linux-imx

.. SPDX-License-Identifier: GPL-2.0

​

==================

BPF Flow Dissector

==================

​

Overview

========

​

Flow dissector is a routine that parses metadata out of the packets. It's

used in the various places in the networking subsystem (RFS, flow hash, etc).

​

BPF flow dissector is an attempt to reimplement C-based flow dissector logic

in BPF to gain all the benefits of BPF verifier (namely, limits on the

number of instructions and tail calls).

​

API

===

​

BPF flow dissector programs operate on an ``__sk_buff``. However, only the

limited set of fields is allowed: ``data``, ``data_end`` and ``flow_keys``.

``flow_keys`` is ``struct bpf_flow_keys`` and contains flow dissector input

and output arguments.

​

The inputs are:

  * ``nhoff`` - initial offset of the networking header

  * ``thoff`` - initial offset of the transport header, initialized to nhoff

  * ``n_proto`` - L3 protocol type, parsed out of L2 header

​

Flow dissector BPF program should fill out the rest of the ``struct

bpf_flow_keys`` fields. Input arguments ``nhoff/thoff/n_proto`` should be

also adjusted accordingly.

​

The return code of the BPF program is either BPF_OK to indicate successful

dissection, or BPF_DROP to indicate parsing error.

​

__sk_buff->data

===============

​

In the VLAN-less case, this is what the initial state of the BPF flow

dissector looks like::

​

  +------+------+------------+-----------+

  | DMAC | SMAC | ETHER_TYPE | L3_HEADER |

  +------+------+------------+-----------+

                              ^

                              |

                              +-- flow dissector starts here

​

​

.. code:: c

​

  skb->data + flow_keys->nhoff point to the first byte of L3_HEADER

  flow_keys->thoff = nhoff

  flow_keys->n_proto = ETHER_TYPE

​

In case of VLAN, flow dissector can be called with the two different states.

​

Pre-VLAN parsing::

​

  +------+------+------+-----+-----------+-----------+

  | DMAC | SMAC | TPID | TCI |ETHER_TYPE | L3_HEADER |

  +------+------+------+-----+-----------+-----------+

                        ^

                        |

                        +-- flow dissector starts here

​

.. code:: c

​

  skb->data + flow_keys->nhoff point the to first byte of TCI

  flow_keys->thoff = nhoff

  flow_keys->n_proto = TPID

​

Please note that TPID can be 802.1AD and, hence, BPF program would

have to parse VLAN information twice for double tagged packets.

​

​

Post-VLAN parsing::

​

  +------+------+------+-----+-----------+-----------+

  | DMAC | SMAC | TPID | TCI |ETHER_TYPE | L3_HEADER |

  +------+------+------+-----+-----------+-----------+

                                          ^

                                          |

                                          +-- flow dissector starts here

​

.. code:: c

​

  skb->data + flow_keys->nhoff point the to first byte of L3_HEADER

  flow_keys->thoff = nhoff

  flow_keys->n_proto = ETHER_TYPE

​