):
+ case htons(PPP_IPV6CP):
+ case htons(PPP_CCPFRAG):
+ case htons(PPP_MPLSCP):
+ case htons(PPP_LCP):
+ case htons(PPP_PAP):
+ case htons(PPP_LQR):
+ case htons(PPP_CHAP):
+ case htons(PPP_CBCP):
+ return true;
+ default:
+ return false;
+ }
+}
+
+static bool is_pppoe_ses_hdr_valid(struct pppoe_hdr hdr)
+{
+ return hdr.ver == 1 && hdr.type == 1 && hdr.code == 0;
+}
+
/**
* __skb_flow_dissect - extract the flow_keys struct and return it
* @net: associated network namespace, derived from @skb if NULL
@@ -1214,26 +1250,61 @@ bool __skb_flow_dissect(const struct net *net,
struct pppoe_hdr hdr;
__be16 proto;
} *hdr, _hdr;
+ u16 ppp_proto;
+
hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
if (!hdr) {
fdret = FLOW_DISSECT_RET_OUT_BAD;
break;
}
- nhoff += PPPOE_SES_HLEN;
- switch (hdr->proto) {
- case htons(PPP_IP):
+ if (!is_pppoe_ses_hdr_valid(hdr->hdr)) {
+ fdret = FLOW_DISSECT_RET_OUT_BAD;
+ break;
+ }
+
+ /* least significant bit of the least significant octet
+ * indicates if protocol field was compressed
+ */
+ ppp_proto = ntohs(hdr->proto);
+ if (ppp_proto & 256) {
+ ppp_proto = htons(ppp_proto >> 8);
+ nhoff += PPPOE_SES_HLEN - 1;
+ } else {
+ ppp_proto = htons(ppp_proto);
+ nhoff += PPPOE_SES_HLEN;
+ }
+
+ if (ppp_proto == htons(PPP_IP)) {
proto = htons(ETH_P_IP);
fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
- break;
- case htons(PPP_IPV6):
+ } else if (ppp_proto == htons(PPP_IPV6)) {
proto = htons(ETH_P_IPV6);
fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
- break;
- default:
+ } else if (ppp_proto == htons(PPP_MPLS_UC)) {
+ proto = htons(ETH_P_MPLS_UC);
+ fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
+ } else if (ppp_proto == htons(PPP_MPLS_MC)) {
+ proto = htons(ETH_P_MPLS_MC);
+ fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
+ } else if (is_ppp_proto_supported(ppp_proto)) {
+ fdret = FLOW_DISSECT_RET_OUT_GOOD;
+ } else {
fdret = FLOW_DISSECT_RET_OUT_BAD;
break;
}
+
+ if (dissector_uses_key(flow_dissector,
+ FLOW_DISSECTOR_KEY_PPPOE)) {
+ struct flow_dissector_key_pppoe *key_pppoe;
+
+ key_pppoe = skb_flow_dissector_target(flow_dissector,
+ FLOW_DISSECTOR_KEY_PPPOE,
+ target_container);
+ key_pppoe->session_id = hdr->hdr.sid;
+ key_pppoe->ppp_proto = ppp_proto;
+ key_pppoe->type = htons(ETH_P_PPP_SES);
+ }
break;
}
case htons(ETH_P_TIPC): {
--
2.35.1
WARNING: multiple messages have this Message-ID (diff)
From: Marcin Szycik <marcin.szycik@linux.intel.com>
To: netdev@vger.kernel.org
Cc: simon.horman@corigine.com, kurt@linutronix.de, paulb@nvidia.com,
edumazet@google.com, boris.sukholitko@broadcom.com,
jiri@resnulli.us, paulus@samba.org, gnault@redhat.com,
jesse.brandeburg@intel.com, intel-wired-lan@lists.osuosl.org,
kuba@kernel.org, zhangkaiheb@126.com, pablo@netfilter.org,
baowen.zheng@corigine.com, komachi.yoshiki@gmail.com,
jhs@mojatatu.com, xiyou.wangcong@gmail.com, pabeni@redhat.com,
gustavoars@kernel.org, mostrows@speakeasy.net,
davem@davemloft.net
Subject: [Intel-wired-lan] [RFC PATCH net-next v5 1/4] flow_dissector: Add PPPoE dissectors
Date: Fri, 15 Jul 2022 15:04:27 +0200 [thread overview]
Message-ID: <20220715130430.160029-2-marcin.szycik@linux.intel.com> (raw)
In-Reply-To: <20220715130430.160029-1-marcin.szycik@linux.intel.com>
From: Wojciech Drewek <wojciech.drewek@intel.com>
Allow to dissect PPPoE specific fields which are:
- session ID (16 bits)
- ppp protocol (16 bits)
- type (16 bits) - this is PPPoE ethertype, for now only
