Commit a57c34a8 authored by Ratheesh Kannoth's avatar Ratheesh Kannoth Committed by David S. Miller

net: flow_dissector: Add IPSEC dissector

Support for dissecting IPSEC field SPI (which is
32bits in size) for ESP and AH packets.
Signed-off-by: default avatarRatheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d7301c4a
...@@ -301,6 +301,14 @@ struct flow_dissector_key_l2tpv3 { ...@@ -301,6 +301,14 @@ struct flow_dissector_key_l2tpv3 {
__be32 session_id; __be32 session_id;
}; };
/**
* struct flow_dissector_key_ipsec:
* @spi: identifier for a ipsec connection
*/
struct flow_dissector_key_ipsec {
__be32 spi;
};
/** /**
* struct flow_dissector_key_cfm * struct flow_dissector_key_cfm
* @mdl_ver: maintenance domain level (mdl) and cfm protocol version * @mdl_ver: maintenance domain level (mdl) and cfm protocol version
...@@ -354,6 +362,7 @@ enum flow_dissector_key_id { ...@@ -354,6 +362,7 @@ enum flow_dissector_key_id {
FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */ FLOW_DISSECTOR_KEY_PPPOE, /* struct flow_dissector_key_pppoe */
FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */ FLOW_DISSECTOR_KEY_L2TPV3, /* struct flow_dissector_key_l2tpv3 */
FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */ FLOW_DISSECTOR_KEY_CFM, /* struct flow_dissector_key_cfm */
FLOW_DISSECTOR_KEY_IPSEC, /* struct flow_dissector_key_ipsec */
FLOW_DISSECTOR_KEY_MAX, FLOW_DISSECTOR_KEY_MAX,
}; };
......
...@@ -205,6 +205,50 @@ static void __skb_flow_dissect_icmp(const struct sk_buff *skb, ...@@ -205,6 +205,50 @@ static void __skb_flow_dissect_icmp(const struct sk_buff *skb,
skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen); skb_flow_get_icmp_tci(skb, key_icmp, data, thoff, hlen);
} }
static void __skb_flow_dissect_ah(const struct sk_buff *skb,
struct flow_dissector *flow_dissector,
void *target_container, const void *data,
int nhoff, int hlen)
{
struct flow_dissector_key_ipsec *key_ah;
struct ip_auth_hdr _hdr, *hdr;
if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))
return;
hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
if (!hdr)
return;
key_ah = skb_flow_dissector_target(flow_dissector,
FLOW_DISSECTOR_KEY_IPSEC,
target_container);
key_ah->spi = hdr->spi;
}
static void __skb_flow_dissect_esp(const struct sk_buff *skb,
struct flow_dissector *flow_dissector,
void *target_container, const void *data,
int nhoff, int hlen)
{
struct flow_dissector_key_ipsec *key_esp;
struct ip_esp_hdr _hdr, *hdr;
if (!dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_IPSEC))
return;
hdr = __skb_header_pointer(skb, nhoff, sizeof(_hdr), data, hlen, &_hdr);
if (!hdr)
return;
key_esp = skb_flow_dissector_target(flow_dissector,
FLOW_DISSECTOR_KEY_IPSEC,
target_container);
key_esp->spi = hdr->spi;
}
static void __skb_flow_dissect_l2tpv3(const struct sk_buff *skb, static void __skb_flow_dissect_l2tpv3(const struct sk_buff *skb,
struct flow_dissector *flow_dissector, struct flow_dissector *flow_dissector,
void *target_container, const void *data, void *target_container, const void *data,
...@@ -1571,7 +1615,14 @@ bool __skb_flow_dissect(const struct net *net, ...@@ -1571,7 +1615,14 @@ bool __skb_flow_dissect(const struct net *net,
__skb_flow_dissect_l2tpv3(skb, flow_dissector, target_container, __skb_flow_dissect_l2tpv3(skb, flow_dissector, target_container,
data, nhoff, hlen); data, nhoff, hlen);
break; break;
case IPPROTO_ESP:
__skb_flow_dissect_esp(skb, flow_dissector, target_container,
data, nhoff, hlen);
break;
case IPPROTO_AH:
__skb_flow_dissect_ah(skb, flow_dissector, target_container,
data, nhoff, hlen);
break;
default: default:
break; break;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment