renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-10 06:34:17 +08:00
Code

net: flow_dissector: Add IPSEC dissector

Browse Source 
Support for dissecting IPSEC field SPI (which is
32bits in size) for ESP and AH packets.

Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Ratheesh Kannoth 2023-08-01 07:10:58 +05:30 committed by David S. Miller
parent d7301c4a73
commit a57c34a80c
2 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/net/flow_dissector.h
View File

@ -301,6 +301,14 @@ struct flow_dissector_key_l2tpv3 {
__be32 session_id; __be32 session_id;
}; };
/**
* struct flow_dissector_key_ipsec:
* @spi: identifier for a ipsec connection
*/
struct flow_dissector_key_ipsec {
__be32 spi;
};
/** /**
* struct flow_dissector_key_cfm * struct flow_dissector_key_cfm
* @mdl_ver: maintenance domain level (mdl) and cfm protocol version * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
@ -354,6 +362,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */ FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */ FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */ FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
FLOW_DISSECTOR_KEY_MAX, FLOW_DISSECTOR_KEY_MAX,
}; };

53
net/core/flow_dissector.c
View File

@ -205,6 +205,50 @@ static void __skb_flow_dissect_icmp(const struct sk_buff *skb,
skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen); skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen);
} }
static void __skb_flow_dissect_ah(const struct sk_buff *skb,
struct flow_dissector *flow_dissector,
void *target_container, const void *data,
int nhoff, int hlen)
{
struct flow_dissector_key_ipsec *key_ah;
struct ip_auth_hdr _hdr, *hdr;
if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))
return;
hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
if (!hdr)
return;
key_ah = skb_flow_dissector_target(flow_dissector,
FLOW_DISSECTOR_KEY_IPSEC,
target_container);
key_ah->spi = hdr->spi;
}
static void __skb_flow_dissect_esp(const struct sk_buff *skb,
struct flow_dissector *flow_dissector,
void *target_container, const void *data,
int nhoff, int hlen)
{
struct flow_dissector_key_ipsec *key_esp;
struct ip_esp_hdr _hdr, *hdr;
if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))
return;
hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
if (!hdr)
return;
key_esp = skb_flow_dissector_target(flow_dissector,
FLOW_DISSECTOR_KEY_IPSEC,
target_container);
key_esp->spi = hdr->spi;
}
static void __skb_flow_dissect_l2tpv3(const struct sk_buff *skb, static void __skb_flow_dissect_l2tpv3(const struct sk_buff *skb,
struct flow_dissector *flow_dissector, struct flow_dissector *flow_dissector,
void *target_container, const void *data, void *target_container, const void *data,
@ -1571,7 +1615,14 @@ ip_proto_again:
__skb_flow_dissect_l2tpv3(skb, flow_dissector, target_container, __skb_flow_dissect_l2tpv3(skb, flow_dissector, target_container,
data, nhoff, hlen); data, nhoff, hlen);
break; break;
case IPPROTO_ESP:
__skb_flow_dissect_esp(skb, flow_dissector, target_container,
data, nhoff, hlen);
break;
case IPPROTO_AH:
__skb_flow_dissect_ah(skb, flow_dissector, target_container,
data, nhoff, hlen);
break;
default: default:
break; break;
} }