Commit a57c34a8 authored by Ratheesh Kannoth's avatar Ratheesh Kannoth Committed by David S. Miller
Browse files

net: flow_dissector: Add IPSEC dissector 



Support for dissecting IPSEC field SPI (which is
32bits in size) for ESP and AH packets.

Signed-off-by: default avatarRatheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d7301c4a

include/net/flow_dissector.h

+9 −0
Original line number Diff line number Diff line
@@ -301,6 +301,14 @@ struct flow_dissector_key_l2tpv3 { 
	__be32 session_id;

};



/**

 * struct flow_dissector_key_ipsec:

 * @spi: identifier for a ipsec connection

 */

struct flow_dissector_key_ipsec {

	__be32 spi;

};



/**

 * struct flow_dissector_key_cfm

 * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
@@ -354,6 +362,7 @@ enum flow_dissector_key_id { 
	FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */

	FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */

	FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */

	FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */



	FLOW_DISSECTOR_KEY_MAX,

};

net/core/flow_dissector.c

+52 −1
Original line number Diff line number Diff line
@@ -205,6 +205,50 @@ static void __skb_flow_dissect_icmp(const struct sk_buff *skb, 
	skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen);

}



static void __skb_flow_dissect_ah(const struct sk_buff *skb,

				  struct flow_dissector *flow_dissector,

				  void *target_container, const void *data,

				  int nhoff, int hlen)

{

	struct flow_dissector_key_ipsec *key_ah;

	struct ip_auth_hdr _hdr, *hdr;



	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))

		return;



	hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);

	if (!hdr)

		return;



	key_ah = skb_flow_dissector_target(flow_dissector,

					   FLOW_DISSECTOR_KEY_IPSEC,

					   target_container);



	key_ah->spi = hdr->spi;

}



static void __skb_flow_dissect_esp(const struct sk_buff *skb,

				   struct flow_dissector *flow_dissector,

				   void *target_container, const void *data,

				   int nhoff, int hlen)

{

	struct flow_dissector_key_ipsec *key_esp;

	struct ip_esp_hdr _hdr, *hdr;



	if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))

		return;



	hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);

	if (!hdr)

		return;



	key_esp = skb_flow_dissector_target(flow_dissector,

					    FLOW_DISSECTOR_KEY_IPSEC,

					    target_container);



	key_esp->spi = hdr->spi;

}



static void __skb_flow_dissect_l2tpv3(const struct sk_buff *skb,

				      struct flow_dissector *flow_dissector,

				      void *target_container, const void *data,
@@ -1571,7 +1615,14 @@ bool __skb_flow_dissect(const struct net *net, 
		__skb_flow_dissect_l2tpv3(skb, flow_dissector, target_container,

					  data, nhoff, hlen);

		break;



	case IPPROTO_ESP:

		__skb_flow_dissect_esp(skb, flow_dissector, target_container,

				       data, nhoff, hlen);

		break;

	case IPPROTO_AH:

		__skb_flow_dissect_ah(skb, flow_dissector, target_container,

				      data, nhoff, hlen);

		break;

	default:

		break;

	}