ETH_P_PPP_SES is supported, possible ETH_P_PPP_DISC
in the future
The goal is to make the following TC command possible:
# tc filter add dev ens6f0 ingress prio 1 protocol ppp_ses \
flower \
pppoe_sid 12 \
ppp_proto ip \
action drop
Note that only PPPoE Session is supported.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
---
v5: fix endianness when processing compressed protocols
v4:
* pppoe header validation
* added MPLS dissection
* added support for compressed ppp protocol field
* flow_dissector_key_pppoe::session_id stored in __be16
* new field: flow_dissector_key_pppoe::type
v3: revert byte order changes in is_ppp_proto_supported from
previous version
v2: ntohs instead of htons in is_ppp_proto_supported
include/net/flow_dissector.h | 13 ++++++
net/core/flow_dissector.c | 85 +++++++++++++++++++++++++++++++++---
2 files changed, 91 insertions(+), 7 deletions(-)
diff --git a/include/net/flow_dissector.h b/include/net/flow_dissector.h
index 0f9544a9bb9e..6c74812d64b2 100644
--- a/include/net/flow_dissector.h
+++ b/include/net/flow_dissector.h
@@ -277,6 +277,18 @@ struct flow_dissector_key_num_of_vlans {
u8 num_of_vlans;
};
+/**
+ * struct flow_dissector_key_pppoe:
+ * @session_id: pppoe session id
+ * @ppp_proto: ppp protocol
+ * @type: pppoe eth type
+ */
+struct flow_dissector_key_pppoe {
+ __be16 session_id;
+ __be16 ppp_proto;
+ __be16 type;
+};
+
enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CONTROL, /* struct flow_dissector_key_control */
FLOW_DISSECTOR_KEY_BASIC, /* struct flow_dissector_key_basic */
@@ -307,6 +319,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_CT, /* struct flow_dissector_key_ct */
FLOW_DISSECTOR_KEY_HASH, /* struct flow_dissector_key_hash */
FLOW_DISSECTOR_KEY_NUM_OF_VLANS, /* struct flow_dissector_key_num_of_vlans */
+ FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
FLOW_DISSECTOR_KEY_MAX,
};
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 6aee04f75e3e..e3dfc9e5d095 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -895,6 +895,42 @@ bool bpf_flow_dissect(struct bpf_prog *prog, struct bpf_flow_dissector *ctx,
return result == BPF_OK;
}
+/**
+ * is_ppp_proto_supported - checks if inner PPP protocol should be dissected
+ * @proto: protocol type (PPP proto field)
+ */
+static bool is_ppp_proto_supported(__be16 proto)
+{
+ switch (proto) {
+ case htons(PPP_AT):
+ case htons(PPP_IPX):
+ case htons(PPP_VJC_COMP):
+ case htons(PPP_VJC_UNCOMP):
+ case htons(PPP_MP):
+ case htons(PPP_COMPFRAG):
+ case htons(PPP_COMP):
+ case htons(PPP_IPCP):
+ case htons(PPP_ATCP):
+ case htons(PPP_IPXCP):
+ case htons(PPP_IPV6CP):
+ case htons(PPP_CCPFRAG):
+ case htons(PPP_MPLSCP):
+ case htons(PPP_LCP):
+ case htons(PPP_PAP):
+ case htons(PPP_LQR):
+ case htons(PPP_CHAP):
+ case htons(PPP_CBCP):
+ return true;
+ default:
+ return false;
+ }
+}
+
+static bool is_pppoe_ses_hdr_valid(struct pppoe_hdr hdr)
+{
+ return hdr.ver == 1 && hdr.type == 1 && hdr.code == 0;
+}
+
/**
* __skb_flow_dissect - extract the flow_keys struct and return it
* @net: associated network namespace, derived from @skb if NULL
@@ -1214,26 +1250,61 @@ bool __skb_flow_dissect(const struct net *net,
struct pppoe_hdr hdr;
__be16 proto;
} *hdr, _hdr;
+ u16 ppp_proto;
+
hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
if (!hdr) {
fdret = FLOW_DISSECT_RET_OUT_BAD;
break;
}
- nhoff += PPPOE_SES_HLEN;
- switch (hdr->proto) {
- case htons(PPP_IP):
+ if (!is_pppoe_ses_hdr_valid(hdr->hdr)) {
+ fdret = FLOW_DISSECT_RET_OUT_BAD;
+ break;
+ }
+
+ /* least significant bit of the least significant octet
+ * indicates if protocol field was compressed
+ */
+ ppp_proto = ntohs(hdr->proto);
+ if (ppp_proto & 256) {
+ ppp_proto = htons(ppp_proto >> 8);
+ nhoff += PPPOE_SES_HLEN - 1;
+ } else {
+ ppp_proto = htons(ppp_proto);
+ nhoff += PPPOE_SES_HLEN;
+ }
+
+ if (ppp_proto == htons(PPP_IP)) {
proto = htons(ETH_P_IP);
fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
- break;
- case htons(PPP_IPV6):
+ } else if (ppp_proto == htons(PPP_IPV6)) {
proto = htons(ETH_P_IPV6);
fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
- break;
- default:
+ } else if (ppp_proto == htons(PPP_MPLS_UC)) {
+ proto = htons(ETH_P_MPLS_UC);
+ fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
+ } else if (ppp_proto == htons(PPP_MPLS_MC)) {
+ proto = htons(ETH_P_MPLS_MC);
+ fdret = FLOW_DISSECT_RET_PROTO_AGAIN;
+ } else if (is_ppp_proto_supported(ppp_proto)) {
+ fdret = FLOW_DISSECT_RET_OUT_GOOD;
+ } else {
fdret = FLOW_DISSECT_RET_OUT_BAD;
break;
}
+
+ if (dissector_uses_key(flow_dissector,
+ FLOW_DISSECTOR_KEY_PPPOE)) {
+ struct flow_dissector_key_pppoe *key_pppoe;
+
+ key_pppoe = skb_flow_dissector_target(flow_dissector,
+ FLOW_DISSECTOR_KEY_PPPOE,
+ target_container);
+ key_pppoe->session_id = hdr->hdr.sid;
+ key_pppoe->ppp_proto = ppp_proto;
+ key_pppoe->type = htons(ETH_P_PPP_SES);
+ }
break;
}
case htons(ETH_P_TIPC): {
--
2.35.1
_______________________________________________
Intel-wired-lan mailing list
Intel-wired-lan@osuosl.org
https://lists.osuosl.org/mailman/listinfo/intel-wired-lan
next prev parent reply other threads:[~2022-07-15 13:05 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-15 13:04 [RFC PATCH net-next v5 0/4] ice: PPPoE offload support Marcin Szycik
2022-07-15 13:04 ` [Intel-wired-lan] " Marcin Szycik
2022-07-15 13:04 ` Marcin Szycik [this message]
2022-07-15 13:04 ` [Intel-wired-lan] [RFC PATCH net-next v5 1/4] flow_dissector: Add PPPoE dissectors Marcin Szycik
2022-07-17 14:18 ` Guillaume Nault
2022-07-17 14:18 ` [Intel-wired-lan] " Guillaume Nault
2022-07-15 13:04 ` [RFC PATCH net-next v5 2/4] net/sched: flower: Add PPPoE filter Marcin Szycik
2022-07-15 13:04 ` [Intel-wired-lan] " Marcin Szycik
2022-07-15 13:04 ` [RFC PATCH net-next v5 3/4] flow_offload: Introduce flow_match_pppoe Marcin Szycik
2022-07-15 13:04 ` [Intel-wired-lan] " Marcin Szycik
2022-07-15 13:04 ` [RFC PATCH net-next v5 4/4] ice: Add support for PPPoE hardware offload Marcin Szycik
2022-07-15 13:04 ` [Intel-wired-lan] " Marcin Szycik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220715130430.160029-2-marcin.szycik@linux.intel.com \
--to=marcin.szycik@linux.intel.com \
--cc=alexandr.lobakin@intel.com \
--cc=anthony.l.nguyen@intel.com \
--cc=baowen.zheng@corigine.com \
--cc=boris.sukholitko@broadcom.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gnault@redhat.com \
--cc=gustavoars@kernel.org \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jesse.brandeburg@intel.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=komachi.yoshiki@gmail.com \
--cc=kuba@kernel.org \
--cc=kurt@linutronix.de \
--cc=michal.swiatkowski@linux.intel.com \
--cc=mostrows@speakeasy.net \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=paulb@nvidia.com \
--cc=paulus@samba.org \
--cc=simon.horman@corigine.com \
--cc=wojciech.drewek@intel.com \
--cc=xiyou.wangcong@gmail.com \
--cc=zhangkaiheb@126.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.